Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-37266 |
|
Vulnerability in CVE-2026-37266 (CVE-2026-37266)
vulnerability in CVE-2026-37266 (CVE-2026-37266). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7797 |
|
SQL Injection in wordpress (CVE-2026-7797)
SQL injection in wordpress (CVE-2026-7797). Confidential information can be exposed externally.
|
| CVE-2026-9227 |
|
Unrestricted File Upload in wordpress (CVE-2026-9227)
vulnerability in wordpress (CVE-2026-9227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6455 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
|
| CVE-2026-9009 |
|
Unrestricted File Upload in wordpress (CVE-2026-9009)
vulnerability in wordpress (CVE-2026-9009). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2374 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
|
| CVE-2026-4868 |
|
Vulnerability in gitlab (CVE-2026-4868)
vulnerability in gitlab (CVE-2026-4868). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
|
| CVE-2026-44460 |
|
Information Disclosure in CVE-2026-44460 (CVE-2026-44460)
vulnerability in CVE-2026-44460 (CVE-2026-44460). Confidential information can be exposed externally. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-42790 |
|
Vulnerability in erlang (CVE-2026-42790)
vulnerability in erlang (CVE-2026-42790). Confidential information can be exposed externally.
|
| CVE-2026-1933 |
|
Vulnerability in redhat (CVE-2026-1933)
vulnerability in redhat (CVE-2026-1933). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48920 |
|
Vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920)
vulnerability in org.jenkins-ci.plugins:email-ext (CVE-2026-48920). Successful exploitation can lead to full system takeover. Exploitable via ``base64``. Mitigation: upgrade to `1933.1935.v276319e3cc47` or later.
|
| CVE-2026-48921 |
|
Vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921)
vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `798.v5cc688825312` or later.
|
| CVE-2026-48922 |
|
Path Traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922)
path traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `725.ve52b` or later.
|
| CVE-2026-37713 |
|
Code Injection in CVE-2026-37713 (CVE-2026-37713)
code injection in CVE-2026-37713 (CVE-2026-37713). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37711 |
|
Code Injection in CVE-2026-37711 (CVE-2026-37711)
code injection in CVE-2026-37711 (CVE-2026-37711). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37712 |
|
Code Injection in CVE-2026-37712 (CVE-2026-37712)
code injection in CVE-2026-37712 (CVE-2026-37712). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7528 |
|
Vulnerability in dos (CVE-2026-7528)
vulnerability in dos (CVE-2026-7528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48972 |
|
Vulnerability in CVE-2026-48972 (CVE-2026-48972)
vulnerability in CVE-2026-48972 (CVE-2026-48972). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46052 |
|
Vulnerability in c (CVE-2026-46052)
vulnerability in c (CVE-2026-46052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42762 |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
| CVE-2026-42746 |
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
|
| CVE-2026-42735 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
| CVE-2026-42737 |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
| CVE-2026-42745 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
| CVE-2026-42730 |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
|
| CVE-2026-3012 |
|
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
|
| CVE-2026-40833 |
|
SQL Injection in sqli (CVE-2026-40833)
SQL injection in sqli (CVE-2026-40833). Confidential information can be exposed externally.
|
| CVE-2026-40834 |
|
SQL Injection in sqli (CVE-2026-40834)
SQL injection in sqli (CVE-2026-40834). Confidential information can be exposed externally.
|
| CVE-2026-8832 |
|
Code Injection in wordpress (CVE-2026-8832)
code injection in wordpress (CVE-2026-8832). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40814 |
|
SQL Injection in sqli (CVE-2026-40814)
SQL injection in sqli (CVE-2026-40814). Confidential information can be exposed externally.
|
| CVE-2026-40816 |
|
SQL Injection in sqli (CVE-2026-40816)
SQL injection in sqli (CVE-2026-40816). Confidential information can be exposed externally.
|
| CVE-2026-6169 |
|
Code Injection in wordpress (CVE-2026-6169)
code injection in wordpress (CVE-2026-6169). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9200 |
|
Vulnerability in wordpress (CVE-2026-9200)
vulnerability in wordpress (CVE-2026-9200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9606 |
|
Vulnerability in sqli (CVE-2026-9606)
vulnerability in sqli (CVE-2026-9606). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9584 |
|
A security vulnerability has been detected in code-projects Project Management System 1.0....
A security vulnerability has been detected in code-projects Project Management System 1.0....
|
| CVE-2025-46284 |
|
Vulnerability in apple (CVE-2025-46284)
vulnerability in apple (CVE-2025-46284). Successful exploitation can lead to full system takeover.
|
| CVE-2025-43306 |
|
Privilege Escalation in apple (CVE-2025-43306)
vulnerability in apple (CVE-2025-43306). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9575 |
|
Vulnerability in sqli (CVE-2026-9575)
vulnerability in sqli (CVE-2026-9575). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9573 |
|
Vulnerability in sqli (CVE-2026-9573)
vulnerability in sqli (CVE-2026-9573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9574 |
|
Vulnerability in sqli (CVE-2026-9574)
vulnerability in sqli (CVE-2026-9574). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8855 |
|
Code Injection in dos (CVE-2026-8855)
code injection in dos (CVE-2026-8855). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8856 |
|
Vulnerability in dos (CVE-2026-8856)
vulnerability in dos (CVE-2026-8856). Data can be tampered with by attackers.
|
| CVE-2026-8835 |
|
Vulnerability in dos (CVE-2026-8835)
vulnerability in dos (CVE-2026-8835). Confidential information can be exposed externally.
|
| CVE-2026-8854 |
|
Vulnerability in dos (CVE-2026-8854)
vulnerability in dos (CVE-2026-8854). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8834 |
|
Vulnerability in dos (CVE-2026-8834)
vulnerability in dos (CVE-2026-8834). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48695 |
|
OS Command Injection in pavel-odintsov (CVE-2026-48695)
OS command injection in pavel-odintsov (CVE-2026-48695). Confidential information can be exposed externally. Exploitable via ``date``.
|
| CVE-2026-48694 |
|
Command Injection in pavel-odintsov (CVE-2026-48694)
command injection in pavel-odintsov (CVE-2026-48694). Confidential information can be exposed externally.
|
| CVE-2026-8850 |
|
Vulnerability in dos (CVE-2026-8850)
vulnerability in dos (CVE-2026-8850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48897 |
|
Joomla! Core - [20260512] - MFA Authentication Bypass
Joomla! Core - [20260512] - MFA Authentication Bypass
|
| CVE-2026-48896 |
|
Joomla! Core - [20260511] - MFA Authentication Bypass
Joomla! Core - [20260511] - MFA Authentication Bypass
|