Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46586 |
|
Code Injection in apache (CVE-2026-46586)
code injection in apache (CVE-2026-46586). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31378 |
|
Vulnerability in apache (CVE-2026-31378)
vulnerability in apache (CVE-2026-31378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31379 |
|
Path Traversal in apache (CVE-2026-31379)
path traversal in apache (CVE-2026-31379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31380 |
|
Vulnerability in apache (CVE-2026-31380)
vulnerability in apache (CVE-2026-31380). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31387 |
|
Authentication Bypass in apache (CVE-2026-31387)
authentication bypass in apache (CVE-2026-31387). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31388 |
|
Vulnerability in apache (CVE-2026-31388)
vulnerability in apache (CVE-2026-31388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31906 |
|
Cross-Site Scripting (XSS) in apache (CVE-2026-31906)
cross-site scripting in apache (CVE-2026-31906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31909 |
|
Information Disclosure in apache (CVE-2026-31909)
vulnerability in apache (CVE-2026-31909). Confidential information can be exposed externally.
|
| CVE-2026-29207 |
|
Vulnerability in apache (CVE-2026-29207)
vulnerability in apache (CVE-2026-29207). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29220 |
|
Path Traversal in apache (CVE-2026-29220)
path traversal in apache (CVE-2026-29220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29226 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-29226)
SSRF in apache (CVE-2026-29226). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4885 |
|
Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15609 |
|
Vulnerability in wordpress (CVE-2025-15609)
vulnerability in wordpress (CVE-2025-15609). Confidential information can be exposed externally.
|
| CVE-2026-45701 |
|
Vulnerability in sulu/sulu (CVE-2026-45701)
vulnerability in sulu/sulu (CVE-2026-45701). Risk of unauthorized operations or information disclosure. Exploitable via ``User.php``. Mitigation: upgrade to `2.6.23` or later.
|
| CVE-2026-45660 |
|
SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
|
| CVE-2026-1631 |
|
Vulnerability in wordpress (CVE-2026-1631)
vulnerability in wordpress (CVE-2026-1631). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3220 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3220)
cross-site scripting in wordpress (CVE-2026-3220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6379 |
|
SQL Injection in wordpress (CVE-2026-6379)
SQL injection in wordpress (CVE-2026-6379). Confidential information can be exposed externally.
|
| CVE-2026-6381 |
|
Path Traversal in wordpress (CVE-2026-6381)
path traversal in wordpress (CVE-2026-6381). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6495 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6495)
cross-site scripting in wordpress (CVE-2026-6495). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25335 |
|
Vulnerability in wordpress (CVE-2018-25335)
vulnerability in wordpress (CVE-2018-25335). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25326 |
|
Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
|
| CVE-2018-25329 |
|
Vulnerability in wordpress (CVE-2018-25329)
vulnerability in wordpress (CVE-2018-25329). Confidential information can be exposed externally.
|
| CVE-2018-25324 |
|
Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
|
| CVE-2018-25325 |
|
Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
|
| CVE-2026-8719 |
|
Privilege Escalation in wordpress (CVE-2026-8719)
vulnerability in wordpress (CVE-2026-8719). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8723 |
|
Vulnerability in qs (CVE-2026-8723)
vulnerability in qs (CVE-2026-8723). Risk of unauthorized operations or information disclosure. Exploitable via ``qs.stringify``. Mitigation: upgrade to `0c180a4` or later.
|
| CVE-2021-47977 |
|
Path Traversal in wordpress (CVE-2021-47977)
path traversal in wordpress (CVE-2021-47977). Confidential information can be exposed externally.
|
| CVE-2021-47979 |
|
Path Traversal in c (CVE-2021-47979)
path traversal in c (CVE-2021-47979). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47957 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47957)
cross-site scripting in wordpress (CVE-2021-47957). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37233 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2020-37233)
cross-site scripting in wordpress (CVE-2020-37233). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37235 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2020-37235)
cross-site scripting in wordpress (CVE-2020-37235). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-4202 |
|
Vulnerability in wordpress (CVE-2025-4202)
vulnerability in wordpress (CVE-2025-4202). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8681 |
|
Vulnerability in wordpress (CVE-2026-8681)
vulnerability in wordpress (CVE-2026-8681). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47965 |
|
Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47959 |
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
| CVE-2026-23695 |
|
Cross-Site Scripting (XSS) in cockpit-hq/cockpit (CVE-2026-23695)
cross-site scripting in cockpit-hq/cockpit (CVE-2026-23695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44692 |
|
Vulnerability in code16/sharp (CVE-2026-44692)
vulnerability in code16/sharp (CVE-2026-44692). Confidential information can be exposed externally. Exploitable via `GET /sharp/{globalFilter}/download/{entityKey}/{instanceId`. Mitigation: upgrade to `9.22.0` or later.
|
| CVE-2026-41258 |
|
Code Injection in org.openmrs.api:openmrs-api (CVE-2026-41258)
code injection in org.openmrs.api:openmrs-api (CVE-2026-41258). Successful exploitation can lead to full system takeover. Exploitable via ``VelocityEngine``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-35194 |
|
Code Injection in flink (CVE-2026-35194)
code injection in flink (CVE-2026-35194). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.4, 2.0.2, 2.1.1, 2.2.1` or later.
|
| CVE-2026-8503 |
|
Vulnerability in apache (CVE-2026-8503)
vulnerability in apache (CVE-2026-8503). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7046 |
|
SQL Injection in wordpress (CVE-2026-7046)
SQL injection in wordpress (CVE-2026-7046). Confidential information can be exposed externally.
|
| CVE-2026-4683 |
|
Vulnerability in wordpress (CVE-2026-4683)
vulnerability in wordpress (CVE-2026-4683). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6415 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6415)
cross-site scripting in wordpress (CVE-2026-6415). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6228 |
|
Privilege Escalation in wordpress (CVE-2026-6228)
vulnerability in wordpress (CVE-2026-6228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5229 |
|
Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7563 |
|
Vulnerability in wordpress (CVE-2026-7563)
vulnerability in wordpress (CVE-2026-7563). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6403 |
|
Path Traversal in wordpress (CVE-2026-6403)
path traversal in wordpress (CVE-2026-6403). Confidential information can be exposed externally.
|
| CVE-2026-8425 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8425)
vulnerability in wordpress (CVE-2026-8425). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4094 |
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|