Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48067 |
|
Vulnerability in filament/tables (CVE-2026-48067)
vulnerability in filament/tables (CVE-2026-48067). Data can be tampered with by attackers. Exploitable via ``Select``. Mitigation: upgrade to `3.3.51` or later.
|
| CVE-2026-46698 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46698)
SSRF in wordpress (CVE-2026-46698). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46697 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
|
| CVE-2026-41001 |
|
Vulnerability in spring (CVE-2026-41001)
vulnerability in spring (CVE-2026-41001). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41000 |
|
Vulnerability in c (CVE-2026-41000)
vulnerability in c (CVE-2026-41000). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40992 |
|
Vulnerability in spring (CVE-2026-40992)
vulnerability in spring (CVE-2026-40992). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40996 |
|
Vulnerability in apache (CVE-2026-40996)
vulnerability in apache (CVE-2026-40996). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10795 |
|
Vulnerability in wordpress (CVE-2026-10795)
vulnerability in wordpress (CVE-2026-10795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2827 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2827)
cross-site scripting in wordpress (CVE-2026-2827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50223 |
|
Code Injection in apache (CVE-2026-50223)
code injection in apache (CVE-2026-50223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47342 |
|
Vulnerability in apache (CVE-2026-47342)
vulnerability in apache (CVE-2026-47342). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53634 |
|
Vulnerability in code16/sharp (CVE-2026-53634)
vulnerability in code16/sharp (CVE-2026-53634). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.22.3` or later.
|
| CVE-2026-45569 |
|
Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
|
| CVE-2026-45567 |
|
Authentication Bypass in nginx (CVE-2026-45567)
authentication bypass in nginx (CVE-2026-45567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45566 |
|
Open Redirect in nginx (CVE-2026-45566)
vulnerability in nginx (CVE-2026-45566). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45565 |
|
Vulnerability in nginx (CVE-2026-45565)
vulnerability in nginx (CVE-2026-45565). Confidential information can be exposed externally.
|
| CVE-2026-25700 |
|
Vulnerability in apache (CVE-2026-25700)
vulnerability in apache (CVE-2026-25700). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45561 |
|
SSRF (Server-Side Request Forgery) in flask (CVE-2026-45561)
SSRF in flask (CVE-2026-45561). Confidential information can be exposed externally.
|
| CVE-2026-45564 |
|
OS Command Injection in c (CVE-2026-45564)
OS command injection in c (CVE-2026-45564). Successful exploitation can lead to full system takeover. Exploitable via `POST /config/versions/`.
|
| CVE-2026-45563 |
|
Vulnerability in nginx (CVE-2026-45563)
vulnerability in nginx (CVE-2026-45563). Risk of unauthorized operations or information disclosure. Exploitable via `GET /history/`.
|
| CVE-2026-45550 |
|
Vulnerability in nginx (CVE-2026-45550)
vulnerability in nginx (CVE-2026-45550). Data can be tampered with by attackers. Exploitable via `PUT /smon/check`.
|
| CVE-2026-45552 |
|
Vulnerability in nginx (CVE-2026-45552)
vulnerability in nginx (CVE-2026-45552). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45556 |
|
Vulnerability in nginx (CVE-2026-45556)
vulnerability in nginx (CVE-2026-45556). Successful exploitation can lead to full system takeover. Exploitable via `POST /waf/`.
|
| CVE-2026-45558 |
|
Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
|
| CVE-2026-45559 |
|
Vulnerability in nginx (CVE-2026-45559)
vulnerability in nginx (CVE-2026-45559). Confidential information can be exposed externally.
|
| CVE-2026-45560 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-45560)
cross-site scripting in c (CVE-2026-45560). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45549 |
|
Vulnerability in nginx (CVE-2026-45549)
vulnerability in nginx (CVE-2026-45549). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3018 |
|
SQL Injection in wordpress (CVE-2026-3018)
SQL injection in wordpress (CVE-2026-3018). Confidential information can be exposed externally.
|
| CVE-2025-6254 |
|
Privilege Escalation in wordpress (CVE-2025-6254)
vulnerability in wordpress (CVE-2025-6254). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8853 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8853)
cross-site scripting in wordpress (CVE-2026-8853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8613)
cross-site scripting in wordpress (CVE-2026-8613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9019 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9019)
cross-site scripting in wordpress (CVE-2026-9019). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9067 |
|
Unrestricted File Upload in wordpress (CVE-2026-9067)
vulnerability in wordpress (CVE-2026-9067). Confidential information can be exposed externally.
|
| CVE-2026-3326 |
|
SQL Injection in wordpress (CVE-2026-3326)
SQL injection in wordpress (CVE-2026-3326). Confidential information can be exposed externally.
|
| CVE-2026-8071 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8071)
cross-site scripting in wordpress (CVE-2026-8071). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9060 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9060)
cross-site scripting in wordpress (CVE-2026-9060). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
|
| CVE-2025-8444 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-8444)
cross-site scripting in wordpress (CVE-2025-8444). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41732 |
|
Unsafe Deserialization in apache (CVE-2026-41732)
vulnerability in apache (CVE-2026-41732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41727 |
|
Vulnerability in apache (CVE-2026-41727)
vulnerability in apache (CVE-2026-41727). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41726 |
|
Vulnerability in org.springframework.kafka:spring-kafka (CVE-2026-41726)
vulnerability in org.springframework.kafka:spring-kafka (CVE-2026-41726). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41731 |
|
Unsafe Deserialization in org.springframework.kafka:spring-kafka (CVE-2026-41731)
vulnerability in org.springframework.kafka:spring-kafka (CVE-2026-41731). Successful exploitation can lead to full system takeover.
|
| CVE-2017-20251 |
|
Code Injection in wordpress (CVE-2017-20251)
code injection in wordpress (CVE-2017-20251). Successful exploitation can lead to full system takeover.
|
| CVE-2017-20244 |
|
SQL Injection in wordpress (CVE-2017-20244)
SQL injection in wordpress (CVE-2017-20244). Confidential information can be exposed externally.
|
| CVE-2017-20245 |
|
SQL Injection in wordpress (CVE-2017-20245)
SQL injection in wordpress (CVE-2017-20245). Confidential information can be exposed externally.
|
| CVE-2017-20246 |
|
SQL Injection in wordpress (CVE-2017-20246)
SQL injection in wordpress (CVE-2017-20246). Confidential information can be exposed externally.
|
| CVE-2017-20247 |
|
SQL Injection in wordpress (CVE-2017-20247)
SQL injection in wordpress (CVE-2017-20247). Confidential information can be exposed externally.
|
| CVE-2017-20250 |
|
Path Traversal in wordpress (CVE-2017-20250)
path traversal in wordpress (CVE-2017-20250). Confidential information can be exposed externally.
|
| CVE-2017-20243 |
|
SQL Injection in wordpress (CVE-2017-20243)
SQL injection in wordpress (CVE-2017-20243). Confidential information can be exposed externally.
|
| CVE-2016-20065 |
|
SQL Injection in wordpress (CVE-2016-20065)
SQL injection in wordpress (CVE-2016-20065). Confidential information can be exposed externally.
|
| CVE-2016-20062 |
|
SQL Injection in wordpress (CVE-2016-20062)
SQL injection in wordpress (CVE-2016-20062). Confidential information can be exposed externally.
|