Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-5922 |
|
Cross-Site Scripting (XSS) in CVE-2026-5922 (CVE-2026-5922)
cross-site scripting in CVE-2026-5922 (CVE-2026-5922). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6896 |
|
Cross-Site Scripting (XSS) in CVE-2026-6896 (CVE-2026-6896)
cross-site scripting in CVE-2026-6896 (CVE-2026-6896). Confidential information can be exposed externally.
|
| CVE-2026-13320 |
|
Cross-Site Scripting (XSS) in CVE-2026-13320 (CVE-2026-13320)
cross-site scripting in CVE-2026-13320 (CVE-2026-13320). Confidential information can be exposed externally.
|
| CVE-2026-58191 |
|
Cross-Site Scripting (XSS) in CVE-2026-58191 (CVE-2026-58191)
cross-site scripting in CVE-2026-58191 (CVE-2026-58191). Data can be tampered with by attackers.
|
| CVE-2026-55596 |
|
Cross-Site Scripting (XSS) in CVE-2026-55596 (CVE-2026-55596)
cross-site scripting in CVE-2026-55596 (CVE-2026-55596). Confidential information can be exposed externally.
|
| CVE-2026-59929 |
|
Cross-Site Scripting (XSS) in CVE-2026-59929 (CVE-2026-59929)
cross-site scripting in CVE-2026-59929 (CVE-2026-59929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59926 |
|
Cross-Site Scripting (XSS) in CVE-2026-59926 (CVE-2026-59926)
cross-site scripting in CVE-2026-59926 (CVE-2026-59926). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59923 |
|
Cross-Site Scripting (XSS) in CVE-2026-59923 (CVE-2026-59923)
cross-site scripting in CVE-2026-59923 (CVE-2026-59923). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59895 |
|
Cross-Site Scripting (XSS) in CVE-2026-59895 (CVE-2026-59895)
cross-site scripting in CVE-2026-59895 (CVE-2026-59895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57439 |
|
Cross-Site Scripting (XSS) in CVE-2026-57439 (CVE-2026-57439)
cross-site scripting in CVE-2026-57439 (CVE-2026-57439). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56359 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-56359)
cross-site scripting in n8n (CVE-2026-56359). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41122 |
|
Cross-Site Scripting (XSS) in dell (CVE-2026-41122)
cross-site scripting in dell (CVE-2026-41122). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56283 |
|
Cross-Site Scripting (XSS) in CVE-2026-56283 (CVE-2026-56283)
cross-site scripting in CVE-2026-56283 (CVE-2026-56283). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11903 |
|
Cross-Site Scripting (XSS) in CVE-2026-11903 (CVE-2026-11903)
cross-site scripting in CVE-2026-11903 (CVE-2026-11903). Successful exploitation can lead to full system takeover.
|
| CVE-2026-60092 |
|
Cross-Site Scripting (XSS) in CVE-2026-60092 (CVE-2026-60092)
cross-site scripting in CVE-2026-60092 (CVE-2026-60092). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-58657 |
|
Cross-Site Scripting (XSS) in CVE-2026-58657 (CVE-2026-58657)
cross-site scripting in CVE-2026-58657 (CVE-2026-58657). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.0` or later.
|
| CVE-2026-8310 |
|
Cross-Site Scripting (XSS) in CVE-2026-8310 (CVE-2026-8310)
cross-site scripting in CVE-2026-8310 (CVE-2026-8310). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8315 |
|
Cross-Site Scripting (XSS) in CVE-2026-8315 (CVE-2026-8315)
cross-site scripting in CVE-2026-8315 (CVE-2026-8315). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6740 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6740)
cross-site scripting in wordpress (CVE-2026-6740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6459 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6459)
cross-site scripting in wordpress (CVE-2026-6459). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6820 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6820)
cross-site scripting in wordpress (CVE-2026-6820). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6371 |
|
Cross-Site Scripting (XSS) in CVE-2026-6371 (CVE-2026-6371)
cross-site scripting in CVE-2026-6371 (CVE-2026-6371). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6818 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6818)
cross-site scripting in wordpress (CVE-2026-6818). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6742 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6742)
cross-site scripting in wordpress (CVE-2026-6742). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14785 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14785)
cross-site scripting in wordpress (CVE-2025-14785). Risk of unauthorized operations or information disclosure. Exploitable via ``seedprodnestedmenuwidget``.
|
| CVE-2026-10570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10570)
cross-site scripting in wordpress (CVE-2026-10570). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11798 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11798)
cross-site scripting in wordpress (CVE-2026-11798). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12041 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12041)
cross-site scripting in wordpress (CVE-2026-12041). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36162 |
|
Cross-Site Scripting (XSS) in CVE-2026-36162 (CVE-2026-36162)
cross-site scripting in CVE-2026-36162 (CVE-2026-36162). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55647 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-55647)
cross-site scripting in vue (CVE-2026-55647). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55592 |
|
Cross-Site Scripting (XSS) in CVE-2026-55592 (CVE-2026-55592)
cross-site scripting in CVE-2026-55592 (CVE-2026-55592). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48954 |
|
Improper validation leads to a generic XSS vector in the language override feature.
Improper validation leads to a generic XSS vector in the language override feature.
|
| CVE-2026-48952 |
|
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
|
| CVE-2026-48949 |
|
Lack of validation leads to an XSS vulnerability in the MFA management views.
Lack of validation leads to an XSS vulnerability in the MFA management views.
|
| CVE-2026-48953 |
|
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
|
| CVE-2026-48951 |
|
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
|
| CVE-2026-48950 |
|
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
|
| CVE-2025-12799 |
|
Cross-Site Scripting (XSS) in CVE-2025-12799 (CVE-2025-12799)
cross-site scripting in CVE-2025-12799 (CVE-2025-12799). Data can be tampered with by attackers.
|
| CVE-2026-12948 |
|
Cross-Site Scripting (XSS) in CVE-2026-12948 (CVE-2026-12948)
cross-site scripting in CVE-2026-12948 (CVE-2026-12948). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8309 |
|
Cross-Site Scripting (XSS) in CVE-2026-8309 (CVE-2026-8309)
cross-site scripting in CVE-2026-8309 (CVE-2026-8309). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8306 |
|
Cross-Site Scripting (XSS) in CVE-2026-8306 (CVE-2026-8306)
cross-site scripting in CVE-2026-8306 (CVE-2026-8306). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11328 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11328)
cross-site scripting in wordpress (CVE-2026-11328). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53641 |
|
Cross-Site Scripting (XSS) in CVE-2026-53641 (CVE-2026-53641)
cross-site scripting in CVE-2026-53641 (CVE-2026-53641). Risk of unauthorized operations or information disclosure. Exploitable via ``content_html``.
|
| CVE-2026-59710 |
|
Cross-Site Scripting (XSS) in CVE-2026-59710 (CVE-2026-59710)
cross-site scripting in CVE-2026-59710 (CVE-2026-59710). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59711 |
|
Cross-Site Scripting (XSS) in CVE-2026-59711 (CVE-2026-59711)
cross-site scripting in CVE-2026-59711 (CVE-2026-59711). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55437 |
|
Cross-Site Scripting (XSS) in github.com/coder/coder/v2 (CVE-2026-55437)
cross-site scripting in github.com/coder/coder/v2 (CVE-2026-55437). Risk of unauthorized operations or information disclosure. Exploitable via ``AgentLogLine``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-58402 |
|
Cross-Site Scripting (XSS) in gohugo (CVE-2026-58402)
cross-site scripting in gohugo (CVE-2026-58402). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.163.3` or later.
|
| CVE-2026-12154 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12154)
cross-site scripting in wordpress (CVE-2026-12154). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-53831 |
|
Cross-Site Scripting (XSS) in CVE-2025-53831 (CVE-2025-53831)
cross-site scripting in CVE-2025-53831 (CVE-2025-53831). Confidential information can be exposed externally.
|
| CVE-2025-8591 |
|
Cross-Site Scripting (XSS) in CVE-2025-8591 (CVE-2025-8591)
cross-site scripting in CVE-2025-8591 (CVE-2025-8591). Risk of unauthorized operations or information disclosure.
|