Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-3294 |
|
Vulnerability in tp-link (CVE-2026-3294)
vulnerability in tp-link (CVE-2026-3294). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5817 |
|
Vulnerability in docker (CVE-2026-5817)
vulnerability in docker (CVE-2026-5817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5843 |
|
Vulnerability in docker (CVE-2026-5843)
vulnerability in docker (CVE-2026-5843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6406 |
|
Authorization Flaw in docker (CVE-2026-6406)
vulnerability in docker (CVE-2026-6406). Successful exploitation can lead to full system takeover.
|
| CVE-2022-34363 |
|
Vulnerability in dell (CVE-2022-34363)
vulnerability in dell (CVE-2022-34363). Data can be tampered with by attackers.
|
| CVE-2026-8672 |
|
Vulnerability in avantra (CVE-2026-8672)
vulnerability in avantra (CVE-2026-8672). Confidential information can be exposed externally.
|
| CVE-2026-8670 |
|
Vulnerability in avantra (CVE-2026-8670)
vulnerability in avantra (CVE-2026-8670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8673 |
|
Vulnerability in avantra (CVE-2026-8673)
vulnerability in avantra (CVE-2026-8673). Confidential information can be exposed externally.
|
| CVE-2026-9256 |
|
Vulnerability in nginx (CVE-2026-9256)
vulnerability in nginx (CVE-2026-9256). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.0, 1.30.2, 1.31.1` or later.
|
| CVE-2026-44930 |
|
Vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930)
vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-8671 |
|
Vulnerability in avantra (CVE-2026-8671)
vulnerability in avantra (CVE-2026-8671). Data can be tampered with by attackers.
|
| CVE-2026-44417 |
|
Vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417)
vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-5289 |
|
Vulnerability in Google chrome (CVE-2026-5289)
vulnerability in Google chrome (CVE-2026-5289). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47166 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-47166)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47166). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-47165 |
|
Information Disclosure in Magick.NET-Q16-AnyCPU (CVE-2026-47165)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47165). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-46693 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-46692 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-9104 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4070 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4070)
vulnerability in wordpress (CVE-2026-4070). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6864 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7249 |
|
Vulnerability in wordpress (CVE-2026-7249)
vulnerability in wordpress (CVE-2026-7249). Risk of unauthorized operations or information disclosure. Exploitable via ``init``.
|
| CVE-2026-7509 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
|
| CVE-2026-3481 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2518 |
|
Vulnerability in wordpress (CVE-2026-2518)
vulnerability in wordpress (CVE-2026-2518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4834 |
|
SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
|
| CVE-2026-7879 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7879)
vulnerability in concrete5/concrete5 (CVE-2026-7879). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-6960 |
|
Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4093 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4929 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8134 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8140 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8197 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-46643 |
|
OS Command Injection in KnpLabs/knp-snappy (CVE-2026-46643)
OS command injection in KnpLabs/knp-snappy (CVE-2026-46643). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-46683 |
|
SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2026-4843 |
|
Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48246 |
|
Vulnerability in CVE-2026-48246 (CVE-2026-48246)
vulnerability in CVE-2026-48246 (CVE-2026-48246). Confidential information can be exposed externally.
|
| CVE-2026-48245 |
|
Vulnerability in CVE-2026-48245 (CVE-2026-48245)
vulnerability in CVE-2026-48245 (CVE-2026-48245). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48247 |
|
Vulnerability in CVE-2026-48247 (CVE-2026-48247)
vulnerability in CVE-2026-48247 (CVE-2026-48247). Confidential information can be exposed externally.
|
| CVE-2026-48248 |
|
Vulnerability in CVE-2026-48248 (CVE-2026-48248)
vulnerability in CVE-2026-48248 (CVE-2026-48248). Confidential information can be exposed externally.
|
| CVE-2026-48244 |
|
Vulnerability in CVE-2026-48244 (CVE-2026-48244)
vulnerability in CVE-2026-48244 (CVE-2026-48244). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48249 |
|
Vulnerability in CVE-2026-48249 (CVE-2026-48249)
vulnerability in CVE-2026-48249 (CVE-2026-48249). Confidential information can be exposed externally.
|
| CVE-2026-48235 |
|
SQL Injection in sqli (CVE-2026-48235)
SQL injection in sqli (CVE-2026-48235). Confidential information can be exposed externally.
|
| CVE-2026-48237 |
|
SQL Injection in sqli (CVE-2026-48237)
SQL injection in sqli (CVE-2026-48237). Confidential information can be exposed externally.
|