Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13040 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13040)
cross-site scripting in wordpress (CVE-2026-13040). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58451 |
|
Path Traversal in csrf (CVE-2026-58451)
path traversal in csrf (CVE-2026-58451). Confidential information can be exposed externally.
|
| CVE-2026-9676 |
|
Vulnerability in wordpress (CVE-2026-9676)
vulnerability in wordpress (CVE-2026-9676). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57306 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57306)
vulnerability in csrf (CVE-2026-57306). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57305 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57305)
vulnerability in csrf (CVE-2026-57305). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57295 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57295)
vulnerability in csrf (CVE-2026-57295). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57290 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57290)
vulnerability in csrf (CVE-2026-57290). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57283 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57283)
vulnerability in csrf (CVE-2026-57283). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6292 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6292)
vulnerability in wordpress (CVE-2026-6292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56425 |
|
Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
|
| CVE-2026-7859 |
|
Vulnerability in wordpress (CVE-2026-7859)
vulnerability in wordpress (CVE-2026-7859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49871 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
|
| CVE-2026-10034 |
|
Vulnerability in wordpress (CVE-2026-10034)
vulnerability in wordpress (CVE-2026-10034). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55745 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22342 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
|
| CVE-2016-20083 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2016-20083)
vulnerability in wordpress (CVE-2016-20083). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39170 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-39170)
vulnerability in csrf (CVE-2026-39170). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11603 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11603)
cross-site scripting in wordpress (CVE-2026-11603). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10553 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-10553)
vulnerability in wordpress (CVE-2026-10553). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25734 |
|
Path Traversal in csrf (CVE-2019-25734)
path traversal in csrf (CVE-2019-25734). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25729 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2019-25729)
vulnerability in csrf (CVE-2019-25729). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6455 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
|
| CVE-2026-7533 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7533)
vulnerability in wordpress (CVE-2026-7533). Risk of unauthorized operations or information disclosure. Exploitable via ``admin_init``.
|
| CVE-2026-9674 |
|
Cross-Site Request Forgery (CSRF) in org.jenkins-ci.plugins:jenkins-multijob-plugin (CVE-2026-9674)
vulnerability in org.jenkins-ci.plugins:jenkins-multijob-plugin (CVE-2026-9674). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `669.v9d96a` or later.
|
| CVE-2026-30498 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-30498)
vulnerability in csrf (CVE-2026-30498). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35220 |
|
Cross-Site Request Forgery (CSRF) in joomla (CVE-2026-35220)
vulnerability in joomla (CVE-2026-35220). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.1` or later.
|
| CVE-2026-8174 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8174)
vulnerability in wordpress (CVE-2026-8174). Data can be tampered with by attackers.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8140 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-44925 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-44925)
vulnerability in csrf (CVE-2026-44925). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6405 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47976 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2021-47976)
vulnerability in csrf (CVE-2021-47976). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47981 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2021-47981)
cross-site scripting in csrf (CVE-2021-47981). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45610 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45610)
vulnerability in WWBN/AVideo (CVE-2026-45610). Data can be tampered with by attackers. Exploitable via ``SameSite``.
|
| CVE-2026-4094 |
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
| CVE-2026-4527 |
|
Cross-Site Request Forgery (CSRF) in gitlab (CVE-2026-4527)
vulnerability in gitlab (CVE-2026-4527). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-42551 |
|
Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-40703 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-40703)
vulnerability in csrf (CVE-2026-40703). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42289 |
|
Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-43877 |
|
Cross-Site Request Forgery (CSRF) in wwbn/avideo (CVE-2026-43877)
vulnerability in wwbn/avideo (CVE-2026-43877). Risk of unauthorized operations or information disclosure. Exploitable via ``autoCSRFGuard``.
|
| CVE-2026-43880 |
|
Vulnerability in wwbn/avideo (CVE-2026-43880)
vulnerability in wwbn/avideo (CVE-2026-43880). Risk of unauthorized operations or information disclosure. Exploitable via `POST /objects/sendEmail.json.php`.
|
| CVE-2026-44657 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44657)
cross-site scripting in mantisbt/mantisbt (CVE-2026-44657). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40948 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-40948)
vulnerability in apache (CVE-2026-40948). Risk of unauthorized operations or information disclosure. Exploitable via ``state``.
|