Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-10024 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10024)
cross-site scripting in wordpress (CVE-2026-10024). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10553 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-10553)
vulnerability in wordpress (CVE-2026-10553). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10738 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10738)
cross-site scripting in wordpress (CVE-2026-10738). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5714 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5714)
cross-site scripting in wordpress (CVE-2026-5714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7556 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7556)
cross-site scripting in wordpress (CVE-2026-7556). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10862 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10862)
cross-site scripting in wordpress (CVE-2026-10862). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40519 |
|
OS Command Injection in nginx (CVE-2026-40519)
OS command injection in nginx (CVE-2026-40519). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49975 |
|
Vulnerability in apache (CVE-2026-49975)
vulnerability in apache (CVE-2026-49975). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-48913 |
|
Use-After-Free in apache (CVE-2026-48913)
vulnerability in apache (CVE-2026-48913). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-44631 |
|
Vulnerability in apache (CVE-2026-44631)
vulnerability in apache (CVE-2026-44631). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-44186 |
|
Vulnerability in apache (CVE-2026-44186)
vulnerability in apache (CVE-2026-44186). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-44185 |
|
Vulnerability in apache (CVE-2026-44185)
vulnerability in apache (CVE-2026-44185). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-44119 |
|
Privilege Escalation in apache (CVE-2026-44119)
vulnerability in apache (CVE-2026-44119). Confidential information can be exposed externally. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-43951 |
|
Out-of-Bounds Read in apache (CVE-2026-43951)
vulnerability in apache (CVE-2026-43951). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-42536 |
|
Vulnerability in apache (CVE-2026-42536)
vulnerability in apache (CVE-2026-42536). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-42535 |
|
Vulnerability in apache (CVE-2026-42535)
vulnerability in apache (CVE-2026-42535). Data can be tampered with by attackers. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-34356 |
|
Vulnerability in apache (CVE-2026-34356)
vulnerability in apache (CVE-2026-34356). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-34355 |
|
Vulnerability in apache (CVE-2026-34355)
vulnerability in apache (CVE-2026-34355). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-29170 |
|
Cross-Site Scripting (XSS) in apache (CVE-2026-29170)
cross-site scripting in apache (CVE-2026-29170). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-29167 |
|
Use-After-Free in apache (CVE-2026-29167)
vulnerability in apache (CVE-2026-29167). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-47430 |
|
Vulnerability in cordova-plugin-inappbrowser (CVE-2026-47430)
vulnerability in cordova-plugin-inappbrowser (CVE-2026-47430). Data can be tampered with by attackers. Exploitable via ``WKScriptMessage``. Mitigation: upgrade to `6.0.1` or later.
|
| CVE-2026-3011 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3011)
cross-site scripting in wordpress (CVE-2026-3011). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50953 |
|
Path Traversal in wordpress (CVE-2022-50953)
path traversal in wordpress (CVE-2022-50953). Confidential information can be exposed externally.
|
| CVE-2021-47984 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47984)
cross-site scripting in wordpress (CVE-2021-47984). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47983 |
|
Cross-Site Scripting (XSS) in c (CVE-2021-47983)
cross-site scripting in c (CVE-2021-47983). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58348 |
|
Unrestricted File Upload in wordpress (CVE-2024-58348)
vulnerability in wordpress (CVE-2024-58348). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54352 |
|
Vulnerability in wordpress (CVE-2023-54352)
vulnerability in wordpress (CVE-2023-54352). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54351 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2023-54351)
cross-site scripting in wordpress (CVE-2023-54351). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-54350 |
|
Vulnerability in c (CVE-2023-54350)
vulnerability in c (CVE-2023-54350). Confidential information can be exposed externally.
|
| CVE-2021-47982 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47982)
cross-site scripting in wordpress (CVE-2021-47982). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-58349 |
|
Unrestricted File Upload in wordpress (CVE-2024-58349)
vulnerability in wordpress (CVE-2024-58349). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8839 |
|
Vulnerability in wordpress (CVE-2026-8839)
vulnerability in wordpress (CVE-2026-8839). Risk of unauthorized operations or information disclosure. Exploitable via ``edit_posts``.
|
| CVE-2026-8611 |
|
Vulnerability in wordpress (CVE-2026-8611)
vulnerability in wordpress (CVE-2026-8611). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9016 |
|
Vulnerability in wordpress (CVE-2026-9016)
vulnerability in wordpress (CVE-2026-9016). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_ajax_nopriv_log_js_errors``.
|
| CVE-2026-9851 |
|
Vulnerability in wordpress (CVE-2026-9851)
vulnerability in wordpress (CVE-2026-9851). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9594 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9594)
cross-site scripting in wordpress (CVE-2026-9594). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9829 |
|
SQL Injection in wordpress (CVE-2026-9829)
SQL injection in wordpress (CVE-2026-9829). Confidential information can be exposed externally.
|
| CVE-2026-7624 |
|
Vulnerability in wordpress (CVE-2026-7624)
vulnerability in wordpress (CVE-2026-7624). Risk of unauthorized operations or information disclosure. Exploitable via ``sq_manage_settings``.
|
| CVE-2026-7796 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7796)
cross-site scripting in wordpress (CVE-2026-7796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8502 |
|
Vulnerability in wordpress (CVE-2026-8502)
vulnerability in wordpress (CVE-2026-8502). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8978 |
|
SQL Injection in wordpress (CVE-2026-8978)
SQL injection in wordpress (CVE-2026-8978). Confidential information can be exposed externally.
|
| CVE-2026-8991 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8991)
cross-site scripting in wordpress (CVE-2026-8991). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9197 |
|
Path Traversal in wordpress (CVE-2026-9197)
path traversal in wordpress (CVE-2026-9197). Confidential information can be exposed externally.
|
| CVE-2026-9280 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9280)
cross-site scripting in wordpress (CVE-2026-9280). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7665 |
|
Vulnerability in wordpress (CVE-2026-7665)
vulnerability in wordpress (CVE-2026-7665). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7792 |
|
Vulnerability in wordpress (CVE-2026-7792)
vulnerability in wordpress (CVE-2026-7792). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7795 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7795)
cross-site scripting in wordpress (CVE-2026-7795). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7566 |
|
Unsafe Deserialization in wordpress (CVE-2026-7566)
vulnerability in wordpress (CVE-2026-7566). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7565 |
|
Path Traversal in wordpress (CVE-2026-7565)
path traversal in wordpress (CVE-2026-7565). Confidential information can be exposed externally.
|
| CVE-2026-7537 |
|
Unrestricted File Upload in wordpress (CVE-2026-7537)
vulnerability in wordpress (CVE-2026-7537). Successful exploitation can lead to full system takeover.
|