Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13331 |
|
SQL Injection in wordpress (CVE-2026-13331)
SQL injection in wordpress (CVE-2026-13331). Confidential information can be exposed externally.
|
| CVE-2026-13335 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-13335)
cross-site scripting in wordpress (CVE-2026-13335). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-59868 |
|
Vulnerability in hcltech (CVE-2025-59868)
vulnerability in hcltech (CVE-2025-59868). Confidential information can be exposed externally.
|
| CVE-2023-37524 |
|
Vulnerability in csharp (CVE-2023-37524)
vulnerability in csharp (CVE-2023-37524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11356 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11356)
cross-site scripting in wordpress (CVE-2026-11356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56414 |
|
Unrestricted File Upload in CVE-2026-56414 (CVE-2026-56414)
vulnerability in CVE-2026-56414 (CVE-2026-56414). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33560 |
|
Unrestricted File Upload in daktronics (CVE-2026-33560)
vulnerability in daktronics (CVE-2026-33560). Data can be tampered with by attackers.
|
| CVE-2026-31928 |
|
Vulnerability in daktronics (CVE-2026-31928)
vulnerability in daktronics (CVE-2026-31928). Confidential information can be exposed externally.
|
| CVE-2026-28701 |
|
Path Traversal in daktronics (CVE-2026-28701)
path traversal in daktronics (CVE-2026-28701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50765 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50765)
cross-site scripting in koha (CVE-2026-50765). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36908 |
|
Vulnerability in dos (CVE-2026-36908)
vulnerability in dos (CVE-2026-36908). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50767 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50767)
cross-site scripting in koha (CVE-2026-50767). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36907 |
|
Vulnerability in dos (CVE-2026-36907)
vulnerability in dos (CVE-2026-36907). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50766 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-50766)
cross-site scripting in koha (CVE-2026-50766). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36478 |
|
Vulnerability in csharp (CVE-2026-36478)
vulnerability in csharp (CVE-2026-36478). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38571 |
|
Vulnerability in CVE-2026-38571 (CVE-2026-38571)
vulnerability in CVE-2026-38571 (CVE-2026-38571). Confidential information can be exposed externally.
|
| GHSA-qrv3-253h-g69c |
|
Path Traversal in pnpm (GHSA-qrv3-253h-g69c)
path traversal in pnpm (GHSA-qrv3-253h-g69c). Risk of unauthorized operations or information disclosure. Exploitable via ``pnpm``. Mitigation: upgrade to `11.8.0` or later.
|
| GHSA-72r4-9c5j-mj57 |
|
Path Traversal in pnpm (GHSA-72r4-9c5j-mj57)
path traversal in pnpm (GHSA-72r4-9c5j-mj57). Risk of unauthorized operations or information disclosure. Exploitable via ``patchedDependencies``. Mitigation: upgrade to `10.34.4` or later.
|
| GHSA-fr4h-3cph-29xv |
|
Path Traversal in pnpm (GHSA-fr4h-3cph-29xv)
path traversal in pnpm (GHSA-fr4h-3cph-29xv). Risk of unauthorized operations or information disclosure. Exploitable via ``node_modules``. Mitigation: upgrade to `11.7.0` or later.
|
| GHSA-ww5p-j6cj-6mqq |
|
Information Disclosure in github.com/nezhahq/nezha (GHSA-ww5p-j6cj-6mqq)
vulnerability in github.com/nezhahq/nezha (GHSA-ww5p-j6cj-6mqq). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/ddns`. Mitigation: upgrade to `2.2.5` or later.
|
| CVE-2026-55700 |
|
Path Traversal in pnpm (CVE-2026-55700)
path traversal in pnpm (CVE-2026-55700). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55699 |
|
Path Traversal in pnpm (CVE-2026-55699)
path traversal in pnpm (CVE-2026-55699). Risk of unauthorized operations or information disclosure. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55698 |
|
Vulnerability in pnpm (CVE-2026-55698)
vulnerability in pnpm (CVE-2026-55698). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55697 |
|
OS Command Injection in pnpm (CVE-2026-55697)
OS command injection in pnpm (CVE-2026-55697). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55487 |
|
Vulnerability in pnpm (CVE-2026-55487)
vulnerability in pnpm (CVE-2026-55487). Successful exploitation can lead to full system takeover. Exploitable via ``bf1b731ee6``. Mitigation: upgrade to `10.34.2` or later.
|
| CVE-2026-55180 |
|
Information Disclosure in pnpm (CVE-2026-55180)
vulnerability in pnpm (CVE-2026-55180). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-54244 |
|
Authorization Flaw in statamic/cms (CVE-2026-54244)
vulnerability in statamic/cms (CVE-2026-54244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.74.0` or later.
|
| CVE-2026-54243 |
|
Vulnerability in statamic/cms (CVE-2026-54243)
vulnerability in statamic/cms (CVE-2026-54243). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.24` or later.
|
| CVE-2026-54242 |
|
Vulnerability in statamic/cms (CVE-2026-54242)
vulnerability in statamic/cms (CVE-2026-54242). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.24` or later.
|
| CVE-2026-50015 |
|
Path Traversal in pnpm (CVE-2026-50015)
path traversal in pnpm (CVE-2026-50015). Data can be tampered with by attackers. Exploitable via ``patchedDependencies``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50017 |
|
Information Disclosure in pnpm (CVE-2026-50017)
vulnerability in pnpm (CVE-2026-50017). Confidential information can be exposed externally. Exploitable via ``_authToken``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50016 |
|
Vulnerability in pnpm (CVE-2026-50016)
vulnerability in pnpm (CVE-2026-50016). Successful exploitation can lead to full system takeover. Exploitable via ``node_modules``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50014 |
|
Vulnerability in pnpm (CVE-2026-50014)
vulnerability in pnpm (CVE-2026-50014). Confidential information can be exposed externally. Exploitable via ``resolution.commit``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50021 |
|
Vulnerability in pnpm (CVE-2026-50021)
vulnerability in pnpm (CVE-2026-50021). Confidential information can be exposed externally. Exploitable via ``integrity``. Mitigation: upgrade to `10.34.1` or later.
|
| CVE-2026-50573 |
|
Vulnerability in pnpm (CVE-2026-50573)
vulnerability in pnpm (CVE-2026-50573). Confidential information can be exposed externally. Exploitable via ``integrity``. Mitigation: upgrade to `11.4.0` or later.
|
| GHSA-8jgf-23q5-x7xx |
|
Vulnerability in ex_aws_sns (GHSA-8jgf-23q5-x7xx)
vulnerability in ex_aws_sns (GHSA-8jgf-23q5-x7xx). Risk of unauthorized operations or information disclosure. Exploitable via ``SigningCertURL``. Mitigation: upgrade to `2.3.5` or later.
|
| CVE-2026-50029 |
|
Vulnerability in js-toml (CVE-2026-50029)
vulnerability in js-toml (CVE-2026-50029). Risk of unauthorized operations or information disclosure. Exploitable via ``false``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-49349 |
|
Vulnerability in github.com/regclient/regclient (CVE-2026-49349)
vulnerability in github.com/regclient/regclient (CVE-2026-49349). Risk of unauthorized operations or information disclosure. Exploitable via ``urls``. Mitigation: upgrade to `0.11.5` or later.
|
| GHSA-q6xx-5vr8-p898 |
|
Vulnerability in github.com/nezhahq/nezha (GHSA-q6xx-5vr8-p898)
vulnerability in github.com/nezhahq/nezha (GHSA-q6xx-5vr8-p898). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ws/terminal/`. Mitigation: upgrade to `2.0.10` or later.
|
| GHSA-wcr3-9x4c-f5gj |
|
Authorization Flaw in github.com/blnkfinance/blnk (GHSA-wcr3-9x4c-f5gj)
vulnerability in github.com/blnkfinance/blnk (GHSA-wcr3-9x4c-f5gj). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.3` or later.
|
| GHSA-7vfx-4246-jcfh |
|
Vulnerability in solidinvoice/solidinvoice (GHSA-7vfx-4246-jcfh)
vulnerability in solidinvoice/solidinvoice (GHSA-7vfx-4246-jcfh). Risk of unauthorized operations or information disclosure. Exploitable via ``ApiToken``. Mitigation: upgrade to `2.3.16` or later.
|
| CVE-2026-55069 |
|
Vulnerability in privilege-escalation (CVE-2026-55069)
vulnerability in privilege-escalation (CVE-2026-55069). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.24` or later.
|
| CVE-2026-53577 |
|
Authorization Flaw in kestra (CVE-2026-53577)
vulnerability in kestra (CVE-2026-53577). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file/preview`. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-53576 |
|
Code Injection in kestra (CVE-2026-53576)
code injection in kestra (CVE-2026-53576). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-49984 |
|
Path Traversal in kestra (CVE-2026-49984)
path traversal in kestra (CVE-2026-49984). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file`. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-49869 |
|
OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-45807 |
|
Path Traversal in kestra (CVE-2026-45807)
path traversal in kestra (CVE-2026-45807). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.43` or later.
|
| CVE-2026-49262 |
|
Vulnerability in aimeos/pagible (CVE-2026-49262)
vulnerability in aimeos/pagible (CVE-2026-49262). Risk of unauthorized operations or information disclosure. Exploitable via ``cmsproxy``. Mitigation: upgrade to `0.10.4` or later.
|
| CVE-2026-48995 |
|
Vulnerability in pnpm (CVE-2026-48995)
vulnerability in pnpm (CVE-2026-48995). Successful exploitation can lead to full system takeover. Exploitable via ``codeload.github.com``. Mitigation: upgrade to `11.0.7` or later.
|
| CVE-2026-39031 |
|
Vulnerability in CVE-2026-39031 (CVE-2026-39031)
vulnerability in CVE-2026-39031 (CVE-2026-39031). Confidential information can be exposed externally.
|