Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8624 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8624)
cross-site scripting in wordpress (CVE-2026-8624). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8626 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8626)
cross-site scripting in wordpress (CVE-2026-8626). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8627 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8627)
cross-site scripting in wordpress (CVE-2026-8627). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7284 |
|
Privilege Escalation in wordpress (CVE-2026-7284)
vulnerability in wordpress (CVE-2026-7284). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7462 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7462)
cross-site scripting in wordpress (CVE-2026-7462). Risk of unauthorized operations or information disclosure. Exploitable via ``page``.
|
| CVE-2026-7467 |
|
Privilege Escalation in wordpress (CVE-2026-7467)
vulnerability in wordpress (CVE-2026-7467). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7472 |
|
SQL Injection in wordpress (CVE-2026-7472)
SQL injection in wordpress (CVE-2026-7472). Confidential information can be exposed externally.
|
| CVE-2026-8038 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8038)
cross-site scripting in wordpress (CVE-2026-8038). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8418 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8418)
vulnerability in wordpress (CVE-2026-8418). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8419 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8419)
vulnerability in wordpress (CVE-2026-8419). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6400 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6400)
vulnerability in wordpress (CVE-2026-6400). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6401 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6401)
vulnerability in wordpress (CVE-2026-6401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6404 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6404)
cross-site scripting in wordpress (CVE-2026-6404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6452 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6452)
vulnerability in wordpress (CVE-2026-6452). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6456 |
|
Authentication Bypass in wordpress (CVE-2026-6456)
authentication bypass in wordpress (CVE-2026-6456). Successful exploitation can lead to full system takeover. Exploitable via ``rememberLogin``.
|
| CVE-2026-6549 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6549)
cross-site scripting in wordpress (CVE-2026-6549). Risk of unauthorized operations or information disclosure. Exploitable via ``vc_enamad_namad``.
|
| CVE-2026-6555 |
|
Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5293 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5293)
cross-site scripting in wordpress (CVE-2026-5293). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6072 |
|
Vulnerability in wordpress (CVE-2026-6072)
vulnerability in wordpress (CVE-2026-6072). Confidential information can be exposed externally.
|
| CVE-2026-6391 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6391)
vulnerability in wordpress (CVE-2026-6391). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6394 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6394)
SSRF in wordpress (CVE-2026-6394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6395 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6395)
vulnerability in wordpress (CVE-2026-6395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6397 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6397)
cross-site scripting in wordpress (CVE-2026-6397). Risk of unauthorized operations or information disclosure. Exploitable via ``readmoretext``.
|
| CVE-2026-6399 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6399)
cross-site scripting in wordpress (CVE-2026-6399). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3985 |
|
SQL Injection in wordpress (CVE-2026-3985)
SQL injection in wordpress (CVE-2026-3985). Confidential information can be exposed externally.
|
| CVE-2026-6365 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6366 |
|
Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6367 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
|
| CVE-2026-6871 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6095 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46417 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
|
| CVE-2026-42526 |
|
Authorization Flaw in apache-airflow-providers-amazon (CVE-2026-42526)
vulnerability in apache-airflow-providers-amazon (CVE-2026-42526). Confidential information can be exposed externally. Exploitable via ``conn_id``. Mitigation: upgrade to `9.28.0` or later.
|
| CVE-2026-27173 |
|
Vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173)
vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173). Confidential information can be exposed externally. Mitigation: upgrade to `10.17.0` or later.
|
| CVE-2026-46342 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-46342)
cross-site scripting in nuxt (CVE-2026-46342). Risk of unauthorized operations or information disclosure. Exploitable via ``props``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-8073 |
|
Vulnerability in wordpress (CVE-2026-8073)
vulnerability in wordpress (CVE-2026-8073). Confidential information can be exposed externally.
|
| CVE-2026-8096 |
|
Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
|
| CVE-2026-37281 |
|
OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45670 |
|
Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45669 |
|
Vulnerability in nuxt (CVE-2026-45669)
vulnerability in nuxt (CVE-2026-45669). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-8711 |
|
Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47323 |
|
Vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323)
vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.18.2` or later.
|
| CVE-2025-40900 |
|
Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8912 |
|
SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
|
| CVE-2026-4883 |
|
Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31910 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
SSRF in apache (CVE-2026-31910). Confidential information can be exposed externally.
|
| CVE-2026-31986 |
|
Vulnerability in apache (CVE-2026-31986)
vulnerability in apache (CVE-2026-31986). Confidential information can be exposed externally.
|
| CVE-2026-35086 |
|
Code Injection in apache (CVE-2026-35086)
code injection in apache (CVE-2026-35086). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41919 |
|
Vulnerability in apache (CVE-2026-41919)
vulnerability in apache (CVE-2026-41919). Confidential information can be exposed externally.
|
| CVE-2026-45187 |
|
Vulnerability in apache (CVE-2026-45187)
vulnerability in apache (CVE-2026-45187). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45434 |
|
Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.
|