Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-4259 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
cross-site scripting in wordpress (CVE-2026-4259). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6858 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
cross-site scripting in wordpress (CVE-2026-6858). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12806 |
|
Buffer Overflow in CVE-2026-12806 (CVE-2026-12806)
vulnerability in CVE-2026-12806 (CVE-2026-12806). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56396 |
|
Vulnerability in CVE-2026-56396 (CVE-2026-56396)
vulnerability in CVE-2026-56396 (CVE-2026-56396). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56382 |
|
Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56253 |
|
Vulnerability in CVE-2026-56253 (CVE-2026-56253)
vulnerability in CVE-2026-56253 (CVE-2026-56253). Confidential information can be exposed externally.
|
| CVE-2026-56242 |
|
Information Disclosure in CVE-2026-56242 (CVE-2026-56242)
vulnerability in CVE-2026-56242 (CVE-2026-56242). Confidential information can be exposed externally.
|
| CVE-2026-56239 |
|
Privilege Escalation in privilege-escalation (CVE-2026-56239)
vulnerability in privilege-escalation (CVE-2026-56239). Data can be tampered with by attackers.
|
| CVE-2025-71378 |
|
Unsafe Deserialization in mmaitre314 (CVE-2025-71378)
vulnerability in mmaitre314 (CVE-2025-71378). Confidential information can be exposed externally.
|
| CVE-2025-71357 |
|
Unsafe Deserialization in mmaitre314 (CVE-2025-71357)
vulnerability in mmaitre314 (CVE-2025-71357). Confidential information can be exposed externally.
|
| CVE-2025-71348 |
|
Unsafe Deserialization in mmaitre314 (CVE-2025-71348)
vulnerability in mmaitre314 (CVE-2025-71348). Confidential information can be exposed externally.
|
| CVE-2026-12795 |
|
Authentication Bypass in litellm (CVE-2026-12795)
authentication bypass in litellm (CVE-2026-12795). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12786 |
|
Vulnerability in CVE-2026-12786 (CVE-2026-12786)
vulnerability in CVE-2026-12786 (CVE-2026-12786). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52911 |
|
Vulnerability in linux (CVE-2026-52911)
vulnerability in linux (CVE-2026-52911). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12784 |
|
Vulnerability in CVE-2026-12784 (CVE-2026-12784)
vulnerability in CVE-2026-12784 (CVE-2026-12784). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12782 |
|
Vulnerability in CVE-2026-12782 (CVE-2026-12782)
vulnerability in CVE-2026-12782 (CVE-2026-12782). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12781 |
|
Vulnerability in CVE-2026-12781 (CVE-2026-12781)
vulnerability in CVE-2026-12781 (CVE-2026-12781). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12779 |
|
Vulnerability in CVE-2026-12779 (CVE-2026-12779)
vulnerability in CVE-2026-12779 (CVE-2026-12779). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12780 |
|
Vulnerability in CVE-2026-12780 (CVE-2026-12780)
vulnerability in CVE-2026-12780 (CVE-2026-12780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12775 |
|
Vulnerability in sqli (CVE-2026-12775)
vulnerability in sqli (CVE-2026-12775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12778 |
|
Vulnerability in CVE-2026-12778 (CVE-2026-12778)
vulnerability in CVE-2026-12778 (CVE-2026-12778). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12773 |
|
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function...
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function...
|
| CVE-2026-56345 |
|
Authentication Bypass in CVE-2026-56345 (CVE-2026-56345)
authentication bypass in CVE-2026-56345 (CVE-2026-56345). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56341 |
|
Vulnerability in csharp (CVE-2026-56341)
vulnerability in csharp (CVE-2026-56341). Confidential information can be exposed externally.
|
| CVE-2026-56340 |
|
Vulnerability in dos (CVE-2026-56340)
vulnerability in dos (CVE-2026-56340). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2026-11912 |
|
Vulnerability in wordpress (CVE-2026-11912)
vulnerability in wordpress (CVE-2026-11912). Data can be tampered with by attackers.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-56216 |
|
Privilege Escalation in CVE-2026-56216 (CVE-2026-56216)
vulnerability in CVE-2026-56216 (CVE-2026-56216). Successful exploitation can lead to full system takeover. Exploitable via `POST /functions/v1/apikey`.
|
| CVE-2026-56215 |
|
Vulnerability in CVE-2026-56215 (CVE-2026-56215)
vulnerability in CVE-2026-56215 (CVE-2026-56215). Confidential information can be exposed externally.
|
| CVE-2026-56214 |
|
Information Disclosure in CVE-2026-56214 (CVE-2026-56214)
vulnerability in CVE-2026-56214 (CVE-2026-56214). Confidential information can be exposed externally.
|
| CVE-2026-56082 |
|
Vulnerability in dos (CVE-2026-56082)
vulnerability in dos (CVE-2026-56082). Data can be tampered with by attackers.
|
| CVE-2026-55878 |
|
Path Traversal in symfony/ux-toolkit (CVE-2026-55878)
path traversal in symfony/ux-toolkit (CVE-2026-55878). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-47645 |
|
Open Redirect in microsoft (CVE-2026-47645)
vulnerability in microsoft (CVE-2026-47645). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32208 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9375 |
|
Vulnerability in dos (CVE-2026-9375)
vulnerability in dos (CVE-2026-9375). Risk of unauthorized operations or information disclosure. Exploitable via ``response.py``.
|
| CVE-2023-54357 |
|
Vulnerability in CVE-2023-54357 (CVE-2023-54357)
vulnerability in CVE-2023-54357 (CVE-2023-54357). Confidential information can be exposed externally.
|
| CVE-2026-55446 |
|
Vulnerability in langflow (CVE-2026-55446)
vulnerability in langflow (CVE-2026-55446). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/upload/test`. Mitigation: upgrade to `1.0.19` or later.
|
| CVE-2026-50559 |
|
Authentication Bypass in c (CVE-2026-50559)
authentication bypass in c (CVE-2026-50559). Confidential information can be exposed externally.
|
| CVE-2026-49346 |
|
Vulnerability in struktur (CVE-2026-49346)
vulnerability in struktur (CVE-2026-49346). Risk of unauthorized operations or information disclosure. Exploitable via ``size_t``.
|
| CVE-2026-49295 |
|
Out-of-Bounds Write in struktur (CVE-2026-49295)
out-of-bounds write in struktur (CVE-2026-49295). Risk of unauthorized operations or information disclosure. Exploitable via ``PocStFoll``.
|
| CVE-2026-55255 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-55255)
vulnerability in langflow (CVE-2026-55255). Confidential information can be exposed externally. Exploitable via ``get_flow_by_id_or_endpoint_name``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54762 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762). Confidential information can be exposed externally. Exploitable via ``digest``. Mitigation: upgrade to `3.7.5` or later.
|
| CVE-2026-54074 |
|
Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
|
| CVE-2026-54904 |
|
Vulnerability in concurrent-ruby (CVE-2026-54904)
vulnerability in concurrent-ruby (CVE-2026-54904). Risk of unauthorized operations or information disclosure. Exploitable via ``compare_and_set``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54784 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54784)
vulnerability in CoreWCF.Primitives (CVE-2026-54784). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54783 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54783)
vulnerability in CoreWCF.Primitives (CVE-2026-54783). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54781 |
|
Authentication Bypass in CoreWCF.Primitives (CVE-2026-54781)
authentication bypass in CoreWCF.Primitives (CVE-2026-54781). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54774 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54774)
vulnerability in CoreWCF.Primitives (CVE-2026-54774). Confidential information can be exposed externally. Exploitable via ``BinarySecretSecurityToken``. Mitigation: upgrade to `1.9.1` or later.
|