Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8491 |
|
Vulnerability in drupal/node_view_permissions (CVE-2026-8491)
vulnerability in drupal/node_view_permissions (CVE-2026-8491). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 2.0.1` or later.
|
| CVE-2026-42945 |
|
Vulnerability in nginx (CVE-2026-42945)
vulnerability in nginx (CVE-2026-42945). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42946 |
|
Vulnerability in nginx (CVE-2026-42946)
vulnerability in nginx (CVE-2026-42946). Confidential information can be exposed externally. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42926 |
|
Vulnerability in nginx (CVE-2026-42926)
vulnerability in nginx (CVE-2026-42926). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42934 |
|
Out-of-Bounds Read in nginx (CVE-2026-42934)
vulnerability in nginx (CVE-2026-42934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-40701 |
|
Use-After-Free in nginx (CVE-2026-40701)
vulnerability in nginx (CVE-2026-40701). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-40460 |
|
Vulnerability in nginx (CVE-2026-40460)
vulnerability in nginx (CVE-2026-40460). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2020-37169 |
|
Vulnerability in wordpress (CVE-2020-37169)
vulnerability in wordpress (CVE-2020-37169). Confidential information can be exposed externally.
|
| CVE-2026-4607 |
|
Vulnerability in wordpress (CVE-2026-4607)
vulnerability in wordpress (CVE-2026-4607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4608 |
|
SQL Injection in wordpress (CVE-2026-4608)
SQL injection in wordpress (CVE-2026-4608). Confidential information can be exposed externally.
|
| CVE-2026-4609 |
|
Vulnerability in wordpress (CVE-2026-4609)
vulnerability in wordpress (CVE-2026-4609). Data can be tampered with by attackers.
|
| CVE-2026-39806 |
|
Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-6177 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3425 |
|
Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3426 |
|
Vulnerability in wordpress (CVE-2026-3426)
vulnerability in wordpress (CVE-2026-3426). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4782 |
|
Vulnerability in wordpress (CVE-2026-4782)
vulnerability in wordpress (CVE-2026-4782). Confidential information can be exposed externally.
|
| CVE-2026-4798 |
|
SQL Injection in wordpress (CVE-2026-4798)
SQL injection in wordpress (CVE-2026-4798). Confidential information can be exposed externally.
|
| CVE-2026-2515 |
|
Vulnerability in wordpress (CVE-2026-2515)
vulnerability in wordpress (CVE-2026-2515). Data can be tampered with by attackers.
|
| CVE-2026-3004 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3004)
cross-site scripting in wordpress (CVE-2026-3004). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14767 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14767)
cross-site scripting in wordpress (CVE-2025-14767). Risk of unauthorized operations or information disclosure. Exploitable via ``wpcbm_best_seller``.
|
| CVE-2026-6965 |
|
Vulnerability in wordpress (CVE-2026-6965)
vulnerability in wordpress (CVE-2026-6965). Risk of unauthorized operations or information disclosure. Exploitable via ``course``.
|
| CVE-2026-6929 |
|
SQL Injection in wordpress (CVE-2026-6929)
SQL injection in wordpress (CVE-2026-6929). Confidential information can be exposed externally.
|
| CVE-2025-14033 |
|
Vulnerability in wordpress (CVE-2025-14033)
vulnerability in wordpress (CVE-2025-14033). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6828 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6828)
cross-site scripting in wordpress (CVE-2026-6828). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6962 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6962)
cross-site scripting in wordpress (CVE-2026-6962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7051 |
|
Vulnerability in wordpress (CVE-2026-7051)
vulnerability in wordpress (CVE-2026-7051). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7619 |
|
SQL Injection in wordpress (CVE-2026-7619)
SQL injection in wordpress (CVE-2026-7619). Confidential information can be exposed externally.
|
| CVE-2026-7635 |
|
Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
|
| CVE-2025-9987 |
|
Information Disclosure in wordpress (CVE-2025-9987)
vulnerability in wordpress (CVE-2025-9987). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9988 |
|
Vulnerability in wordpress (CVE-2025-9988)
vulnerability in wordpress (CVE-2025-9988). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9989 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-9989)
cross-site scripting in wordpress (CVE-2025-9989). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14755 |
|
Vulnerability in wordpress (CVE-2025-14755)
vulnerability in wordpress (CVE-2025-14755). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5371 |
|
Vulnerability in wordpress (CVE-2026-5371)
vulnerability in wordpress (CVE-2026-5371). Confidential information can be exposed externally.
|
| CVE-2026-44245 |
|
Cross-Site Scripting (XSS) in github.com/kyverno/policy-reporter-ui (CVE-2026-44245)
cross-site scripting in github.com/kyverno/policy-reporter-ui (CVE-2026-44245). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.2` or later.
|
| CVE-2026-1250 |
|
SQL Injection in wordpress (CVE-2026-1250)
SQL injection in wordpress (CVE-2026-1250). Confidential information can be exposed externally.
|
| CVE-2025-15463 |
|
Code Injection in wordpress (CVE-2025-15463)
code injection in wordpress (CVE-2025-15463). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44306 |
|
Vulnerability in statamic/cms (CVE-2026-44306)
vulnerability in statamic/cms (CVE-2026-44306). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.21` or later.
|
| CVE-2026-44262 |
|
Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
|
| CVE-2026-42196 |
|
Path Traversal in django-s3file (CVE-2026-42196)
path traversal in django-s3file (CVE-2026-42196). Risk of unauthorized operations or information disclosure. Exploitable via ``S3FileMiddleware``. Mitigation: upgrade to `7.0.2` or later.
|
| CVE-2026-42268 |
|
Vulnerability in modsecurity (CVE-2026-42268)
vulnerability in modsecurity (CVE-2026-42268). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.15` or later.
|
| CVE-2026-8430 |
|
Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43513 |
|
Vulnerability in tomcat (CVE-2026-43513)
vulnerability in tomcat (CVE-2026-43513). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43514 |
|
Vulnerability in tomcat (CVE-2026-43514)
vulnerability in tomcat (CVE-2026-43514). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43515 |
|
Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41293 |
|
Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-42498 |
|
Information Disclosure in tomcat (CVE-2026-42498)
vulnerability in tomcat (CVE-2026-42498). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43512 |
|
Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41284 |
|
Vulnerability in tomcat (CVE-2026-41284)
vulnerability in tomcat (CVE-2026-41284). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-45091 |
|
Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
|
| CVE-2026-45218 |
|
SQL Injection in wordpress (CVE-2026-45218)
SQL injection in wordpress (CVE-2026-45218). Confidential information can be exposed externally.
|