Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-3004 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3004)
cross-site scripting in wordpress (CVE-2026-3004). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14767 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14767)
cross-site scripting in wordpress (CVE-2025-14767). Risk of unauthorized operations or information disclosure. Exploitable via ``wpcbm_best_seller``.
|
| CVE-2026-6965 |
|
Vulnerability in wordpress (CVE-2026-6965)
vulnerability in wordpress (CVE-2026-6965). Risk of unauthorized operations or information disclosure. Exploitable via ``course``.
|
| CVE-2026-6929 |
|
SQL Injection in wordpress (CVE-2026-6929)
SQL injection in wordpress (CVE-2026-6929). Confidential information can be exposed externally.
|
| CVE-2026-2725 |
|
Authorization Flaw in google (CVE-2026-2725)
vulnerability in google (CVE-2026-2725). Data can be tampered with by attackers.
|
| CVE-2026-21018 |
|
Out-of-Bounds Write in samsung (CVE-2026-21018)
out-of-bounds write in samsung (CVE-2026-21018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21020 |
|
Vulnerability in samsung (CVE-2026-21020)
vulnerability in samsung (CVE-2026-21020). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21021 |
|
Vulnerability in samsung (CVE-2026-21021)
vulnerability in samsung (CVE-2026-21021). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21022 |
|
Vulnerability in samsung (CVE-2026-21022)
vulnerability in samsung (CVE-2026-21022). Confidential information can be exposed externally.
|
| CVE-2025-14033 |
|
Vulnerability in wordpress (CVE-2025-14033)
vulnerability in wordpress (CVE-2025-14033). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7635 |
|
Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
|
| CVE-2026-6828 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6828)
cross-site scripting in wordpress (CVE-2026-6828). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6962 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6962)
cross-site scripting in wordpress (CVE-2026-6962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7051 |
|
Vulnerability in wordpress (CVE-2026-7051)
vulnerability in wordpress (CVE-2026-7051). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7619 |
|
SQL Injection in wordpress (CVE-2026-7619)
SQL injection in wordpress (CVE-2026-7619). Confidential information can be exposed externally.
|
| CVE-2025-9987 |
|
Information Disclosure in wordpress (CVE-2025-9987)
vulnerability in wordpress (CVE-2025-9987). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9988 |
|
Vulnerability in wordpress (CVE-2025-9988)
vulnerability in wordpress (CVE-2025-9988). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9989 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-9989)
cross-site scripting in wordpress (CVE-2025-9989). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14755 |
|
Vulnerability in wordpress (CVE-2025-14755)
vulnerability in wordpress (CVE-2025-14755). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8202 |
|
Vulnerability in mongodb (CVE-2026-8202)
vulnerability in mongodb (CVE-2026-8202). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.34, 8.0.23, 8.2.9, 8.3.2` or later.
|
| CVE-2026-8336 |
|
Use-After-Free in mongodb (CVE-2026-8336)
vulnerability in mongodb (CVE-2026-8336). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.9, 8.3.2` or later.
|
| CVE-2026-8053 |
|
Out-of-Bounds Write in mongodb (CVE-2026-8053)
out-of-bounds write in mongodb (CVE-2026-8053). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.0.33, 6.0.28, 7.0.34, 8.0.23, 8.2.9, 8.3.2` or later.
|
| CVE-2026-8199 |
|
Vulnerability in mongodb (CVE-2026-8199)
vulnerability in mongodb (CVE-2026-8199). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.34, 8.0.23, 8.2.9, 8.3.2` or later.
|
| CVE-2026-8200 |
|
Vulnerability in mongodb (CVE-2026-8200)
vulnerability in mongodb (CVE-2026-8200). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.34, 8.0.23, 8.2.9, 8.3.2` or later.
|
| CVE-2026-8201 |
|
Use-After-Free in mongodb (CVE-2026-8201)
vulnerability in mongodb (CVE-2026-8201). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.34, 8.0.23, 8.2.9, 8.3.2` or later.
|
| CVE-2026-44547 |
|
Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
|
| CVE-2026-44548 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-44548 (CVE-2026-44548)
vulnerability in CVE-2026-44548 (CVE-2026-44548). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-5371 |
|
Vulnerability in wordpress (CVE-2026-5371)
vulnerability in wordpress (CVE-2026-5371). Confidential information can be exposed externally.
|
| CVE-2026-42289 |
|
Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-41901 |
|
Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
|
| CVE-2026-1250 |
|
SQL Injection in wordpress (CVE-2026-1250)
SQL injection in wordpress (CVE-2026-1250). Confidential information can be exposed externally.
|
| CVE-2025-15463 |
|
Code Injection in wordpress (CVE-2025-15463)
code injection in wordpress (CVE-2025-15463). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44306 |
|
Vulnerability in statamic/cms (CVE-2026-44306)
vulnerability in statamic/cms (CVE-2026-44306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.21` or later.
|
| CVE-2026-44262 |
|
Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
|
| CVE-2026-44241 |
|
Vulnerability in io.micronaut:micronaut-context (CVE-2026-44241)
vulnerability in io.micronaut:micronaut-context (CVE-2026-44241). Risk of unauthorized operations or information disclosure. Exploitable via ``TimeConverterRegistrar``. Mitigation: upgrade to `3.8.14` or later.
|
| CVE-2026-44242 |
|
Vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242)
vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242). Risk of unauthorized operations or information disclosure. Exploitable via ``ResourceBundleMessageSource``. Mitigation: upgrade to `3.8.14` or later.
|
| CVE-2026-42268 |
|
Vulnerability in modsecurity (CVE-2026-42268)
vulnerability in modsecurity (CVE-2026-42268). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.15` or later.
|
| CVE-2026-40863 |
|
Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-40902 |
|
Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40902)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40902). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-44403 |
|
Code Injection in wftpserver (CVE-2026-44403)
code injection in wftpserver (CVE-2026-44403). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44010 |
|
Vulnerability in craftcms/cms (CVE-2026-44010)
vulnerability in craftcms/cms (CVE-2026-44010). Risk of unauthorized operations or information disclosure. Exploitable via ``true``. Mitigation: upgrade to `4.17.12` or later.
|
| CVE-2026-45185 |
|
Use-After-Free in exim (CVE-2026-45185)
vulnerability in exim (CVE-2026-45185). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34677 |
|
Vulnerability in adobe (CVE-2026-34677)
vulnerability in adobe (CVE-2026-34677). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34678 |
|
Vulnerability in adobe (CVE-2026-34678)
vulnerability in adobe (CVE-2026-34678). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34679 |
|
Vulnerability in adobe (CVE-2026-34679)
vulnerability in adobe (CVE-2026-34679). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34680 |
|
Vulnerability in adobe (CVE-2026-34680)
vulnerability in adobe (CVE-2026-34680). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34685 |
|
Vulnerability in adobe (CVE-2026-34685)
vulnerability in adobe (CVE-2026-34685). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34686 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34686)
cross-site scripting in adobe (CVE-2026-34686). Confidential information can be exposed externally.
|
| CVE-2026-34688 |
|
Vulnerability in adobe (CVE-2026-34688)
vulnerability in adobe (CVE-2026-34688). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34690 |
|
Vulnerability in adobe (CVE-2026-34690)
vulnerability in adobe (CVE-2026-34690). Successful exploitation can lead to full system takeover.
|