Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-2021 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2021)
cross-site scripting in wordpress (CVE-2026-2021). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8039 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8039)
cross-site scripting in wordpress (CVE-2026-8039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44727 |
|
Cross-Site Scripting (XSS) in jupyter-server (CVE-2026-44727)
cross-site scripting in jupyter-server (CVE-2026-44727). Risk of unauthorized operations or information disclosure. Exploitable via ``nbconvert.HTMLExporter``. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-55746 |
|
Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
|
| CVE-2026-55745 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9815 |
|
Vulnerability in wordpress (CVE-2026-9815)
vulnerability in wordpress (CVE-2026-9815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12136 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12136)
cross-site scripting in wordpress (CVE-2026-12136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12137 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12137)
cross-site scripting in wordpress (CVE-2026-12137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11395 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11395)
SSRF in wordpress (CVE-2026-11395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12111 |
|
Information Disclosure in wordpress (CVE-2026-12111)
vulnerability in wordpress (CVE-2026-12111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12098 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12098)
cross-site scripting in wordpress (CVE-2026-12098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12102 |
|
Vulnerability in wordpress (CVE-2026-12102)
vulnerability in wordpress (CVE-2026-12102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28573 |
|
Vulnerability in dos (CVE-2026-28573)
vulnerability in dos (CVE-2026-28573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11360 |
|
SQL Injection in wordpress (CVE-2026-11360)
SQL injection in wordpress (CVE-2026-11360). Confidential information can be exposed externally.
|
| CVE-2026-11402 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11358 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11777 |
|
SQL Injection in wordpress (CVE-2026-11777)
SQL injection in wordpress (CVE-2026-11777). Confidential information can be exposed externally.
|
| CVE-2026-12120 |
|
Information Disclosure in wordpress (CVE-2026-12120)
vulnerability in wordpress (CVE-2026-12120). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9199 |
|
Vulnerability in wordpress (CVE-2026-9199)
vulnerability in wordpress (CVE-2026-9199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11784 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-11784)
vulnerability in wordpress (CVE-2026-11784). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12093 |
|
Vulnerability in wordpress (CVE-2026-12093)
vulnerability in wordpress (CVE-2026-12093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11776 |
|
SQL Injection in wordpress (CVE-2026-11776)
SQL injection in wordpress (CVE-2026-11776). Confidential information can be exposed externally.
|
| CVE-2026-11357 |
|
Information Disclosure in wordpress (CVE-2026-11357)
vulnerability in wordpress (CVE-2026-11357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55740 |
|
SQL Injection in sqli (CVE-2026-55740)
SQL injection in sqli (CVE-2026-55740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12407 |
|
Vulnerability in wordpress (CVE-2026-12407)
vulnerability in wordpress (CVE-2026-12407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10029 |
|
Vulnerability in wordpress (CVE-2026-10029)
vulnerability in wordpress (CVE-2026-10029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10023 |
|
Vulnerability in wordpress (CVE-2026-10023)
vulnerability in wordpress (CVE-2026-10023). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10736 |
|
SQL Injection in wordpress (CVE-2026-10736)
SQL injection in wordpress (CVE-2026-10736). Confidential information can be exposed externally.
|
| CVE-2026-10623 |
|
Vulnerability in wordpress (CVE-2026-10623)
vulnerability in wordpress (CVE-2026-10623). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50196 |
|
Vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196)
vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196). Risk of unauthorized operations or information disclosure. Exploitable via ``DataCenterInfo.FromJson``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-48991 |
|
Authentication Bypass in CVE-2026-48991 (CVE-2026-48991)
authentication bypass in CVE-2026-48991 (CVE-2026-48991). Confidential information can be exposed externally.
|
| CVE-2026-48820 |
|
Path Traversal in cakephp/cakephp (CVE-2026-48820)
path traversal in cakephp/cakephp (CVE-2026-48820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.5.11` or later.
|
| CVE-2026-50107 |
|
Vulnerability in nginx (CVE-2026-50107)
vulnerability in nginx (CVE-2026-50107). Confidential information can be exposed externally.
|
| CVE-2026-32682 |
|
Vulnerability in nginx (CVE-2026-32682)
vulnerability in nginx (CVE-2026-32682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12529 |
|
Vulnerability in CVE-2026-12529 (CVE-2026-12529)
vulnerability in CVE-2026-12529 (CVE-2026-12529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48979 |
|
Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
|
| CVE-2026-48822 |
|
Cross-Site Scripting (XSS) in CVE-2026-48822 (CVE-2026-48822)
cross-site scripting in CVE-2026-48822 (CVE-2026-48822). Confidential information can be exposed externally.
|
| CVE-2026-55471 |
|
XXE (XML External Entity) in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471). Risk of unauthorized operations or information disclosure. Exploitable via `GET /evil-fhir-xslt-ssrf.dtd`. Mitigation: upgrade to `6.9.10` or later.
|
| CVE-2026-55470 |
|
Vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470). Risk of unauthorized operations or information disclosure. Exploitable via ``RegexTimeout``. Mitigation: upgrade to `6.9.10` or later.
|
| CVE-2026-55450 |
|
Information Disclosure in langflow (CVE-2026-55450)
vulnerability in langflow (CVE-2026-55450). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/upload/{flow_id}`. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-55760 |
|
Path Traversal in com.github.jknack:handlebars (CVE-2026-55760)
path traversal in com.github.jknack:handlebars (CVE-2026-55760). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.2` or later.
|
| CVE-2026-55409 |
|
Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
|
| CVE-2026-35069 |
|
SQL Injection in sqli (CVE-2026-35069)
SQL injection in sqli (CVE-2026-35069). Confidential information can be exposed externally.
|
| CVE-2026-32652 |
|
Vulnerability in dell (CVE-2026-32652)
vulnerability in dell (CVE-2026-32652). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35068 |
|
SQL Injection in sqli (CVE-2026-35068)
SQL injection in sqli (CVE-2026-35068). Risk of unauthorized operations or information disclosure.
|