Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13528 |
|
Path Traversal in vue (CVE-2026-13528)
path traversal in vue (CVE-2026-13528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8095 |
|
Vulnerability in wordpress (CVE-2026-8095)
vulnerability in wordpress (CVE-2026-8095). Data can be tampered with by attackers.
|
| CVE-2026-10820 |
|
Vulnerability in wordpress (CVE-2026-10820)
vulnerability in wordpress (CVE-2026-10820). Data can be tampered with by attackers.
|
| CVE-2026-52783 |
|
Vulnerability in rails (CVE-2026-52783)
vulnerability in rails (CVE-2026-52783). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-56011 |
|
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.
|
| CVE-2025-68063 |
|
Vulnerability in wordpress (CVE-2025-68063)
vulnerability in wordpress (CVE-2025-68063). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57915 |
|
Vulnerability in apache (CVE-2026-57915)
vulnerability in apache (CVE-2026-57915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10823 |
|
Vulnerability in wordpress (CVE-2026-10823)
vulnerability in wordpress (CVE-2026-10823). Confidential information can be exposed externally.
|
| CVE-2026-10835 |
|
Vulnerability in wordpress (CVE-2026-10835)
vulnerability in wordpress (CVE-2026-10835). Confidential information can be exposed externally.
|
| CVE-2026-49486 |
|
Vulnerability in apache (CVE-2026-49486)
vulnerability in apache (CVE-2026-49486). Confidential information can be exposed externally. Exploitable via ``ftplib.FTP_TLS``.
|
| CVE-2026-9702 |
|
Vulnerability in wordpress (CVE-2026-9702)
vulnerability in wordpress (CVE-2026-9702). Data can be tampered with by attackers.
|
| CVE-2026-5305 |
|
Vulnerability in wordpress (CVE-2026-5305)
vulnerability in wordpress (CVE-2026-5305). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12937 |
|
SQL Injection in wordpress (CVE-2026-12937)
SQL injection in wordpress (CVE-2026-12937). Confidential information can be exposed externally.
|
| CVE-2026-12077 |
|
SQL Injection in wordpress (CVE-2026-12077)
SQL injection in wordpress (CVE-2026-12077). Confidential information can be exposed externally.
|
| CVE-2026-12242 |
|
Code Injection in wordpress (CVE-2026-12242)
code injection in wordpress (CVE-2026-12242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7761 |
|
Vulnerability in wordpress (CVE-2026-7761)
vulnerability in wordpress (CVE-2026-7761). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9710 |
|
Vulnerability in wordpress (CVE-2026-9710)
vulnerability in wordpress (CVE-2026-9710). Confidential information can be exposed externally. Exploitable via ``cornerstone``.
|
| CVE-2026-9709 |
|
Vulnerability in wordpress (CVE-2026-9709)
vulnerability in wordpress (CVE-2026-9709). Confidential information can be exposed externally. Exploitable via ``cornerstone``.
|
| CVE-2026-9643 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9643)
cross-site scripting in wordpress (CVE-2026-9643). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_wpms_links.link_url``.
|
| CVE-2026-9179 |
|
SQL Injection in wordpress (CVE-2026-9179)
SQL injection in wordpress (CVE-2026-9179). Confidential information can be exposed externally.
|
| CVE-2026-9178 |
|
Vulnerability in wordpress (CVE-2026-9178)
vulnerability in wordpress (CVE-2026-9178). Confidential information can be exposed externally.
|
| CVE-2026-8705 |
|
SQL Injection in wordpress (CVE-2026-8705)
SQL injection in wordpress (CVE-2026-8705). Confidential information can be exposed externally. Exploitable via ``clearsale_total_push``.
|
| CVE-2026-4297 |
|
Vulnerability in wordpress (CVE-2026-4297)
vulnerability in wordpress (CVE-2026-4297). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12100 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-12100)
SSRF in wordpress (CVE-2026-12100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12095 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-12095)
SSRF in wordpress (CVE-2026-12095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10092 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10092)
cross-site scripting in wordpress (CVE-2026-10092). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10749 |
|
Vulnerability in wordpress (CVE-2026-10749)
vulnerability in wordpress (CVE-2026-10749). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10735 |
|
Vulnerability in wordpress (CVE-2026-10735)
vulnerability in wordpress (CVE-2026-10735). Confidential information can be exposed externally.
|
| CVE-2026-10091 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10091)
cross-site scripting in wordpress (CVE-2026-10091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3652 |
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
| CVE-2026-8379 |
|
Vulnerability in wordpress (CVE-2026-8379)
vulnerability in wordpress (CVE-2026-8379). Confidential information can be exposed externally.
|
| CVE-2026-8172 |
|
Vulnerability in wordpress (CVE-2026-8172)
vulnerability in wordpress (CVE-2026-8172). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8163 |
|
Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48505 |
|
Vulnerability in filament/filament (CVE-2026-48505)
vulnerability in filament/filament (CVE-2026-48505). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.5` or later.
|
| CVE-2026-50178 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-50178)
cross-site scripting in angular (CVE-2026-50178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
|
| CVE-2026-49241 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
cross-site scripting in angular (CVE-2026-49241). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
|
| CVE-2026-44913 |
|
Vulnerability in apache (CVE-2026-44913)
vulnerability in apache (CVE-2026-44913). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6858 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
cross-site scripting in wordpress (CVE-2026-6858). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4259 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
cross-site scripting in wordpress (CVE-2026-4259). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8157 |
|
Privilege Escalation in wordpress (CVE-2026-8157)
vulnerability in wordpress (CVE-2026-8157). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44914 |
|
Vulnerability in apache (CVE-2026-44914)
vulnerability in apache (CVE-2026-44914). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66336 |
|
SQL Injection in apache (CVE-2025-66336)
SQL injection in apache (CVE-2025-66336). Confidential information can be exposed externally.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2026-11912 |
|
Vulnerability in wordpress (CVE-2026-11912)
vulnerability in wordpress (CVE-2026-11912). Data can be tampered with by attackers.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-54762 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762). Confidential information can be exposed externally. Exploitable via ``digest``. Mitigation: upgrade to `3.7.5` or later.
|
| CVE-2026-49287 |
|
Vulnerability in statamic/cms (CVE-2026-49287)
vulnerability in statamic/cms (CVE-2026-49287). Data can be tampered with by attackers. Mitigation: upgrade to `5.73.23` or later.
|
| CVE-2026-49260 |
|
OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
|
| CVE-2026-49872 |
|
Authentication Bypass in apache (CVE-2026-49872)
authentication bypass in apache (CVE-2026-49872). Confidential information can be exposed externally.
|