Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9120 |
|
Use-After-Free in google (CVE-2026-9120)
vulnerability in google (CVE-2026-9120). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9119 |
|
Vulnerability in google (CVE-2026-9119)
vulnerability in google (CVE-2026-9119). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9118 |
|
Use-After-Free in google (CVE-2026-9118)
vulnerability in google (CVE-2026-9118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9117 |
|
Vulnerability in google (CVE-2026-9117)
vulnerability in google (CVE-2026-9117). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9116 |
|
Vulnerability in google (CVE-2026-9116)
vulnerability in google (CVE-2026-9116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9115 |
|
Vulnerability in google (CVE-2026-9115)
vulnerability in google (CVE-2026-9115). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9114 |
|
Use-After-Free in google (CVE-2026-9114)
vulnerability in google (CVE-2026-9114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9113 |
|
Out-of-Bounds Read in google (CVE-2026-9113)
vulnerability in google (CVE-2026-9113). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9112 |
|
Use-After-Free in google (CVE-2026-9112)
vulnerability in google (CVE-2026-9112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9082 KEV |
|
[KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
|
| CVE-2026-9111 |
|
Use-After-Free in Google chrome (CVE-2026-9111)
vulnerability in Google chrome (CVE-2026-9111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9110 |
|
Vulnerability in google (CVE-2026-9110)
vulnerability in google (CVE-2026-9110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35016 |
|
Cross-Site Scripting (XSS) in CVE-2026-35016 (CVE-2026-35016)
cross-site scripting in CVE-2026-35016 (CVE-2026-35016). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35009 |
|
Cross-Site Scripting (XSS) in CVE-2026-35009 (CVE-2026-35009)
cross-site scripting in CVE-2026-35009 (CVE-2026-35009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35010 |
|
Cross-Site Scripting (XSS) in CVE-2026-35010 (CVE-2026-35010)
cross-site scripting in CVE-2026-35010 (CVE-2026-35010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35011 |
|
Cross-Site Scripting (XSS) in CVE-2026-35011 (CVE-2026-35011)
cross-site scripting in CVE-2026-35011 (CVE-2026-35011). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35012 |
|
Cross-Site Scripting (XSS) in CVE-2026-35012 (CVE-2026-35012)
cross-site scripting in CVE-2026-35012 (CVE-2026-35012). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35013 |
|
Cross-Site Scripting (XSS) in CVE-2026-35013 (CVE-2026-35013)
cross-site scripting in CVE-2026-35013 (CVE-2026-35013). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35014 |
|
Cross-Site Scripting (XSS) in CVE-2026-35014 (CVE-2026-35014)
cross-site scripting in CVE-2026-35014 (CVE-2026-35014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35015 |
|
Cross-Site Scripting (XSS) in CVE-2026-35015 (CVE-2026-35015)
cross-site scripting in CVE-2026-35015 (CVE-2026-35015). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35007 |
|
Cross-Site Scripting (XSS) in CVE-2026-35007 (CVE-2026-35007)
cross-site scripting in CVE-2026-35007 (CVE-2026-35007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35008 |
|
Cross-Site Scripting (XSS) in CVE-2026-35008 (CVE-2026-35008)
cross-site scripting in CVE-2026-35008 (CVE-2026-35008). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2813 |
|
Open Redirect in esri (CVE-2026-2813)
vulnerability in esri (CVE-2026-2813). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2812 |
|
Authentication Bypass in esri (CVE-2026-2812)
authentication bypass in esri (CVE-2026-2812). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24217 |
|
Vulnerability in path-traversal (CVE-2026-24217)
vulnerability in path-traversal (CVE-2026-24217). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24216 |
|
Unsafe Deserialization in dos (CVE-2026-24216)
vulnerability in dos (CVE-2026-24216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
cross-site scripting in wordpress (CVE-2026-7613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44923 |
|
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
|
| CVE-2026-44924 |
|
InfoScale VIOM 9.1.3 allows XSS.
InfoScale VIOM 9.1.3 allows XSS.
|
| CVE-2026-44925 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-44925)
vulnerability in csrf (CVE-2026-44925). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8486 |
|
Vulnerability in progress (CVE-2026-8486)
vulnerability in progress (CVE-2026-8486). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8487 |
|
Vulnerability in progress (CVE-2026-8487)
vulnerability in progress (CVE-2026-8487). Confidential information can be exposed externally.
|
| CVE-2026-8488 |
|
Vulnerability in progress (CVE-2026-8488)
vulnerability in progress (CVE-2026-8488). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-32750 |
|
Vulnerability in dell (CVE-2025-32750)
vulnerability in dell (CVE-2025-32750). Confidential information can be exposed externally.
|
| CVE-2026-20199 |
|
Vulnerability in Cisco thousandeyes-virtual-appliance (CVE-2026-20199)
vulnerability in Cisco thousandeyes-virtual-appliance (CVE-2026-20199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20206 |
|
OS Command Injection in cisco (CVE-2026-20206)
OS command injection in cisco (CVE-2026-20206). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20171 |
|
Vulnerability in Cisco dos (CVE-2026-20171)
vulnerability in Cisco dos (CVE-2026-20171). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20223 |
|
Vulnerability in Cisco secure-workload (CVE-2026-20223)
vulnerability in Cisco secure-workload (CVE-2026-20223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35676 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35676)
vulnerability in thorsten/phpmyfaq (CVE-2026-35676). Data can be tampered with by attackers. Exploitable via `PUT /api/index.php/user/password/update`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-56268 |
|
Authorization Flaw in flowise (CVE-2026-56268)
vulnerability in flowise (CVE-2026-56268). Confidential information can be exposed externally. Exploitable via ``keyonly``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-8485 |
|
Vulnerability in progress (CVE-2026-8485)
vulnerability in progress (CVE-2026-8485). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24425 |
|
Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-45584 |
|
Vulnerability in microsoft (CVE-2026-45584)
vulnerability in microsoft (CVE-2026-45584). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45498 KEV |
|
Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
|
| CVE-2026-42834 |
|
Vulnerability in microsoft (CVE-2026-42834)
vulnerability in microsoft (CVE-2026-42834). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41091 KEV |
|
[KEV] Vulnerability in Microsoft malware-protection-engine (CVE-2026-41091)
vulnerability in Microsoft malware-protection-engine (CVE-2026-41091). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-29518 |
|
Vulnerability in privilege-escalation (CVE-2026-29518)
vulnerability in privilege-escalation (CVE-2026-29518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6728 |
|
Information Disclosure in wordpress (CVE-2026-6728)
vulnerability in wordpress (CVE-2026-6728). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9065 |
|
SQL Injection in wordpress (CVE-2026-9065)
SQL injection in wordpress (CVE-2026-9065). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6405 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
|