Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6895 |
|
Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6897 |
|
Privilege Escalation in wordpress (CVE-2026-6897)
vulnerability in wordpress (CVE-2026-6897). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9256 |
|
Vulnerability in nginx (CVE-2026-9256)
vulnerability in nginx (CVE-2026-9256). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.0, 1.30.2, 1.31.1` or later.
|
| CVE-2026-44930 |
|
Vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930)
vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-44417 |
|
Vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417)
vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-9104 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9104)
cross-site scripting in wordpress (CVE-2026-9104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4070 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-4070)
vulnerability in wordpress (CVE-2026-4070). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6864 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6864)
cross-site scripting in wordpress (CVE-2026-6864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7249 |
|
Vulnerability in wordpress (CVE-2026-7249)
vulnerability in wordpress (CVE-2026-7249). Risk of unauthorized operations or information disclosure. Exploitable via ``init``.
|
| CVE-2026-7509 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7509)
cross-site scripting in wordpress (CVE-2026-7509). Risk of unauthorized operations or information disclosure. Exploitable via ``before``.
|
| CVE-2026-3481 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2518 |
|
Vulnerability in wordpress (CVE-2026-2518)
vulnerability in wordpress (CVE-2026-2518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4834 |
|
SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
|
| CVE-2026-8415 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-6960 |
|
Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4093 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4929 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7881 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7881)
vulnerability in concrete5/concrete5 (CVE-2026-7881). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-4843 |
|
Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48207 |
|
Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
|
| CVE-2026-5118 |
|
Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45760 |
|
Vulnerability in github.com/apache/camel-k/v2 (CVE-2026-45760)
vulnerability in github.com/apache/camel-k/v2 (CVE-2026-45760). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.10.1` or later.
|
| CVE-2026-6279 |
|
Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
|
| CVE-2026-1543 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-1543)
cross-site scripting in wordpress (CVE-2026-1543). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4811 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4811)
cross-site scripting in wordpress (CVE-2026-4811). Confidential information can be exposed externally.
|
| CVE-2026-1881 |
|
Vulnerability in wordpress (CVE-2026-1881)
vulnerability in wordpress (CVE-2026-1881). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40102 |
|
Vulnerability in django (CVE-2026-40102)
vulnerability in django (CVE-2026-40102). Confidential information can be exposed externally. Exploitable via `GET /api/workspaces/`.
|
| CVE-2026-9082 KEV |
|
[KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
|
| CVE-2026-30691 |
|
Cross-Site Scripting (XSS) in @cyntler/react-doc-viewer (CVE-2026-30691)
cross-site scripting in @cyntler/react-doc-viewer (CVE-2026-30691). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7613)
cross-site scripting in wordpress (CVE-2026-7613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24425 |
|
Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-6728 |
|
Information Disclosure in wordpress (CVE-2026-6728)
vulnerability in wordpress (CVE-2026-6728). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9065 |
|
SQL Injection in wordpress (CVE-2026-9065)
SQL injection in wordpress (CVE-2026-9065). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6405 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5200 |
|
Vulnerability in wordpress (CVE-2026-5200)
vulnerability in wordpress (CVE-2026-5200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6566 |
|
Vulnerability in wordpress (CVE-2026-6566)
vulnerability in wordpress (CVE-2026-6566). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /imagely/v1/images/{id}`.
|
| CVE-2026-7385 |
|
Vulnerability in wordpress (CVE-2026-7385)
vulnerability in wordpress (CVE-2026-7385). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5776 |
|
Vulnerability in wordpress (CVE-2026-5776)
vulnerability in wordpress (CVE-2026-5776). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2955 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2955)
cross-site scripting in wordpress (CVE-2026-2955). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5075 |
|
Information Disclosure in wordpress (CVE-2026-5075)
vulnerability in wordpress (CVE-2026-5075). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7522 |
|
Vulnerability in wordpress (CVE-2026-7522)
vulnerability in wordpress (CVE-2026-7522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9010 |
|
SQL Injection in wordpress (CVE-2026-9010)
SQL injection in wordpress (CVE-2026-9010). Confidential information can be exposed externally.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15369 |
|
Vulnerability in wordpress (CVE-2025-15369)
vulnerability in wordpress (CVE-2025-15369). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8685 |
|
SQL Injection in wordpress (CVE-2026-8685)
SQL injection in wordpress (CVE-2026-8685). Confidential information can be exposed externally.
|
| CVE-2026-8420 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8420)
vulnerability in wordpress (CVE-2026-8420). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8423 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8423)
vulnerability in wordpress (CVE-2026-8423). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8424 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8424)
vulnerability in wordpress (CVE-2026-8424). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8610 |
|
Vulnerability in wordpress (CVE-2026-8610)
vulnerability in wordpress (CVE-2026-8610). Risk of unauthorized operations or information disclosure.
|