Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-4259 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
cross-site scripting in wordpress (CVE-2026-4259). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6858 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
cross-site scripting in wordpress (CVE-2026-6858). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66336 |
|
SQL Injection in apache (CVE-2025-66336)
SQL injection in apache (CVE-2025-66336). Confidential information can be exposed externally.
|
| CVE-2026-44914 |
|
Vulnerability in apache (CVE-2026-44914)
vulnerability in apache (CVE-2026-44914). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56382 |
|
Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52911 |
|
Vulnerability in linux (CVE-2026-52911)
vulnerability in linux (CVE-2026-52911). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12775 |
|
Vulnerability in sqli (CVE-2026-12775)
vulnerability in sqli (CVE-2026-12775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56345 |
|
Authentication Bypass in CVE-2026-56345 (CVE-2026-56345)
authentication bypass in CVE-2026-56345 (CVE-2026-56345). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56341 |
|
Vulnerability in csharp (CVE-2026-56341)
vulnerability in csharp (CVE-2026-56341). Confidential information can be exposed externally.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2026-11912 |
|
Vulnerability in wordpress (CVE-2026-11912)
vulnerability in wordpress (CVE-2026-11912). Data can be tampered with by attackers.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-32208 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47645 |
|
Open Redirect in microsoft (CVE-2026-47645)
vulnerability in microsoft (CVE-2026-47645). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54357 |
|
Vulnerability in CVE-2023-54357 (CVE-2023-54357)
vulnerability in CVE-2023-54357 (CVE-2023-54357). Confidential information can be exposed externally.
|
| CVE-2026-55446 |
|
Vulnerability in langflow (CVE-2026-55446)
vulnerability in langflow (CVE-2026-55446). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/upload/test`. Mitigation: upgrade to `1.0.19` or later.
|
| CVE-2026-50559 |
|
Authentication Bypass in c (CVE-2026-50559)
authentication bypass in c (CVE-2026-50559). Confidential information can be exposed externally.
|
| CVE-2026-55255 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-55255)
vulnerability in langflow (CVE-2026-55255). Confidential information can be exposed externally. Exploitable via ``get_flow_by_id_or_endpoint_name``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2019-25762 |
|
Vulnerability in CVE-2019-25762 (CVE-2019-25762)
vulnerability in CVE-2019-25762 (CVE-2019-25762). Confidential information can be exposed externally.
|
| CVE-2019-25758 |
|
Unrestricted File Upload in CVE-2019-25758 (CVE-2019-25758)
vulnerability in CVE-2019-25758 (CVE-2019-25758). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25761 |
|
SQL Injection in sqli (CVE-2019-25761)
SQL injection in sqli (CVE-2019-25761). Confidential information can be exposed externally.
|
| CVE-2019-25753 |
|
SQL Injection in sqli (CVE-2019-25753)
SQL injection in sqli (CVE-2019-25753). Confidential information can be exposed externally.
|
| CVE-2019-25752 |
|
SQL Injection in sqli (CVE-2019-25752)
SQL injection in sqli (CVE-2019-25752). Confidential information can be exposed externally.
|
| CVE-2017-20282 |
|
SQL Injection in sqli (CVE-2017-20282)
SQL injection in sqli (CVE-2017-20282). Confidential information can be exposed externally.
|
| CVE-2017-20281 |
|
SQL Injection in sqli (CVE-2017-20281)
SQL injection in sqli (CVE-2017-20281). Confidential information can be exposed externally.
|
| CVE-2017-20270 |
|
SQL Injection in sqli (CVE-2017-20270)
SQL injection in sqli (CVE-2017-20270). Confidential information can be exposed externally.
|
| CVE-2017-20271 |
|
SQL Injection in sqli (CVE-2017-20271)
SQL injection in sqli (CVE-2017-20271). Confidential information can be exposed externally.
|
| CVE-2017-20274 |
|
SQL Injection in sqli (CVE-2017-20274)
SQL injection in sqli (CVE-2017-20274). Confidential information can be exposed externally.
|
| CVE-2017-20275 |
|
SQL Injection in sqli (CVE-2017-20275)
SQL injection in sqli (CVE-2017-20275). Confidential information can be exposed externally.
|
| CVE-2017-20279 |
|
SQL Injection in sqli (CVE-2017-20279)
SQL injection in sqli (CVE-2017-20279). Confidential information can be exposed externally.
|
| CVE-2017-20276 |
|
SQL Injection in sqli (CVE-2017-20276)
SQL injection in sqli (CVE-2017-20276). Confidential information can be exposed externally.
|
| CVE-2017-20273 |
|
SQL Injection in sqli (CVE-2017-20273)
SQL injection in sqli (CVE-2017-20273). Confidential information can be exposed externally.
|
| CVE-2017-20272 |
|
SQL Injection in sqli (CVE-2017-20272)
SQL injection in sqli (CVE-2017-20272). Confidential information can be exposed externally.
|
| CVE-2017-20280 |
|
SQL Injection in sqli (CVE-2017-20280)
SQL injection in sqli (CVE-2017-20280). Confidential information can be exposed externally.
|
| CVE-2017-20265 |
|
SQL Injection in sqli (CVE-2017-20265)
SQL injection in sqli (CVE-2017-20265). Confidential information can be exposed externally.
|
| CVE-2017-20262 |
|
SQL Injection in sqli (CVE-2017-20262)
SQL injection in sqli (CVE-2017-20262). Confidential information can be exposed externally.
|
| CVE-2017-20259 |
|
SQL Injection in sqli (CVE-2017-20259)
SQL injection in sqli (CVE-2017-20259). Confidential information can be exposed externally.
|
| CVE-2017-20264 |
|
SQL Injection in sqli (CVE-2017-20264)
SQL injection in sqli (CVE-2017-20264). Confidential information can be exposed externally.
|
| CVE-2017-20263 |
|
SQL Injection in sqli (CVE-2017-20263)
SQL injection in sqli (CVE-2017-20263). Confidential information can be exposed externally.
|
| CVE-2017-20255 |
|
SQL Injection in sqli (CVE-2017-20255)
SQL injection in sqli (CVE-2017-20255). Confidential information can be exposed externally.
|
| CVE-2017-20252 |
|
SQL Injection in sqli (CVE-2017-20252)
SQL injection in sqli (CVE-2017-20252). Confidential information can be exposed externally.
|
| CVE-2017-20258 |
|
SQL Injection in sqli (CVE-2017-20258)
SQL injection in sqli (CVE-2017-20258). Confidential information can be exposed externally.
|
| CVE-2017-20254 |
|
SQL Injection in sqli (CVE-2017-20254)
SQL injection in sqli (CVE-2017-20254). Confidential information can be exposed externally.
|
| CVE-2026-49286 |
|
Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-49287 |
|
Vulnerability in statamic/cms (CVE-2026-49287)
vulnerability in statamic/cms (CVE-2026-49287). Data can be tampered with by attackers. Mitigation: upgrade to `5.73.23` or later.
|
| CVE-2026-49260 |
|
OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
|
| CVE-2026-52910 |
|
Out-of-Bounds Read in c (CVE-2026-52910)
vulnerability in c (CVE-2026-52910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52909 |
|
Vulnerability in linux (CVE-2026-52909)
vulnerability in linux (CVE-2026-52909). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52908 |
|
Vulnerability in linux (CVE-2026-52908)
vulnerability in linux (CVE-2026-52908). Successful exploitation can lead to full system takeover.
|