Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-13331 SQL Injection in wordpress (CVE-2026-13331)
SQL injection in wordpress (CVE-2026-13331). Confidential information can be exposed externally.
CVE-2026-13335 Cross-Site Scripting (XSS) in wordpress (CVE-2026-13335)
cross-site scripting in wordpress (CVE-2026-13335). Risk of unauthorized operations or information disclosure.
CVE-2025-59868 Vulnerability in hcltech (CVE-2025-59868)
vulnerability in hcltech (CVE-2025-59868). Confidential information can be exposed externally.
CVE-2023-37524 Vulnerability in csharp (CVE-2023-37524)
vulnerability in csharp (CVE-2023-37524). Successful exploitation can lead to full system takeover.
CVE-2026-11356 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11356)
cross-site scripting in wordpress (CVE-2026-11356). Risk of unauthorized operations or information disclosure.
CVE-2026-56414 Unrestricted File Upload in CVE-2026-56414 (CVE-2026-56414)
vulnerability in CVE-2026-56414 (CVE-2026-56414). Successful exploitation can lead to full system takeover.
CVE-2026-33560 Unrestricted File Upload in daktronics (CVE-2026-33560)
vulnerability in daktronics (CVE-2026-33560). Data can be tampered with by attackers.
CVE-2026-31928 Vulnerability in daktronics (CVE-2026-31928)
vulnerability in daktronics (CVE-2026-31928). Confidential information can be exposed externally.
CVE-2026-28701 Path Traversal in daktronics (CVE-2026-28701)
path traversal in daktronics (CVE-2026-28701). Successful exploitation can lead to full system takeover.
CVE-2026-50765 Cross-Site Scripting (XSS) in koha (CVE-2026-50765)
cross-site scripting in koha (CVE-2026-50765). Risk of unauthorized operations or information disclosure.
CVE-2026-36908 Vulnerability in dos (CVE-2026-36908)
vulnerability in dos (CVE-2026-36908). Risk of unauthorized operations or information disclosure.
CVE-2026-50767 Cross-Site Scripting (XSS) in koha (CVE-2026-50767)
cross-site scripting in koha (CVE-2026-50767). Risk of unauthorized operations or information disclosure.
CVE-2026-36907 Vulnerability in dos (CVE-2026-36907)
vulnerability in dos (CVE-2026-36907). Risk of unauthorized operations or information disclosure.
CVE-2026-50766 Cross-Site Scripting (XSS) in koha (CVE-2026-50766)
cross-site scripting in koha (CVE-2026-50766). Risk of unauthorized operations or information disclosure.
CVE-2026-36478 Vulnerability in csharp (CVE-2026-36478)
vulnerability in csharp (CVE-2026-36478). Risk of unauthorized operations or information disclosure.
CVE-2026-38571 Vulnerability in CVE-2026-38571 (CVE-2026-38571)
vulnerability in CVE-2026-38571 (CVE-2026-38571). Confidential information can be exposed externally.
GHSA-qrv3-253h-g69c Path Traversal in pnpm (GHSA-qrv3-253h-g69c)
path traversal in pnpm (GHSA-qrv3-253h-g69c). Risk of unauthorized operations or information disclosure. Exploitable via ``pnpm``. Mitigation: upgrade to `11.8.0` or later.
GHSA-72r4-9c5j-mj57 Path Traversal in pnpm (GHSA-72r4-9c5j-mj57)
path traversal in pnpm (GHSA-72r4-9c5j-mj57). Risk of unauthorized operations or information disclosure. Exploitable via ``patchedDependencies``. Mitigation: upgrade to `10.34.4` or later.
GHSA-fr4h-3cph-29xv Path Traversal in pnpm (GHSA-fr4h-3cph-29xv)
path traversal in pnpm (GHSA-fr4h-3cph-29xv). Risk of unauthorized operations or information disclosure. Exploitable via ``node_modules``. Mitigation: upgrade to `11.7.0` or later.
GHSA-ww5p-j6cj-6mqq Information Disclosure in github.com/nezhahq/nezha (GHSA-ww5p-j6cj-6mqq)
vulnerability in github.com/nezhahq/nezha (GHSA-ww5p-j6cj-6mqq). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/ddns`. Mitigation: upgrade to `2.2.5` or later.
CVE-2026-55700 Path Traversal in pnpm (CVE-2026-55700)
path traversal in pnpm (CVE-2026-55700). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55699 Path Traversal in pnpm (CVE-2026-55699)
path traversal in pnpm (CVE-2026-55699). Risk of unauthorized operations or information disclosure. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55698 Vulnerability in pnpm (CVE-2026-55698)
vulnerability in pnpm (CVE-2026-55698). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55697 OS Command Injection in pnpm (CVE-2026-55697)
OS command injection in pnpm (CVE-2026-55697). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55487 Vulnerability in pnpm (CVE-2026-55487)
vulnerability in pnpm (CVE-2026-55487). Successful exploitation can lead to full system takeover. Exploitable via ``bf1b731ee6``. Mitigation: upgrade to `10.34.2` or later.
CVE-2026-55180 Information Disclosure in pnpm (CVE-2026-55180)
vulnerability in pnpm (CVE-2026-55180). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-54244 Authorization Flaw in statamic/cms (CVE-2026-54244)
vulnerability in statamic/cms (CVE-2026-54244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.74.0` or later.
CVE-2026-54243 Vulnerability in statamic/cms (CVE-2026-54243)
vulnerability in statamic/cms (CVE-2026-54243). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.24` or later.
CVE-2026-54242 Vulnerability in statamic/cms (CVE-2026-54242)
vulnerability in statamic/cms (CVE-2026-54242). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.24` or later.
CVE-2026-50015 Path Traversal in pnpm (CVE-2026-50015)
path traversal in pnpm (CVE-2026-50015). Data can be tampered with by attackers. Exploitable via ``patchedDependencies``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-50017 Information Disclosure in pnpm (CVE-2026-50017)
vulnerability in pnpm (CVE-2026-50017). Confidential information can be exposed externally. Exploitable via ``_authToken``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-50016 Vulnerability in pnpm (CVE-2026-50016)
vulnerability in pnpm (CVE-2026-50016). Successful exploitation can lead to full system takeover. Exploitable via ``node_modules``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-50014 Vulnerability in pnpm (CVE-2026-50014)
vulnerability in pnpm (CVE-2026-50014). Confidential information can be exposed externally. Exploitable via ``resolution.commit``. Mitigation: upgrade to `11.4.0` or later.
CVE-2026-50021 Vulnerability in pnpm (CVE-2026-50021)
vulnerability in pnpm (CVE-2026-50021). Confidential information can be exposed externally. Exploitable via ``integrity``. Mitigation: upgrade to `10.34.1` or later.
CVE-2026-50573 Vulnerability in pnpm (CVE-2026-50573)
vulnerability in pnpm (CVE-2026-50573). Confidential information can be exposed externally. Exploitable via ``integrity``. Mitigation: upgrade to `11.4.0` or later.
GHSA-8jgf-23q5-x7xx Vulnerability in ex_aws_sns (GHSA-8jgf-23q5-x7xx)
vulnerability in ex_aws_sns (GHSA-8jgf-23q5-x7xx). Risk of unauthorized operations or information disclosure. Exploitable via ``SigningCertURL``. Mitigation: upgrade to `2.3.5` or later.
CVE-2026-50029 Vulnerability in js-toml (CVE-2026-50029)
vulnerability in js-toml (CVE-2026-50029). Risk of unauthorized operations or information disclosure. Exploitable via ``false``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-49349 Vulnerability in github.com/regclient/regclient (CVE-2026-49349)
vulnerability in github.com/regclient/regclient (CVE-2026-49349). Risk of unauthorized operations or information disclosure. Exploitable via ``urls``. Mitigation: upgrade to `0.11.5` or later.
GHSA-q6xx-5vr8-p898 Vulnerability in github.com/nezhahq/nezha (GHSA-q6xx-5vr8-p898)
vulnerability in github.com/nezhahq/nezha (GHSA-q6xx-5vr8-p898). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ws/terminal/`. Mitigation: upgrade to `2.0.10` or later.
GHSA-wcr3-9x4c-f5gj Authorization Flaw in github.com/blnkfinance/blnk (GHSA-wcr3-9x4c-f5gj)
vulnerability in github.com/blnkfinance/blnk (GHSA-wcr3-9x4c-f5gj). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.3` or later.
GHSA-7vfx-4246-jcfh Vulnerability in solidinvoice/solidinvoice (GHSA-7vfx-4246-jcfh)
vulnerability in solidinvoice/solidinvoice (GHSA-7vfx-4246-jcfh). Risk of unauthorized operations or information disclosure. Exploitable via ``ApiToken``. Mitigation: upgrade to `2.3.16` or later.
CVE-2026-55069 Vulnerability in privilege-escalation (CVE-2026-55069)
vulnerability in privilege-escalation (CVE-2026-55069). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.24` or later.
CVE-2026-53577 Authorization Flaw in kestra (CVE-2026-53577)
vulnerability in kestra (CVE-2026-53577). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file/preview`. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-53576 Code Injection in kestra (CVE-2026-53576)
code injection in kestra (CVE-2026-53576). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-49984 Path Traversal in kestra (CVE-2026-49984)
path traversal in kestra (CVE-2026-49984). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file`. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-49869 OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
CVE-2026-45807 Path Traversal in kestra (CVE-2026-45807)
path traversal in kestra (CVE-2026-45807). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.43` or later.
CVE-2026-49262 Vulnerability in aimeos/pagible (CVE-2026-49262)
vulnerability in aimeos/pagible (CVE-2026-49262). Risk of unauthorized operations or information disclosure. Exploitable via ``cmsproxy``. Mitigation: upgrade to `0.10.4` or later.
CVE-2026-48995 Vulnerability in pnpm (CVE-2026-48995)
vulnerability in pnpm (CVE-2026-48995). Successful exploitation can lead to full system takeover. Exploitable via ``codeload.github.com``. Mitigation: upgrade to `11.0.7` or later.
CVE-2026-39031 Vulnerability in CVE-2026-39031 (CVE-2026-39031)
vulnerability in CVE-2026-39031 (CVE-2026-39031). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →