Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11360 |
|
SQL Injection in wordpress (CVE-2026-11360)
SQL injection in wordpress (CVE-2026-11360). Confidential information can be exposed externally.
|
| CVE-2026-11402 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11358 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11777 |
|
SQL Injection in wordpress (CVE-2026-11777)
SQL injection in wordpress (CVE-2026-11777). Confidential information can be exposed externally.
|
| CVE-2026-12120 |
|
Information Disclosure in wordpress (CVE-2026-12120)
vulnerability in wordpress (CVE-2026-12120). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9199 |
|
Vulnerability in wordpress (CVE-2026-9199)
vulnerability in wordpress (CVE-2026-9199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11784 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-11784)
vulnerability in wordpress (CVE-2026-11784). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12093 |
|
Vulnerability in wordpress (CVE-2026-12093)
vulnerability in wordpress (CVE-2026-12093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11776 |
|
SQL Injection in wordpress (CVE-2026-11776)
SQL injection in wordpress (CVE-2026-11776). Confidential information can be exposed externally.
|
| CVE-2026-11357 |
|
Information Disclosure in wordpress (CVE-2026-11357)
vulnerability in wordpress (CVE-2026-11357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12407 |
|
Vulnerability in wordpress (CVE-2026-12407)
vulnerability in wordpress (CVE-2026-12407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10029 |
|
Vulnerability in wordpress (CVE-2026-10029)
vulnerability in wordpress (CVE-2026-10029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10023 |
|
Vulnerability in wordpress (CVE-2026-10023)
vulnerability in wordpress (CVE-2026-10023). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10736 |
|
SQL Injection in wordpress (CVE-2026-10736)
SQL injection in wordpress (CVE-2026-10736). Confidential information can be exposed externally.
|
| CVE-2026-10623 |
|
Vulnerability in wordpress (CVE-2026-10623)
vulnerability in wordpress (CVE-2026-10623). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12505 |
|
Vulnerability in CVE-2026-12505 (CVE-2026-12505)
vulnerability in CVE-2026-12505 (CVE-2026-12505). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12569 KEV |
|
[KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-53676 |
|
Vulnerability in CVE-2026-53676 (CVE-2026-53676)
vulnerability in CVE-2026-53676 (CVE-2026-53676). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48768 |
|
Path Traversal in CVE-2026-48768 (CVE-2026-48768)
path traversal in CVE-2026-48768 (CVE-2026-48768). Data can be tampered with by attackers. Exploitable via `POST /api/blocks/file-input/v3/generate-upload-url`.
|
| CVE-2026-48764 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48764)
SSRF in ssrf (CVE-2026-48764). Confidential information can be exposed externally.
|
| CVE-2026-50268 |
|
Vulnerability in Steeltoe.Configuration.Encryption (CVE-2026-50268)
vulnerability in Steeltoe.Configuration.Encryption (CVE-2026-50268). Risk of unauthorized operations or information disclosure. Exploitable via ``OAEP``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50267 |
|
Vulnerability in Steeltoe.Configuration.Abstractions (CVE-2026-50267)
vulnerability in Steeltoe.Configuration.Abstractions (CVE-2026-50267). Confidential information can be exposed externally. Exploitable via ``VCAP_SERVICES``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50202 |
|
Vulnerability in Steeltoe.Security.Authentication.JwtBearer (CVE-2026-50202)
vulnerability in Steeltoe.Security.Authentication.JwtBearer (CVE-2026-50202). Confidential information can be exposed externally. Exploitable via ``TokenKeyResolver``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50201 |
|
Privilege Escalation in Steeltoe.Management.Endpoint (CVE-2026-50201)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50201). Confidential information can be exposed externally. Exploitable via ``EndpointPermissions.Restricted``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-48759 |
|
Vulnerability in CVE-2026-48759 (CVE-2026-48759)
vulnerability in CVE-2026-48759 (CVE-2026-48759). Data can be tampered with by attackers.
|
| CVE-2026-8050 |
|
Vulnerability in CVE-2026-8050 (CVE-2026-8050)
vulnerability in CVE-2026-8050 (CVE-2026-8050). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8049 |
|
Vulnerability in CVE-2026-8049 (CVE-2026-8049)
vulnerability in CVE-2026-8049 (CVE-2026-8049). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54386 |
|
Cross-Site Scripting (XSS) in marimo (CVE-2026-54386)
cross-site scripting in marimo (CVE-2026-54386). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.9` or later.
|
| CVE-2026-50200 |
|
Information Disclosure in Steeltoe.Management.Endpoint (CVE-2026-50200)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50200). Confidential information can be exposed externally. Exploitable via ``Sanitizer``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50196 |
|
Vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196)
vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196). Risk of unauthorized operations or information disclosure. Exploitable via ``DataCenterInfo.FromJson``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-50194 |
|
Vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-48997 |
|
OS Command Injection in c (CVE-2026-48997)
OS command injection in c (CVE-2026-48997). Data can be tampered with by attackers.
|
| CVE-2026-48991 |
|
Authentication Bypass in CVE-2026-48991 (CVE-2026-48991)
authentication bypass in CVE-2026-48991 (CVE-2026-48991). Confidential information can be exposed externally.
|
| CVE-2026-48990 |
|
Vulnerability in joserfc (CVE-2026-48990)
vulnerability in joserfc (CVE-2026-48990). Risk of unauthorized operations or information disclosure. Exploitable via ``joserfc``. Mitigation: upgrade to `1.6.7` or later.
|
| CVE-2026-48820 |
|
Path Traversal in cakephp/cakephp (CVE-2026-48820)
path traversal in cakephp/cakephp (CVE-2026-48820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.5.11` or later.
|
| CVE-2026-54387 |
|
Vulnerability in CVE-2026-54387 (CVE-2026-54387)
vulnerability in CVE-2026-54387 (CVE-2026-54387). Confidential information can be exposed externally.
|
| CVE-2026-49133 |
|
Path Traversal in path-traversal (CVE-2026-49133)
path traversal in path-traversal (CVE-2026-49133). Confidential information can be exposed externally.
|
| CVE-2026-55201 |
|
Path Traversal in path-traversal (CVE-2026-55201)
path traversal in path-traversal (CVE-2026-55201). Confidential information can be exposed externally.
|
| CVE-2026-55200 |
|
Vulnerability in libssh2 (CVE-2026-55200)
vulnerability in libssh2 (CVE-2026-55200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54388 |
|
Vulnerability in CVE-2026-54388 (CVE-2026-54388)
vulnerability in CVE-2026-54388 (CVE-2026-54388). Confidential information can be exposed externally.
|
| CVE-2026-55199 |
|
Vulnerability in c (CVE-2026-55199)
vulnerability in c (CVE-2026-55199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55202 |
|
Vulnerability in CVE-2026-55202 (CVE-2026-55202)
vulnerability in CVE-2026-55202 (CVE-2026-55202). Confidential information can be exposed externally. Exploitable via `Host header`.
|
| CVE-2026-50107 |
|
Vulnerability in nginx (CVE-2026-50107)
vulnerability in nginx (CVE-2026-50107). Confidential information can be exposed externally.
|
| CVE-2026-12529 |
|
Vulnerability in CVE-2026-12529 (CVE-2026-12529)
vulnerability in CVE-2026-12529 (CVE-2026-12529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53871 |
|
Vulnerability in CVE-2026-53871 (CVE-2026-53871)
vulnerability in CVE-2026-53871 (CVE-2026-53871). Confidential information can be exposed externally.
|
| CVE-2026-32682 |
|
Vulnerability in nginx (CVE-2026-32682)
vulnerability in nginx (CVE-2026-32682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55197 |
|
Vulnerability in CVE-2026-55197 (CVE-2026-55197)
vulnerability in CVE-2026-55197 (CVE-2026-55197). Confidential information can be exposed externally. Exploitable via `GET /api/session`.
|
| CVE-2026-10696 |
|
Vulnerability in devolutions (CVE-2026-10696)
vulnerability in devolutions (CVE-2026-10696). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55198 |
|
Vulnerability in CVE-2026-55198 (CVE-2026-55198)
vulnerability in CVE-2026-55198 (CVE-2026-55198). Confidential information can be exposed externally.
|