Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-2500 |
|
Path Traversal in csharp (CVE-2026-2500)
path traversal in csharp (CVE-2026-2500). Confidential information can be exposed externally. Exploitable via ``filename``.
|
| CVE-2026-8901 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8901)
cross-site scripting in wordpress (CVE-2026-8901). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9008 |
|
Vulnerability in wordpress (CVE-2026-9008)
vulnerability in wordpress (CVE-2026-9008). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9281 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9281)
cross-site scripting in wordpress (CVE-2026-9281). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8438 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8900 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8900)
cross-site scripting in wordpress (CVE-2026-8900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8976 |
|
Vulnerability in wordpress (CVE-2026-8976)
vulnerability in wordpress (CVE-2026-8976). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9290 |
|
Path Traversal in wordpress (CVE-2026-9290)
path traversal in wordpress (CVE-2026-9290). Confidential information can be exposed externally.
|
| CVE-2026-9719 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9719)
vulnerability in wordpress (CVE-2026-9719). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6448 |
|
SQL Injection in wordpress (CVE-2026-6448)
SQL injection in wordpress (CVE-2026-6448). Confidential information can be exposed externally.
|
| CVE-2026-7047 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7047)
vulnerability in wordpress (CVE-2026-7047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8608 |
|
Vulnerability in wordpress (CVE-2026-8608)
vulnerability in wordpress (CVE-2026-8608). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8893 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-12656 |
|
Vulnerability in wordpress (CVE-2025-12656)
vulnerability in wordpress (CVE-2025-12656). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10038 |
|
Vulnerability in wordpress (CVE-2026-10038)
vulnerability in wordpress (CVE-2026-10038). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7523 |
|
Vulnerability in wordpress (CVE-2026-7523)
vulnerability in wordpress (CVE-2026-7523). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7654 |
|
Unsafe Deserialization in wordpress (CVE-2026-7654)
vulnerability in wordpress (CVE-2026-7654). Successful exploitation can lead to full system takeover. Exploitable via ``allowed_classes``.
|
| CVE-2026-5415 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-5411 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-10580 |
|
Vulnerability in wordpress (CVE-2026-10580)
vulnerability in wordpress (CVE-2026-10580). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10586 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-10586)
SSRF in wordpress (CVE-2026-10586). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41522 |
|
Vulnerability in flask (CVE-2026-41522)
vulnerability in flask (CVE-2026-41522). Risk of unauthorized operations or information disclosure. Exploitable via ``case.iocs``. Mitigation: upgrade to `2.4.28` or later.
|
| CVE-2026-50076 |
|
Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
|
| CVE-2019-25742 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25742)
cross-site scripting in wordpress (CVE-2019-25742). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25744 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25744)
cross-site scripting in wordpress (CVE-2019-25744). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25745 |
|
SQL Injection in wordpress (CVE-2019-25745)
SQL injection in wordpress (CVE-2019-25745). Confidential information can be exposed externally.
|
| CVE-2019-25738 |
|
Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25743 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25743)
cross-site scripting in wordpress (CVE-2019-25743). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25727 |
|
Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44496 |
|
Vulnerability in axios (CVE-2026-44496)
vulnerability in axios (CVE-2026-44496). Risk of unauthorized operations or information disclosure. Exploitable via ``document.cookie``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-43926 |
|
Vulnerability in nginx (CVE-2026-43926)
vulnerability in nginx (CVE-2026-43926). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10737 |
|
Vulnerability in wordpress (CVE-2026-10737)
vulnerability in wordpress (CVE-2026-10737). Confidential information can be exposed externally.
|
| CVE-2026-8653 |
|
SQL Injection in wordpress (CVE-2026-8653)
SQL injection in wordpress (CVE-2026-8653). Confidential information can be exposed externally.
|
| CVE-2022-31114 |
|
Cross-Site Scripting (XSS) in backpack/crud (CVE-2022-31114)
cross-site scripting in backpack/crud (CVE-2022-31114). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.63` or later.
|
| CVE-2026-8404 |
|
Vulnerability in django (CVE-2026-8404)
vulnerability in django (CVE-2026-8404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-7666 |
|
Vulnerability in django (CVE-2026-7666)
vulnerability in django (CVE-2026-7666). Risk of unauthorized operations or information disclosure. Exploitable via ``STARTTLS``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-6873 |
|
Vulnerability in django (CVE-2026-6873)
vulnerability in django (CVE-2026-6873). Risk of unauthorized operations or information disclosure. Exploitable via ``django.http.HttpRequest.get_signed_cookie``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-48587 |
|
Vulnerability in django (CVE-2026-48587)
vulnerability in django (CVE-2026-48587). Risk of unauthorized operations or information disclosure. Exploitable via ``Vary``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-35193 |
|
Vulnerability in django (CVE-2026-35193)
vulnerability in django (CVE-2026-35193). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
|
| CVE-2026-47065 |
|
Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7421 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7421)
cross-site scripting in wordpress (CVE-2026-7421). Risk of unauthorized operations or information disclosure. Exploitable via ``shop_name``.
|
| CVE-2026-9732 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9732)
vulnerability in wordpress (CVE-2026-9732). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5073 |
|
SQL Injection in wordpress (CVE-2026-5073)
SQL injection in wordpress (CVE-2026-5073). Confidential information can be exposed externally.
|
| CVE-2026-5076 |
|
Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
|
| CVE-2026-5074 |
|
SQL Injection in wordpress (CVE-2026-5074)
SQL injection in wordpress (CVE-2026-5074). Confidential information can be exposed externally. Exploitable via ``get_private_content_data``.
|
| CVE-2026-42211 |
|
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
|
| CVE-2026-42342 |
|
Vulnerability in react-router (CVE-2026-42342)
vulnerability in react-router (CVE-2026-42342). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.0` or later.
|
| CVE-2026-40181 |
|
Open Redirect in react-router (CVE-2026-40181)
vulnerability in react-router (CVE-2026-40181). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect``. Mitigation: upgrade to `6.30.4` or later.
|
| CVE-2026-34077 |
|
Vulnerability in react-router (CVE-2026-34077)
vulnerability in react-router (CVE-2026-34077). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.14.0` or later.
|
| CVE-2026-33245 |
|
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
|