Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12136 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12136)
cross-site scripting in wordpress (CVE-2026-12136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12137 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12137)
cross-site scripting in wordpress (CVE-2026-12137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11395 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11395)
SSRF in wordpress (CVE-2026-11395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12111 |
|
Information Disclosure in wordpress (CVE-2026-12111)
vulnerability in wordpress (CVE-2026-12111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12098 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12098)
cross-site scripting in wordpress (CVE-2026-12098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12102 |
|
Vulnerability in wordpress (CVE-2026-12102)
vulnerability in wordpress (CVE-2026-12102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11360 |
|
SQL Injection in wordpress (CVE-2026-11360)
SQL injection in wordpress (CVE-2026-11360). Confidential information can be exposed externally.
|
| CVE-2026-11402 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11358 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11777 |
|
SQL Injection in wordpress (CVE-2026-11777)
SQL injection in wordpress (CVE-2026-11777). Confidential information can be exposed externally.
|
| CVE-2026-12120 |
|
Information Disclosure in wordpress (CVE-2026-12120)
vulnerability in wordpress (CVE-2026-12120). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9199 |
|
Vulnerability in wordpress (CVE-2026-9199)
vulnerability in wordpress (CVE-2026-9199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11784 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-11784)
vulnerability in wordpress (CVE-2026-11784). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12093 |
|
Vulnerability in wordpress (CVE-2026-12093)
vulnerability in wordpress (CVE-2026-12093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11776 |
|
SQL Injection in wordpress (CVE-2026-11776)
SQL injection in wordpress (CVE-2026-11776). Confidential information can be exposed externally.
|
| CVE-2026-11357 |
|
Information Disclosure in wordpress (CVE-2026-11357)
vulnerability in wordpress (CVE-2026-11357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12407 |
|
Vulnerability in wordpress (CVE-2026-12407)
vulnerability in wordpress (CVE-2026-12407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10029 |
|
Vulnerability in wordpress (CVE-2026-10029)
vulnerability in wordpress (CVE-2026-10029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10023 |
|
Vulnerability in wordpress (CVE-2026-10023)
vulnerability in wordpress (CVE-2026-10023). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10736 |
|
SQL Injection in wordpress (CVE-2026-10736)
SQL injection in wordpress (CVE-2026-10736). Confidential information can be exposed externally.
|
| CVE-2026-10623 |
|
Vulnerability in wordpress (CVE-2026-10623)
vulnerability in wordpress (CVE-2026-10623). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50201 |
|
Privilege Escalation in Steeltoe.Management.Endpoint (CVE-2026-50201)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50201). Confidential information can be exposed externally. Exploitable via ``EndpointPermissions.Restricted``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50107 |
|
Vulnerability in nginx (CVE-2026-50107)
vulnerability in nginx (CVE-2026-50107). Confidential information can be exposed externally.
|
| CVE-2026-32682 |
|
Vulnerability in nginx (CVE-2026-32682)
vulnerability in nginx (CVE-2026-32682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55409 |
|
Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
|
| CVE-2026-42055 |
|
Vulnerability in nginx (CVE-2026-42055)
vulnerability in nginx (CVE-2026-42055). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42530 |
|
Use-After-Free in nginx (CVE-2026-42530)
vulnerability in nginx (CVE-2026-42530). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48142 |
|
Out-of-Bounds Read in nginx (CVE-2026-48142)
vulnerability in nginx (CVE-2026-48142). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49268 |
|
Vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-11311 |
|
Vulnerability in nginx (CVE-2026-11311)
vulnerability in nginx (CVE-2026-11311). Confidential information can be exposed externally.
|
| CVE-2025-69130 |
|
Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69115 |
|
Vulnerability in wordpress (CVE-2025-69115)
vulnerability in wordpress (CVE-2025-69115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8383 |
|
Vulnerability in wordpress (CVE-2026-8383)
vulnerability in wordpress (CVE-2026-8383). Risk of unauthorized operations or information disclosure. Exploitable via ``edit``.
|
| CVE-2026-8607 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8607)
cross-site scripting in wordpress (CVE-2026-8607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8494 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8494)
cross-site scripting in wordpress (CVE-2026-8494). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8089 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8089)
cross-site scripting in wordpress (CVE-2026-8089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7850 |
|
Vulnerability in wordpress (CVE-2026-7850)
vulnerability in wordpress (CVE-2026-7850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50203 |
|
Path Traversal in apache-airflow-providers-sftp (CVE-2026-50203)
path traversal in apache-airflow-providers-sftp (CVE-2026-50203). Confidential information can be exposed externally. Exploitable via ``SFTPHook.retrieve_directory``. Mitigation: upgrade to `5.8.1` or later.
|
| CVE-2026-47340 |
|
Information Disclosure in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-47340)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-47340). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-42357 |
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-42357)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-42357). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-41280 |
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-41280)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-41280). Data can be tampered with by attackers. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-25470 |
|
Code Injection in wordpress (CVE-2026-25470)
code injection in wordpress (CVE-2026-25470). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32966 |
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32966). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-32967 |
|
Authorization Flaw in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967)
vulnerability in org.apache.dolphinscheduler:dolphinscheduler-api (CVE-2026-32967). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.2` or later.
|
| CVE-2026-22342 |
|
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme <= 11.2.0 versions.
|
| CVE-2026-22343 |
|
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
Unauthenticated Broken Access Control in WordPress Dating Theme <= 11.2.0 versions.
|
| CVE-2026-12115 |
|
Unsafe Deserialization in wordpress (CVE-2026-12115)
vulnerability in wordpress (CVE-2026-12115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12360 |
|
SQL Injection in wordpress (CVE-2026-12360)
SQL injection in wordpress (CVE-2026-12360). Confidential information can be exposed externally.
|