Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-10749 Vulnerability in wordpress (CVE-2026-10749)
vulnerability in wordpress (CVE-2026-10749). Successful exploitation can lead to full system takeover.
CVE-2026-10735 Vulnerability in wordpress (CVE-2026-10735)
vulnerability in wordpress (CVE-2026-10735). Confidential information can be exposed externally.
CVE-2026-10552 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-10552)
vulnerability in wordpress (CVE-2026-10552). Risk of unauthorized operations or information disclosure.
CVE-2026-10531 Vulnerability in wordpress (CVE-2026-10531)
vulnerability in wordpress (CVE-2026-10531). Risk of unauthorized operations or information disclosure.
CVE-2026-10092 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10092)
cross-site scripting in wordpress (CVE-2026-10092). Risk of unauthorized operations or information disclosure.
CVE-2026-10091 Cross-Site Scripting (XSS) in wordpress (CVE-2026-10091)
cross-site scripting in wordpress (CVE-2026-10091). Risk of unauthorized operations or information disclosure.
CVE-2026-9539 Out-of-Bounds Read in CVE-2026-9539 (CVE-2026-9539)
vulnerability in CVE-2026-9539 (CVE-2026-9539). Confidential information can be exposed externally.
CVE-2026-12851 OS Command Injection in CVE-2026-12851 (CVE-2026-12851)
OS command injection in CVE-2026-12851 (CVE-2026-12851). Successful exploitation can lead to full system takeover. Exploitable via ``libNetSetObj.so``.
CVE-2026-12850 OS Command Injection in CVE-2026-12850 (CVE-2026-12850)
OS command injection in CVE-2026-12850 (CVE-2026-12850). Successful exploitation can lead to full system takeover. Exploitable via ``libNetSetObj.so``.
CVE-2026-12849 OS Command Injection in CVE-2026-12849 (CVE-2026-12849)
OS command injection in CVE-2026-12849 (CVE-2026-12849). Successful exploitation can lead to full system takeover. Exploitable via ``libNetSetObj.so``.
CVE-2026-12848 Vulnerability in CVE-2026-12848 (CVE-2026-12848)
vulnerability in CVE-2026-12848 (CVE-2026-12848). Successful exploitation can lead to full system takeover.
CVE-2026-12847 Vulnerability in CVE-2026-12847 (CVE-2026-12847)
vulnerability in CVE-2026-12847 (CVE-2026-12847). Successful exploitation can lead to full system takeover.
CVE-2026-12846 Vulnerability in CVE-2026-12846 (CVE-2026-12846)
vulnerability in CVE-2026-12846 (CVE-2026-12846). Successful exploitation can lead to full system takeover.
CVE-2026-12488 Vulnerability in dos (CVE-2026-12488)
vulnerability in dos (CVE-2026-12488). Risk of unauthorized operations or information disclosure.
CVE-2026-12486 OS Command Injection in CVE-2026-12486 (CVE-2026-12486)
OS command injection in CVE-2026-12486 (CVE-2026-12486). Successful exploitation can lead to full system takeover. Exploitable via ``libNetSetObj.so``.
CVE-2026-12485 Vulnerability in CVE-2026-12485 (CVE-2026-12485)
vulnerability in CVE-2026-12485 (CVE-2026-12485). Successful exploitation can lead to full system takeover.
CVE-2026-3652 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
CVE-2026-11614 Cross-Site Scripting (XSS) in wordpress (CVE-2026-11614)
cross-site scripting in wordpress (CVE-2026-11614). Risk of unauthorized operations or information disclosure.
CVE-2026-12681 Vulnerability in CVE-2026-12681 (CVE-2026-12681)
vulnerability in CVE-2026-12681 (CVE-2026-12681). Risk of unauthorized operations or information disclosure.
CVE-2026-54639 Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
CVE-2026-7574 Vulnerability in CVE-2026-7574 (CVE-2026-7574)
vulnerability in CVE-2026-7574 (CVE-2026-7574). Confidential information can be exposed externally.
CVE-2026-6458 Vulnerability in CVE-2026-6458 (CVE-2026-6458)
vulnerability in CVE-2026-6458 (CVE-2026-6458). Risk of unauthorized operations or information disclosure.
CVE-2026-5818 Vulnerability in CVE-2026-5818 (CVE-2026-5818)
vulnerability in CVE-2026-5818 (CVE-2026-5818). Risk of unauthorized operations or information disclosure.
CVE-2026-56785 Cross-Site Scripting (XSS) in CVE-2026-56785 (CVE-2026-56785)
cross-site scripting in CVE-2026-56785 (CVE-2026-56785). Confidential information can be exposed externally.
CVE-2026-54588 Vulnerability in CVE-2026-54588 (CVE-2026-54588)
vulnerability in CVE-2026-54588 (CVE-2026-54588). Confidential information can be exposed externally. Exploitable via ``HTTP_HOST``.
CVE-2026-12164 Vulnerability in fortra (CVE-2026-12164)
vulnerability in fortra (CVE-2026-12164). Data can be tampered with by attackers.
CVE-2026-12163 Cross-Site Scripting (XSS) in fortra (CVE-2026-12163)
cross-site scripting in fortra (CVE-2026-12163). Risk of unauthorized operations or information disclosure.
CVE-2026-11972 Vulnerability in CVE-2026-11972 (CVE-2026-11972)
vulnerability in CVE-2026-11972 (CVE-2026-11972). Risk of unauthorized operations or information disclosure.
CVE-2026-54329 Vulnerability in snipe/snipe-it (CVE-2026-54329)
vulnerability in snipe/snipe-it (CVE-2026-54329). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.6.2` or later.
CVE-2026-55542 Vulnerability in snipe/snipe-it (CVE-2026-55542)
vulnerability in snipe/snipe-it (CVE-2026-55542). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-55519 Vulnerability in snipe/snipe-it (CVE-2026-55519)
vulnerability in snipe/snipe-it (CVE-2026-55519). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-55483 Vulnerability in snipe/snipe-it (CVE-2026-55483)
vulnerability in snipe/snipe-it (CVE-2026-55483). Risk of unauthorized operations or information disclosure. Exploitable via ``UsersController``. Mitigation: upgrade to `8.6.0` or later.
CVE-2026-55482 Vulnerability in snipe/snipe-it (CVE-2026-55482)
vulnerability in snipe/snipe-it (CVE-2026-55482). Risk of unauthorized operations or information disclosure. Exploitable via ``company_id``. Mitigation: upgrade to `8.4.2` or later.
CVE-2026-50550 Vulnerability in snipe/snipe-it (CVE-2026-50550)
vulnerability in snipe/snipe-it (CVE-2026-50550). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-49976 Vulnerability in snipe/snipe-it (CVE-2026-49976)
vulnerability in snipe/snipe-it (CVE-2026-49976). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /api/v1/users/{id}`. Mitigation: upgrade to `8.6.0` or later.
GHSA-w2j7-f3c6-g8cw Open Redirect in Flask-Security (GHSA-w2j7-f3c6-g8cw)
vulnerability in Flask-Security (GHSA-w2j7-f3c6-g8cw). Risk of unauthorized operations or information disclosure. Exploitable via ``whitelist.com``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-49870 Vulnerability in snipe/snipe-it (CVE-2026-49870)
vulnerability in snipe/snipe-it (CVE-2026-49870). Risk of unauthorized operations or information disclosure. Exploitable via `POST /two-factor`. Mitigation: upgrade to `8.6.0` or later.
GHSA-wcmj-x466-56mm Vulnerability in github.com/opentofu/opentofu (GHSA-wcmj-x466-56mm)
vulnerability in github.com/opentofu/opentofu (GHSA-wcmj-x466-56mm). Risk of unauthorized operations or information disclosure. Exploitable via ``TF_DATA_DIR``. Mitigation: upgrade to `1.10.10` or later.
CVE-2026-48496 Vulnerability in go.opentelemetry.io/ebpf-profiler (CVE-2026-48496)
vulnerability in go.opentelemetry.io/ebpf-profiler (CVE-2026-48496). Risk of unauthorized operations or information disclosure. Exploitable via ``processPIDEvents``. Mitigation: upgrade to `0.0.202622` or later.
CVE-2026-48493 Authorization Flaw in snipe/snipe-it (CVE-2026-48493)
vulnerability in snipe/snipe-it (CVE-2026-48493). Data can be tampered with by attackers. Exploitable via ``assets.view``. Mitigation: upgrade to `8.6.0` or later.
CVE-2026-48492 Vulnerability in snipe/snipe-it (CVE-2026-48492)
vulnerability in snipe/snipe-it (CVE-2026-48492). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/{object}/selectlist`. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-54512 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
CVE-2026-50193 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-50193)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-50193). Risk of unauthorized operations or information disclosure. Exploitable via ``JsonNode``. Mitigation: upgrade to `2.14.0` or later.
CVE-2026-9073 Vulnerability in redhat (CVE-2026-9073)
vulnerability in redhat (CVE-2026-9073). Confidential information can be exposed externally.
CVE-2026-56120 Vulnerability in CVE-2026-56120 (CVE-2026-56120)
vulnerability in CVE-2026-56120 (CVE-2026-56120). Confidential information can be exposed externally.
CVE-2026-54517 Authorization Flaw in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54517)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54517). Risk of unauthorized operations or information disclosure. Exploitable via ``true``. Mitigation: upgrade to `3.1.4` or later.
CVE-2026-54516 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516). Risk of unauthorized operations or information disclosure. Exploitable via ``MapperFeature.INFER_PROPERTY_MUTATORS``. Mitigation: upgrade to `3.1.4` or later.
CVE-2026-54515 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54515)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54515). Risk of unauthorized operations or information disclosure. Exploitable via ``contextual``. Mitigation: upgrade to `2.18.9` or later.
CVE-2026-54514 SSRF (Server-Side Request Forgery) in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514)
SSRF in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514). Risk of unauthorized operations or information disclosure. Exploitable via ``JDKFromStringDeserializer``. Mitigation: upgrade to `3.1.4` or later.
CVE-2026-54513 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54513)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54513). Successful exploitation can lead to full system takeover. Exploitable via ``EvilType``. Mitigation: upgrade to `3.1.4` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →