Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6646 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6646)
cross-site scripting in wordpress (CVE-2026-6646). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2652 |
|
Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
|
| CVE-2026-42573 |
|
Cross-Site Scripting (XSS) in svelte (CVE-2026-42573)
cross-site scripting in svelte (CVE-2026-42573). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `5.55.7` or later.
|
| CVE-2026-42567 |
|
Vulnerability in svelte (CVE-2026-42567)
vulnerability in svelte (CVE-2026-42567). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.55.7` or later.
|
| CVE-2026-42570 |
|
Vulnerability in devalue (CVE-2026-42570)
vulnerability in devalue (CVE-2026-42570). Risk of unauthorized operations or information disclosure. Exploitable via ``devalue.parse``. Mitigation: upgrade to `5.8.1` or later.
|
| CVE-2026-42599 |
|
Cross-Site Scripting (XSS) in svelte (CVE-2026-42599)
cross-site scripting in svelte (CVE-2026-42599). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.55.7` or later.
|
| CVE-2026-45306 |
|
Vulnerability in pyload-ng (CVE-2026-45306)
vulnerability in pyload-ng (CVE-2026-45306). Confidential information can be exposed externally. Exploitable via `GET /files/get/`.
|
| CVE-2026-44589 |
|
SSRF (Server-Side Request Forgery) in nuxt-og-image (CVE-2026-44589)
SSRF in nuxt-og-image (CVE-2026-44589). Risk of unauthorized operations or information disclosure. Exploitable via ``isBlockedUrl``. Mitigation: upgrade to `6.4.9` or later.
|
| CVE-2026-44511 |
|
Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
|
| CVE-2026-44501 |
|
Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
|
| CVE-2026-44308 |
|
Vulnerability in io.awspring.cloud:spring-cloud-aws-sns (CVE-2026-44308)
vulnerability in io.awspring.cloud:spring-cloud-aws-sns (CVE-2026-44308). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46356 |
|
Vulnerability in github.com/fleetdm/fleet (CVE-2026-46356)
vulnerability in github.com/fleetdm/fleet (CVE-2026-46356). Data can be tampered with by attackers. Mitigation: upgrade to `4.80.1` or later.
|
| CVE-2026-4029 |
|
Vulnerability in wordpress (CVE-2026-4029)
vulnerability in wordpress (CVE-2026-4029). Confidential information can be exposed externally.
|
| CVE-2026-4030 |
|
Vulnerability in wordpress (CVE-2026-4030)
vulnerability in wordpress (CVE-2026-4030). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4031 |
|
Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
|
| CVE-2026-45205 |
|
Vulnerability in org.apache.commons:commons-configuration2 (CVE-2026-45205)
vulnerability in org.apache.commons:commons-configuration2 (CVE-2026-45205). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.15.0` or later.
|
| CVE-2026-6512 |
|
Vulnerability in wordpress (CVE-2026-6512)
vulnerability in wordpress (CVE-2026-6512). Confidential information can be exposed externally.
|
| CVE-2026-6504 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6504)
cross-site scripting in wordpress (CVE-2026-6504). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6206 |
|
Vulnerability in wordpress (CVE-2026-6206)
vulnerability in wordpress (CVE-2026-6206). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6514 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6514)
SSRF in wordpress (CVE-2026-6514). Confidential information can be exposed externally.
|
| CVE-2026-6145 |
|
Vulnerability in wordpress (CVE-2026-6145)
vulnerability in wordpress (CVE-2026-6145). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6174 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6174)
cross-site scripting in wordpress (CVE-2026-6174). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6510 |
|
Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6670 |
|
Path Traversal in wordpress (CVE-2026-6670)
path traversal in wordpress (CVE-2026-6670). Confidential information can be exposed externally.
|
| CVE-2026-5365 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-5365)
vulnerability in wordpress (CVE-2026-5365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5395 |
|
Vulnerability in wordpress (CVE-2026-5395)
vulnerability in wordpress (CVE-2026-5395). Confidential information can be exposed externally.
|
| CVE-2026-6225 |
|
SQL Injection in wordpress (CVE-2026-6225)
SQL injection in wordpress (CVE-2026-6225). Confidential information can be exposed externally.
|
| CVE-2026-6252 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6252)
cross-site scripting in wordpress (CVE-2026-6252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6271 |
|
Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6506 |
|
Vulnerability in wordpress (CVE-2026-6506)
vulnerability in wordpress (CVE-2026-6506). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3718 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3718)
cross-site scripting in wordpress (CVE-2026-3718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3892 |
|
Vulnerability in wordpress (CVE-2026-3892)
vulnerability in wordpress (CVE-2026-3892). Data can be tampered with by attackers.
|
| CVE-2026-5193 |
|
Privilege Escalation in wordpress (CVE-2026-5193)
vulnerability in wordpress (CVE-2026-5193). Data can be tampered with by attackers.
|
| CVE-2026-3694 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3694)
cross-site scripting in wordpress (CVE-2026-3694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8181 |
|
Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-6417 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6417)
cross-site scripting in wordpress (CVE-2026-6417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5396 |
|
Vulnerability in wordpress (CVE-2026-5396)
vulnerability in wordpress (CVE-2026-5396). Confidential information can be exposed externally. Exploitable via ``form_id``.
|
| CVE-2025-15345 |
|
Vulnerability in wordpress (CVE-2025-15345)
vulnerability in wordpress (CVE-2025-15345). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5243 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5243)
cross-site scripting in wordpress (CVE-2026-5243). Risk of unauthorized operations or information disclosure. Exploitable via ``menu_hover_click``.
|
| CVE-2026-3829 |
|
Vulnerability in wordpress (CVE-2026-3829)
vulnerability in wordpress (CVE-2026-3829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7648 |
|
Vulnerability in wordpress (CVE-2026-7648)
vulnerability in wordpress (CVE-2026-7648). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7525 |
|
Vulnerability in wordpress (CVE-2026-7525)
vulnerability in wordpress (CVE-2026-7525). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5361 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5361)
cross-site scripting in wordpress (CVE-2026-5361). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5486 |
|
SQL Injection in wordpress (CVE-2026-5486)
SQL injection in wordpress (CVE-2026-5486). Confidential information can be exposed externally.
|
| CVE-2026-44437 |
|
Path Traversal in @angular/ssr (CVE-2026-44437)
path traversal in @angular/ssr (CVE-2026-44437). Risk of unauthorized operations or information disclosure. Exploitable via ``redirectTo``. Mitigation: upgrade to `19.2.25` or later.
|
| CVE-2026-45228 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-45228)
cross-site scripting in vue (CVE-2026-45228). Risk of unauthorized operations or information disclosure. Exploitable via `POST /update`.
|
| CVE-2026-41255 |
|
Cross-Site Request Forgery (CSRF) in ckan (CVE-2026-41255)
vulnerability in ckan (CVE-2026-41255). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.11.5` or later.
|
| CVE-2026-8495 |
|
Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
|
| CVE-2026-8493 |
|
Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
cross-site scripting in drupal/colorbox_inline (CVE-2026-8493). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.1` or later.
|
| CVE-2026-8492 |
|
Vulnerability in drupal/gtranslate (CVE-2026-8492)
vulnerability in drupal/gtranslate (CVE-2026-8492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
|