Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-49403 |
|
Vulnerability in wordpress (CVE-2025-49403)
vulnerability in wordpress (CVE-2025-49403). Confidential information can be exposed externally.
|
| CVE-2026-53929 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-53929)
cross-site scripting in nocodb (CVE-2026-53929). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseContentDisposition``.
|
| CVE-2026-56326 |
|
Open Redirect in nuxt (CVE-2026-56326)
vulnerability in nuxt (CVE-2026-56326). Risk of unauthorized operations or information disclosure. Exploitable via ``navigateTo``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-8442 |
|
Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
|
| CVE-2026-52715 |
|
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
|
| CVE-2026-8176 |
|
Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2381 |
|
Vulnerability in wordpress (CVE-2026-2381)
vulnerability in wordpress (CVE-2026-2381). Risk of unauthorized operations or information disclosure. Exploitable via ``wc_stripe_pay_for_order``.
|
| CVE-2026-8444 |
|
SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10093 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8443 |
|
SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5149 |
|
Authorization Flaw in wordpress (CVE-2026-5149)
vulnerability in wordpress (CVE-2026-5149). Confidential information can be exposed externally.
|
| CVE-2026-10780 |
|
Vulnerability in wordpress (CVE-2026-10780)
vulnerability in wordpress (CVE-2026-10780). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9187 |
|
Vulnerability in wordpress (CVE-2026-9187)
vulnerability in wordpress (CVE-2026-9187). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6933 |
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6964 |
|
Vulnerability in wordpress (CVE-2026-6964)
vulnerability in wordpress (CVE-2026-6964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48714 |
|
Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
|
| CVE-2026-49776 |
|
SQL Injection in wordpress (CVE-2026-49776)
SQL injection in wordpress (CVE-2026-49776). Confidential information can be exposed externally.
|
| CVE-2026-48964 |
|
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
Subscriber SQL Injection in ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.6 versions.
|
| CVE-2026-40773 |
|
Vulnerability in wordpress (CVE-2026-40773)
vulnerability in wordpress (CVE-2026-40773). Data can be tampered with by attackers.
|
| CVE-2026-39591 |
|
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
|
| CVE-2026-39468 |
|
Path Traversal in wordpress (CVE-2026-39468)
path traversal in wordpress (CVE-2026-39468). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50892 |
|
Vulnerability in nginx (CVE-2026-50892)
vulnerability in nginx (CVE-2026-50892). Confidential information can be exposed externally.
|
| CVE-2026-47835 |
|
Vulnerability in CVE-2026-47835 (CVE-2026-47835)
vulnerability in CVE-2026-47835 (CVE-2026-47835). Confidential information can be exposed externally.
|
| CVE-2026-41708 |
|
Vulnerability in dos (CVE-2026-41708)
vulnerability in dos (CVE-2026-41708). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53663 |
|
Cross-Site Request Forgery (CSRF) in react-router (CVE-2026-53663)
vulnerability in react-router (CVE-2026-53663). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.1` or later.
|
| CVE-2026-54264 |
|
Information Disclosure in @angular/service-worker (CVE-2026-54264)
vulnerability in @angular/service-worker (CVE-2026-54264). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``.
|
| CVE-2026-54268 |
|
Vulnerability in @angular/common (CVE-2026-54268)
vulnerability in @angular/common (CVE-2026-54268). Risk of unauthorized operations or information disclosure. Exploitable via ``formatDate``.
|
| CVE-2026-54266 |
|
Vulnerability in @angular/common (CVE-2026-54266)
vulnerability in @angular/common (CVE-2026-54266). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpTransferCache``.
|
| CVE-2026-54265 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-54265)
cross-site scripting in @angular/compiler (CVE-2026-54265). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``.
|
| CVE-2026-50557 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-50557)
cross-site scripting in @angular/core (CVE-2026-50557). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50556 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50556)
cross-site scripting in @angular/platform-server (CVE-2026-50556). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-50555 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-50184 |
|
Information Disclosure in @angular/service-worker (CVE-2026-50184)
vulnerability in @angular/service-worker (CVE-2026-50184). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
|
| CVE-2026-50171 |
|
Vulnerability in @angular/common (CVE-2026-50171)
vulnerability in @angular/common (CVE-2026-50171). Risk of unauthorized operations or information disclosure. Exploitable via ``formatNumber``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-50170 |
|
Vulnerability in @angular/common (CVE-2026-50170)
vulnerability in @angular/common (CVE-2026-50170). Confidential information can be exposed externally. Exploitable via ``HttpTransferCache``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-52725 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-52725)
cross-site scripting in @angular/core (CVE-2026-52725). Risk of unauthorized operations or information disclosure. Exploitable via ``createComponent``. Mitigation: upgrade to `20.3.22` or later.
|
| CVE-2026-50169 |
|
Information Disclosure in @angular/service-worker (CVE-2026-50169)
vulnerability in @angular/service-worker (CVE-2026-50169). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-50168 |
|
Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-54267 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-54267)
cross-site scripting in @angular/core (CVE-2026-54267). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpClient``.
|
| CVE-2016-20084 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20084)
cross-site scripting in wordpress (CVE-2016-20084). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25436 |
|
Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25746 |
|
SQL Injection in wordpress (CVE-2019-25746)
SQL injection in wordpress (CVE-2019-25746). Confidential information can be exposed externally.
|
| CVE-2018-25437 |
|
Vulnerability in wordpress (CVE-2018-25437)
vulnerability in wordpress (CVE-2018-25437). Confidential information can be exposed externally.
|
| CVE-2016-20078 |
|
Vulnerability in wordpress (CVE-2016-20078)
vulnerability in wordpress (CVE-2016-20078). Confidential information can be exposed externally.
|
| CVE-2016-20079 |
|
Vulnerability in wordpress (CVE-2016-20079)
vulnerability in wordpress (CVE-2016-20079). Confidential information can be exposed externally.
|
| CVE-2016-20080 |
|
Vulnerability in wordpress (CVE-2016-20080)
vulnerability in wordpress (CVE-2016-20080). Confidential information can be exposed externally.
|
| CVE-2016-20081 |
|
Path Traversal in wordpress (CVE-2016-20081)
path traversal in wordpress (CVE-2016-20081). Confidential information can be exposed externally.
|
| CVE-2016-20082 |
|
Vulnerability in wordpress (CVE-2016-20082)
vulnerability in wordpress (CVE-2016-20082). Confidential information can be exposed externally.
|
| CVE-2016-20083 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2016-20083)
vulnerability in wordpress (CVE-2016-20083). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-20077 |
|
Vulnerability in wordpress (CVE-2016-20077)
vulnerability in wordpress (CVE-2016-20077). Confidential information can be exposed externally.
|