Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45505 |
|
Vulnerability in activemq (CVE-2026-45505)
vulnerability in activemq (CVE-2026-45505). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-44825 |
|
Vulnerability in solr (CVE-2026-44825)
vulnerability in solr (CVE-2026-44825). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.0.0` or later.
|
| CVE-2026-45360 |
|
Unsafe Deserialization in apache-airflow (CVE-2026-45360)
vulnerability in apache-airflow (CVE-2026-45360). Risk of unauthorized operations or information disclosure. Exploitable via ``DeadlineReference``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42252 |
|
Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42253 |
|
Cross-Site Scripting (XSS) in activemq (CVE-2026-42253)
cross-site scripting in activemq (CVE-2026-42253). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-42358 |
|
Information Disclosure in airflow (CVE-2026-42358)
vulnerability in airflow (CVE-2026-42358). Confidential information can be exposed externally. Exploitable via ``password``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40961 |
|
Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-41014 |
|
Vulnerability in apache-airflow (CVE-2026-41014)
vulnerability in apache-airflow (CVE-2026-41014). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40963 |
|
Vulnerability in airflow (CVE-2026-40963)
vulnerability in airflow (CVE-2026-40963). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40861 |
|
Vulnerability in apache-airflow (CVE-2026-40861)
vulnerability in apache-airflow (CVE-2026-40861). Confidential information can be exposed externally. Exploitable via ``airflow.cfg``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-41017 |
|
Vulnerability in apache-airflow (CVE-2026-41017)
vulnerability in apache-airflow (CVE-2026-41017). Confidential information can be exposed externally. Exploitable via ``JWTRefreshMiddleware``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-35563 |
|
Vulnerability in org.apache.directory.api:api-ldap-client-api (CVE-2026-35563)
vulnerability in org.apache.directory.api:api-ldap-client-api (CVE-2026-35563). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.8` or later.
|
| CVE-2026-45192 |
|
Information Disclosure in apache-airflow (CVE-2026-45192)
vulnerability in apache-airflow (CVE-2026-45192). Confidential information can be exposed externally. Exploitable via ``extra``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-10173 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-10173)
cross-site scripting in vue (CVE-2026-10173). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8382 |
|
Vulnerability in wordpress (CVE-2026-8382)
vulnerability in wordpress (CVE-2026-8382). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9757 |
|
SQL Injection in wordpress (CVE-2026-9757)
SQL injection in wordpress (CVE-2026-9757). Confidential information can be exposed externally.
|
| CVE-2026-7465 |
|
Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7459 |
|
Vulnerability in wordpress (CVE-2026-7459)
vulnerability in wordpress (CVE-2026-7459). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48811 |
|
Vulnerability in laravel (CVE-2026-48811)
vulnerability in laravel (CVE-2026-48811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
|
| CVE-2026-48810 |
|
Vulnerability in laravel (CVE-2026-48810)
vulnerability in laravel (CVE-2026-48810). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
|
| CVE-2026-48557 |
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
| CVE-2026-48555 |
|
SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
|
| CVE-2026-47123 |
|
Vulnerability in laravel (CVE-2026-47123)
vulnerability in laravel (CVE-2026-47123). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.220` or later.
|
| CVE-2026-45294 |
|
Vulnerability in laravel (CVE-2026-45294)
vulnerability in laravel (CVE-2026-45294). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.219` or later.
|
| CVE-2026-47200 |
|
Vulnerability in nuxt (CVE-2026-47200)
vulnerability in nuxt (CVE-2026-47200). Risk of unauthorized operations or information disclosure. Exploitable via ``experimental.componentIslands``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-4290 |
|
Vulnerability in wordpress (CVE-2026-4290)
vulnerability in wordpress (CVE-2026-4290). Data can be tampered with by attackers.
|
| CVE-2026-9508 |
|
Vulnerability in nginx (CVE-2026-9508)
vulnerability in nginx (CVE-2026-9508). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-12714 |
|
Vulnerability in wordpress (CVE-2025-12714)
vulnerability in wordpress (CVE-2025-12714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9189 |
|
Vulnerability in wordpress (CVE-2026-9189)
vulnerability in wordpress (CVE-2026-9189). Risk of unauthorized operations or information disclosure. Exploitable via ``mc_gross``.
|
| CVE-2026-6075 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6075)
vulnerability in wordpress (CVE-2026-6075). Data can be tampered with by attackers.
|
| CVE-2026-10039 |
|
SQL Injection in wordpress (CVE-2026-10039)
SQL injection in wordpress (CVE-2026-10039). Confidential information can be exposed externally.
|
| CVE-2026-9243 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9243)
cross-site scripting in wordpress (CVE-2026-9243). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3655 |
|
Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
|
| CVE-2025-11262 |
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
| CVE-2025-14042 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14042)
cross-site scripting in wordpress (CVE-2025-14042). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8732 |
|
Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9714 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9714)
cross-site scripting in wordpress (CVE-2026-9714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6275 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6275)
cross-site scripting in wordpress (CVE-2026-6275). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11993 |
|
Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2128 |
|
Information Disclosure in wordpress (CVE-2026-2128)
vulnerability in wordpress (CVE-2026-2128). Risk of unauthorized operations or information disclosure. Exploitable via ``wordpress_logged_in_``.
|
| CVE-2026-8995 |
|
Information Disclosure in wordpress (CVE-2026-8995)
vulnerability in wordpress (CVE-2026-8995). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7430 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7430)
cross-site scripting in wordpress (CVE-2026-7430). Risk of unauthorized operations or information disclosure. Exploitable via ``WPEditor.php``.
|
| CVE-2026-6816 |
|
Vulnerability in drupal (CVE-2026-6816)
vulnerability in drupal (CVE-2026-6816). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8809 |
|
Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5343 |
|
Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
|
| CVE-2026-42999 |
|
Vulnerability in keystone (CVE-2026-42999)
vulnerability in keystone (CVE-2026-42999). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
|
| CVE-2026-40914 |
|
Authorization Flaw in org.apache.artemis:artemis-stomp-protocol (CVE-2026-40914)
vulnerability in org.apache.artemis:artemis-stomp-protocol (CVE-2026-40914). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-48977 |
|
Vulnerability in org.apache.ignite:ignite-core (CVE-2025-48977)
vulnerability in org.apache.ignite:ignite-core (CVE-2025-48977). Confidential information can be exposed externally. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-7526 |
|
Information Disclosure in wordpress (CVE-2026-7526)
vulnerability in wordpress (CVE-2026-7526). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8689 |
|
Vulnerability in c (CVE-2026-8689)
vulnerability in c (CVE-2026-8689). Risk of unauthorized operations or information disclosure.
|