Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44576 |
|
Vulnerability in next (CVE-2026-44576)
vulnerability in next (CVE-2026-44576). Risk of unauthorized operations or information disclosure. Exploitable via ``RSC``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44575 |
|
Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44574 |
|
Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44573 |
|
Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-43826 |
|
Vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826)
vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-41018 |
|
Vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018)
vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `6.5.3` or later.
|
| CVE-2026-23918 |
|
Vulnerability in jvn (CVE-2026-23918)
vulnerability in jvn (CVE-2026-23918). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6433 |
|
Vulnerability in wordpress (CVE-2026-6433)
vulnerability in wordpress (CVE-2026-6433). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50970 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50970)
cross-site scripting in wordpress (CVE-2022-50970). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50955 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2022-50955)
vulnerability in wordpress (CVE-2022-50955). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50956 |
|
Path Traversal in wordpress (CVE-2022-50956)
path traversal in wordpress (CVE-2022-50956). Confidential information can be exposed externally.
|
| CVE-2022-50958 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50958)
cross-site scripting in wordpress (CVE-2022-50958). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50959 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50959)
cross-site scripting in wordpress (CVE-2022-50959). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50960 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50960)
cross-site scripting in wordpress (CVE-2022-50960). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50961 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50961)
cross-site scripting in wordpress (CVE-2022-50961). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50957 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2022-50957)
cross-site scripting in drupal (CVE-2022-50957). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50945 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50945)
cross-site scripting in wordpress (CVE-2022-50945). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50946 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50946)
cross-site scripting in wordpress (CVE-2022-50946). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50947 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50947)
cross-site scripting in wordpress (CVE-2022-50947). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50949 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50949)
cross-site scripting in wordpress (CVE-2022-50949). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50954 |
|
Vulnerability in wordpress (CVE-2022-50954)
vulnerability in wordpress (CVE-2022-50954). Confidential information can be exposed externally.
|
| CVE-2021-47948 |
|
Vulnerability in wordpress (CVE-2021-47948)
vulnerability in wordpress (CVE-2021-47948). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47951 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47951)
cross-site scripting in wordpress (CVE-2021-47951). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47940 |
|
Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47941 |
|
SQL Injection in wordpress (CVE-2021-47941)
SQL injection in wordpress (CVE-2021-47941). Confidential information can be exposed externally.
|
| CVE-2021-47932 |
|
Vulnerability in wordpress (CVE-2021-47932)
vulnerability in wordpress (CVE-2021-47932). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47933 |
|
Vulnerability in wordpress (CVE-2021-47933)
vulnerability in wordpress (CVE-2021-47933). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47927 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47927)
cross-site scripting in wordpress (CVE-2021-47927). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6722 |
|
Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-41893 |
|
Vulnerability in signalk-server (CVE-2026-41893)
vulnerability in signalk-server (CVE-2026-41893). Data can be tampered with by attackers. Exploitable via `POST /login`. Mitigation: upgrade to `2.25.0` or later.
|
| CVE-2026-8198 |
|
Information Disclosure in wordpress (CVE-2026-8198)
vulnerability in wordpress (CVE-2026-8198). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
|
| CVE-2026-7652 |
|
Vulnerability in wordpress (CVE-2026-7652)
vulnerability in wordpress (CVE-2026-7652). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44966 |
|
Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-44837 |
|
Vulnerability in view_component (CVE-2026-44837)
vulnerability in view_component (CVE-2026-44837). Confidential information can be exposed externally. Exploitable via `GET /_system_test_entrypoint`. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-44836 |
|
Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-44987 |
|
Privilege Escalation in django (CVE-2026-44987)
vulnerability in django (CVE-2026-44987). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42205 |
|
Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
|
| CVE-2026-42192 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-42192)
cross-site scripting in react (CVE-2026-42192). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44200 |
|
Vulnerability in wagtail (CVE-2026-44200)
vulnerability in wagtail (CVE-2026-44200). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44201 |
|
Vulnerability in wagtail (CVE-2026-44201)
vulnerability in wagtail (CVE-2026-44201). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44199 |
|
Vulnerability in wagtail (CVE-2026-44199)
vulnerability in wagtail (CVE-2026-44199). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44198 |
|
Vulnerability in wagtail (CVE-2026-44198)
vulnerability in wagtail (CVE-2026-44198). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44197 |
|
Vulnerability in wagtail (CVE-2026-44197)
vulnerability in wagtail (CVE-2026-44197). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-42190 |
|
Cross-Site Request Forgery (CSRF) in rwsdk (CVE-2026-42190)
vulnerability in rwsdk (CVE-2026-42190). Data can be tampered with by attackers. Exploitable via ``rwsdk``. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-42353 |
|
Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41683 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41690 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-40295 |
|
Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
|
| CVE-2026-41524 |
|
Cross-Site Scripting (XSS) in laravel (CVE-2026-41524)
cross-site scripting in laravel (CVE-2026-41524). Confidential information can be exposed externally.
|