Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45249 |
|
Cross-Site Scripting (XSS) in echarts (CVE-2026-45249)
cross-site scripting in echarts (CVE-2026-45249). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.0` or later.
|
| CVE-2026-9438 |
|
Vulnerability in CVE-2026-9438 (CVE-2026-9438)
vulnerability in CVE-2026-9438 (CVE-2026-9438). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41863 |
|
Path Traversal in org.springframework.ai:spring-ai-anthropic (CVE-2026-41863)
path traversal in org.springframework.ai:spring-ai-anthropic (CVE-2026-41863). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.7` or later.
|
| CVE-2026-9418 |
|
Cross-Site Scripting (XSS) in CVE-2026-9418 (CVE-2026-9418)
cross-site scripting in CVE-2026-9418 (CVE-2026-9418). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9421 |
|
Vulnerability in CVE-2026-9421 (CVE-2026-9421)
vulnerability in CVE-2026-9421 (CVE-2026-9421). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9419 |
|
Cross-Site Scripting (XSS) in CVE-2026-9419 (CVE-2026-9419)
cross-site scripting in CVE-2026-9419 (CVE-2026-9419). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9417 |
|
Cross-Site Scripting (XSS) in CVE-2026-9417 (CVE-2026-9417)
cross-site scripting in CVE-2026-9417 (CVE-2026-9417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9416 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-9416)
cross-site scripting in c (CVE-2026-9416). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9411 |
|
Vulnerability in sqli (CVE-2026-9411)
vulnerability in sqli (CVE-2026-9411). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9413 |
|
Cross-Site Scripting (XSS) in CVE-2026-9413 (CVE-2026-9413)
cross-site scripting in CVE-2026-9413 (CVE-2026-9413). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9415 |
|
Cross-Site Scripting (XSS) in CVE-2026-9415 (CVE-2026-9415)
cross-site scripting in CVE-2026-9415 (CVE-2026-9415). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9414 |
|
Cross-Site Scripting (XSS) in CVE-2026-9414 (CVE-2026-9414)
cross-site scripting in CVE-2026-9414 (CVE-2026-9414). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48832 |
|
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
|
| CVE-2026-9383 |
|
Vulnerability in sqli (CVE-2026-9383)
vulnerability in sqli (CVE-2026-9383). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9377 |
|
Cross-Site Scripting (XSS) in CVE-2026-9377 (CVE-2026-9377)
cross-site scripting in CVE-2026-9377 (CVE-2026-9377). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9370 |
|
Vulnerability in com.github.ulisesbocchio:jasypt-spring-boot (CVE-2026-9370)
vulnerability in com.github.ulisesbocchio:jasypt-spring-boot (CVE-2026-9370). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9364 |
|
Vulnerability in sqli (CVE-2026-9364)
vulnerability in sqli (CVE-2026-9364). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9356 |
|
Vulnerability in sqli (CVE-2026-9356)
vulnerability in sqli (CVE-2026-9356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9355 |
|
Vulnerability in sqli (CVE-2026-9355)
vulnerability in sqli (CVE-2026-9355). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9342 |
|
Vulnerability in sqli (CVE-2026-9342)
vulnerability in sqli (CVE-2026-9342). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25350 |
|
Vulnerability in CVE-2018-25350 (CVE-2018-25350)
vulnerability in CVE-2018-25350 (CVE-2018-25350). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25349 |
|
Cross-Site Scripting (XSS) in CVE-2018-25349 (CVE-2018-25349)
cross-site scripting in CVE-2018-25349 (CVE-2018-25349). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25352 |
|
SQL Injection in wordpress (CVE-2018-25352)
SQL injection in wordpress (CVE-2018-25352). Confidential information can be exposed externally.
|
| CVE-2018-25357 |
|
Code Injection in dolibarr/dolibarr (CVE-2018-25357)
code injection in dolibarr/dolibarr (CVE-2018-25357). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.8` or later.
|
| CVE-2018-25347 |
|
SQL Injection in wordpress (CVE-2018-25347)
SQL injection in wordpress (CVE-2018-25347). Confidential information can be exposed externally.
|
| CVE-2018-25343 |
|
Cross-Site Request Forgery (CSRF) in CVE-2018-25343 (CVE-2018-25343)
vulnerability in CVE-2018-25343 (CVE-2018-25343). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25346 |
|
SQL Injection in wordpress (CVE-2018-25346)
SQL injection in wordpress (CVE-2018-25346). Confidential information can be exposed externally.
|
| CVE-2018-25340 |
|
SQL Injection in sqli (CVE-2018-25340)
SQL injection in sqli (CVE-2018-25340). Confidential information can be exposed externally.
|
| CVE-2026-9302 |
|
Vulnerability in CVE-2026-9302 (CVE-2026-9302)
vulnerability in CVE-2026-9302 (CVE-2026-9302). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25342 |
|
SQL Injection in sqli (CVE-2018-25342)
SQL injection in sqli (CVE-2018-25342). Confidential information can be exposed externally.
|
| CVE-2018-25341 |
|
SQL Injection in sqli (CVE-2018-25341)
SQL injection in sqli (CVE-2018-25341). Confidential information can be exposed externally.
|
| CVE-2026-43503 |
|
Vulnerability in c (CVE-2026-43503)
vulnerability in c (CVE-2026-43503). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6898 |
|
Privilege Escalation in wordpress (CVE-2026-6898)
vulnerability in wordpress (CVE-2026-6898). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9284 |
|
Vulnerability in wordpress (CVE-2026-9284)
vulnerability in wordpress (CVE-2026-9284). Confidential information can be exposed externally.
|
| CVE-2026-6419 |
|
Privilege Escalation in wordpress (CVE-2026-6419)
vulnerability in wordpress (CVE-2026-6419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6895 |
|
Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6897 |
|
Privilege Escalation in wordpress (CVE-2026-6897)
vulnerability in wordpress (CVE-2026-6897). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42827 |
|
Command Injection in microsoft (CVE-2026-42827)
command injection in microsoft (CVE-2026-42827). Confidential information can be exposed externally.
|
| CVE-2026-42901 |
|
Vulnerability in microsoft (CVE-2026-42901)
vulnerability in microsoft (CVE-2026-42901). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47280 |
|
Authentication Bypass in microsoft (CVE-2026-47280)
authentication bypass in microsoft (CVE-2026-47280). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45659 KEV |
|
[KEV] Unsafe Deserialization in Microsoft deserialization (CVE-2026-45659)
vulnerability in Microsoft deserialization (CVE-2026-45659). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40411 |
|
Vulnerability in microsoft (CVE-2026-40411)
vulnerability in microsoft (CVE-2026-40411). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40412 |
|
Unrestricted File Upload in microsoft (CVE-2026-40412)
vulnerability in microsoft (CVE-2026-40412). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41104 |
|
Unsafe Deserialization in deserialization (CVE-2026-41104)
vulnerability in deserialization (CVE-2026-41104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41090 |
|
Command Injection in microsoft (CVE-2026-41090)
command injection in microsoft (CVE-2026-41090). Confidential information can be exposed externally.
|
| CVE-2026-23663 |
|
Privilege Escalation in microsoft (CVE-2026-23663)
vulnerability in microsoft (CVE-2026-23663). Confidential information can be exposed externally.
|
| CVE-2026-23652 |
|
Command Injection in microsoft (CVE-2026-23652)
command injection in microsoft (CVE-2026-23652). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26147 |
|
Vulnerability in microsoft (CVE-2026-26147)
vulnerability in microsoft (CVE-2026-26147). Confidential information can be exposed externally.
|
| CVE-2026-33843 |
|
Vulnerability in microsoft (CVE-2026-33843)
vulnerability in microsoft (CVE-2026-33843). Confidential information can be exposed externally.
|
| CVE-2026-35430 |
|
Vulnerability in microsoft (CVE-2026-35430)
vulnerability in microsoft (CVE-2026-35430). Successful exploitation can lead to full system takeover.
|