Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-4859 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4859)
cross-site scripting in wordpress (CVE-2026-4859). Risk of unauthorized operations or information disclosure. Exploitable via ``wpsbd_post_carousel``.
|
| CVE-2026-4920 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4920)
cross-site scripting in wordpress (CVE-2026-4920). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4663 |
|
Vulnerability in wordpress (CVE-2026-4663)
vulnerability in wordpress (CVE-2026-4663). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4301 |
|
Vulnerability in wordpress (CVE-2026-4301)
vulnerability in wordpress (CVE-2026-4301). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5693 |
|
Vulnerability in wordpress (CVE-2026-5693)
vulnerability in wordpress (CVE-2026-5693). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6237 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6237)
cross-site scripting in wordpress (CVE-2026-6237). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5340 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5340)
cross-site scripting in wordpress (CVE-2026-5340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5715 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5715)
cross-site scripting in wordpress (CVE-2026-5715). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6247 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6247)
cross-site scripting in wordpress (CVE-2026-6247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5028 |
|
SQL Injection in wordpress (CVE-2026-5028)
SQL injection in wordpress (CVE-2026-5028). Confidential information can be exposed externally.
|
| CVE-2026-2300 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2300)
cross-site scripting in wordpress (CVE-2026-2300). Risk of unauthorized operations or information disclosure. Exploitable via ``preg_replace``.
|
| CVE-2026-3604 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3604)
cross-site scripting in wordpress (CVE-2026-3604). Risk of unauthorized operations or information disclosure. Exploitable via ``_kcseo_ative_tab``.
|
| CVE-2026-2993 |
|
SQL Injection in wordpress (CVE-2026-2993)
SQL injection in wordpress (CVE-2026-2993). Confidential information can be exposed externally.
|
| CVE-2026-7255 |
|
Vulnerability in zyxel (CVE-2026-7255)
vulnerability in zyxel (CVE-2026-7255). Confidential information can be exposed externally.
|
| CVE-2026-7256 |
|
OS Command Injection in zyxel (CVE-2026-7256)
OS command injection in zyxel (CVE-2026-7256). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7257 |
|
Vulnerability in zyxel (CVE-2026-7257)
vulnerability in zyxel (CVE-2026-7257). Confidential information can be exposed externally.
|
| CVE-2026-7287 |
|
Vulnerability in dos (CVE-2026-7287)
vulnerability in dos (CVE-2026-7287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40135 |
|
Command Injection in sap (CVE-2026-40135)
command injection in sap (CVE-2026-40135). Data can be tampered with by attackers.
|
| CVE-2026-27682 |
|
Cross-Site Scripting (XSS) in sap (CVE-2026-27682)
cross-site scripting in sap (CVE-2026-27682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22796 |
|
Vulnerability in jvn (CVE-2026-22796)
vulnerability in jvn (CVE-2026-22796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3921 |
|
Vulnerability in Google chrome (CVE-2026-3921)
vulnerability in Google chrome (CVE-2026-3921). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43884 |
|
SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43884)
SSRF in wwbn/avideo (CVE-2026-43884). Confidential information can be exposed externally. Exploitable via `POST /plugin/AI/receiveAsync.json.php`.
|
| CVE-2026-43885 |
|
Information Disclosure in wwbn/avideo (CVE-2026-43885)
vulnerability in wwbn/avideo (CVE-2026-43885). Risk of unauthorized operations or information disclosure. Exploitable via ``APISecret``.
|
| CVE-2026-43877 |
|
Cross-Site Request Forgery (CSRF) in wwbn/avideo (CVE-2026-43877)
vulnerability in wwbn/avideo (CVE-2026-43877). Risk of unauthorized operations or information disclosure. Exploitable via ``autoCSRFGuard``.
|
| CVE-2026-43878 |
|
Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43878)
cross-site scripting in wwbn/avideo (CVE-2026-43878). Risk of unauthorized operations or information disclosure. Exploitable via ``user``.
|
| CVE-2026-43879 |
|
SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43879)
SSRF in wwbn/avideo (CVE-2026-43879). Risk of unauthorized operations or information disclosure. Exploitable via `POST /internal/admin/action`.
|
| CVE-2026-43880 |
|
Vulnerability in wwbn/avideo (CVE-2026-43880)
vulnerability in wwbn/avideo (CVE-2026-43880). Risk of unauthorized operations or information disclosure. Exploitable via `POST /objects/sendEmail.json.php`.
|
| CVE-2026-43881 |
|
Vulnerability in wwbn/avideo (CVE-2026-43881)
vulnerability in wwbn/avideo (CVE-2026-43881). Risk of unauthorized operations or information disclosure. Exploitable via ``isCompany``.
|
| CVE-2026-43883 |
|
Vulnerability in wwbn/avideo (CVE-2026-43883)
vulnerability in wwbn/avideo (CVE-2026-43883). Risk of unauthorized operations or information disclosure. Exploitable via ``agreement``.
|
| CVE-2026-43873 |
|
Vulnerability in wwbn/avideo (CVE-2026-43873)
vulnerability in wwbn/avideo (CVE-2026-43873). Confidential information can be exposed externally. Exploitable via ``cloneSiteURL``.
|
| CVE-2026-43875 |
|
Vulnerability in wwbn/avideo (CVE-2026-43875)
vulnerability in wwbn/avideo (CVE-2026-43875). Confidential information can be exposed externally. Exploitable via `GET /plugin/MobileManager/oauth2.php`.
|
| CVE-2026-43876 |
|
Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43876)
cross-site scripting in wwbn/avideo (CVE-2026-43876). Risk of unauthorized operations or information disclosure. Exploitable via ``message``.
|
| CVE-2026-42188 |
|
SSRF (Server-Side Request Forgery) in org.geysermc.geyser:core (CVE-2026-42188)
SSRF in org.geysermc.geyser:core (CVE-2026-42188). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.9.3` or later.
|
| CVE-2026-42600 |
|
Path Traversal in github.com/minio/minio (CVE-2026-42600)
path traversal in github.com/minio/minio (CVE-2026-42600). Confidential information can be exposed externally. Exploitable via `POST /minio/storage/{drivePath}/v63/rmpl`. Mitigation: upgrade to `0.0.0-20260414213245` or later.
|
| CVE-2026-39871 |
|
Vulnerability in apple (CVE-2026-39871)
vulnerability in apple (CVE-2026-39871). Confidential information can be exposed externally.
|
| CVE-2026-43653 |
|
Vulnerability in apple (CVE-2026-43653)
vulnerability in apple (CVE-2026-43653). Confidential information can be exposed externally.
|
| CVE-2026-39869 |
|
Vulnerability in apple (CVE-2026-39869)
vulnerability in apple (CVE-2026-39869). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43661 |
|
Vulnerability in apple (CVE-2026-43661)
vulnerability in apple (CVE-2026-43661). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43654 |
|
Vulnerability in apple (CVE-2026-43654)
vulnerability in apple (CVE-2026-43654). Confidential information can be exposed externally.
|
| CVE-2026-43659 |
|
Vulnerability in apple (CVE-2026-43659)
vulnerability in apple (CVE-2026-43659). Confidential information can be exposed externally.
|
| CVE-2026-28996 |
|
Vulnerability in apple (CVE-2026-28996)
vulnerability in apple (CVE-2026-28996). Confidential information can be exposed externally.
|
| CVE-2026-43668 |
|
Use-After-Free in apple (CVE-2026-43668)
vulnerability in apple (CVE-2026-43668). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43660 |
|
Vulnerability in apple (CVE-2026-43660)
vulnerability in apple (CVE-2026-43660). Confidential information can be exposed externally.
|
| CVE-2026-43656 |
|
Out-of-Bounds Write in apple (CVE-2026-43656)
out-of-bounds write in apple (CVE-2026-43656). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43666 |
|
Out-of-Bounds Write in apple (CVE-2026-43666)
out-of-bounds write in apple (CVE-2026-43666). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39870 |
|
Buffer Overflow in apple (CVE-2026-39870)
vulnerability in apple (CVE-2026-39870). Confidential information can be exposed externally.
|
| CVE-2026-43658 |
|
Buffer Overflow in apple (CVE-2026-43658)
vulnerability in apple (CVE-2026-43658). Confidential information can be exposed externally.
|
| CVE-2026-43652 |
|
Vulnerability in apple (CVE-2026-43652)
vulnerability in apple (CVE-2026-43652). Confidential information can be exposed externally.
|
| CVE-2026-43655 |
|
Out-of-Bounds Read in apple (CVE-2026-43655)
vulnerability in apple (CVE-2026-43655). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28954 |
|
Vulnerability in apple (CVE-2026-28954)
vulnerability in apple (CVE-2026-28954). Confidential information can be exposed externally.
|