Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-1829 |
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
| CVE-2026-33244 |
|
Cross-Site Scripting (XSS) in react-router (CVE-2026-33244)
cross-site scripting in react-router (CVE-2026-33244). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `7.13.2` or later.
|
| CVE-2026-44367 |
|
Vulnerability in apache (CVE-2026-44367)
vulnerability in apache (CVE-2026-44367). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45080 |
|
Information Disclosure in apache (CVE-2026-45080)
vulnerability in apache (CVE-2026-45080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39555 |
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
| CVE-2026-39553 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2026-39552 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-69369 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-68886 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2026-41115 |
|
Vulnerability in kafka (CVE-2026-41115)
vulnerability in kafka (CVE-2026-41115). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46718 |
|
Vulnerability in apache (CVE-2026-46718)
vulnerability in apache (CVE-2026-46718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5191 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5191)
cross-site scripting in wordpress (CVE-2026-5191). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9723 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9723)
vulnerability in wordpress (CVE-2026-9723). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4081 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4081)
cross-site scripting in wordpress (CVE-2026-4081). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4080 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4080)
cross-site scripting in wordpress (CVE-2026-4080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3620 |
|
Vulnerability in wordpress (CVE-2026-3620)
vulnerability in wordpress (CVE-2026-3620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2425 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2425)
cross-site scripting in wordpress (CVE-2026-2425). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9730 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9730)
vulnerability in wordpress (CVE-2026-9730). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9599 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9599)
vulnerability in wordpress (CVE-2026-9599). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8422 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8422)
vulnerability in wordpress (CVE-2026-8422). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9234 |
|
Vulnerability in wordpress (CVE-2026-9234)
vulnerability in wordpress (CVE-2026-9234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9722 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-9722)
vulnerability in wordpress (CVE-2026-9722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2382 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2382)
cross-site scripting in wordpress (CVE-2026-2382). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8885 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8885)
cross-site scripting in wordpress (CVE-2026-8885). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5085 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-5085)
cross-site scripting in wordpress (CVE-2025-5085). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1451 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-1451)
cross-site scripting in wordpress (CVE-2026-1451). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1450 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-1450)
cross-site scripting in wordpress (CVE-2026-1450). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4071 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4071)
vulnerability in wordpress (CVE-2026-4071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8293 |
|
Authentication Bypass in wordpress (CVE-2026-8293)
authentication bypass in wordpress (CVE-2026-8293). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8206 |
|
Privilege Escalation in wordpress (CVE-2026-8206)
vulnerability in wordpress (CVE-2026-8206). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3722 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3722)
cross-site scripting in wordpress (CVE-2026-3722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10100 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10100)
cross-site scripting in wordpress (CVE-2026-10100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9050 |
|
Vulnerability in wordpress (CVE-2026-9050)
vulnerability in wordpress (CVE-2026-9050). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9048 |
|
Authorization Flaw in wordpress (CVE-2026-9048)
vulnerability in wordpress (CVE-2026-9048). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25434 |
|
SQL Injection in wordpress (CVE-2018-25434)
SQL injection in wordpress (CVE-2018-25434). Confidential information can be exposed externally.
|
| CVE-2026-49328 |
|
SSRF (Server-Side Request Forgery) in org.apache.fesod:fesod-sheet (CVE-2026-49328)
SSRF in org.apache.fesod:fesod-sheet (CVE-2026-49328). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.2-incubating` or later.
|
| CVE-2026-48827 |
|
Path Traversal in apache (CVE-2026-48827)
path traversal in apache (CVE-2026-48827). Confidential information can be exposed externally.
|
| CVE-2026-49361 |
|
Vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361)
vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.1-incubating` or later.
|
| CVE-2026-46764 |
|
Vulnerability in airflow (CVE-2026-46764)
vulnerability in airflow (CVE-2026-46764). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v2/eventLogs/{event_log_id}`. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-46605 |
|
Vulnerability in activemq (CVE-2026-46605)
vulnerability in activemq (CVE-2026-46605). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-49267 |
|
Vulnerability in airflow (CVE-2026-49267)
vulnerability in airflow (CVE-2026-49267). Confidential information can be exposed externally. Exploitable via ``airflow.utils.email``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-48726 |
|
Vulnerability in apache-airflow (CVE-2026-48726)
vulnerability in apache-airflow (CVE-2026-48726). Confidential information can be exposed externally. Exploitable via ``FabAuthManager``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-49270 |
|
Vulnerability in activemq (CVE-2026-49270)
vulnerability in activemq (CVE-2026-49270). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-49298 |
|
Vulnerability in airflow (CVE-2026-49298)
vulnerability in airflow (CVE-2026-49298). Successful exploitation can lead to full system takeover. Exploitable via ``KubernetesExecutor``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-49157 |
|
Vulnerability in activemq (CVE-2026-49157)
vulnerability in activemq (CVE-2026-49157). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-42588 |
|
Vulnerability in activemq (CVE-2026-42588)
vulnerability in activemq (CVE-2026-42588). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-42360 |
|
Information Disclosure in apache-airflow (CVE-2026-42360)
vulnerability in apache-airflow (CVE-2026-42360). Confidential information can be exposed externally. Exploitable via ``password``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42252 |
|
Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-45426 |
|
Authorization Flaw in apache-airflow (CVE-2026-45426)
vulnerability in apache-airflow (CVE-2026-45426). Risk of unauthorized operations or information disclosure. Exploitable via ``sub``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42359 |
|
Unsafe Deserialization in apache-airflow (CVE-2026-42359)
vulnerability in apache-airflow (CVE-2026-42359). Successful exploitation can lead to full system takeover. Exploitable via `PATCH /api/v2/xcomEntries/{key}`. Mitigation: upgrade to `3.2.2` or later.
|