Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-80 Clear
ID Title
CVE-2026-7380 Vulnerability in CVE-2026-7380 (CVE-2026-7380)
vulnerability in CVE-2026-7380 (CVE-2026-7380). Risk of unauthorized operations or information disclosure.
CVE-2025-36321 Vulnerability in ibm (CVE-2025-36321)
vulnerability in ibm (CVE-2025-36321). Confidential information can be exposed externally.
CVE-2026-50229 Vulnerability in apache (CVE-2026-50229)
vulnerability in apache (CVE-2026-50229). Risk of unauthorized operations or information disclosure.
CVE-2025-64637 Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
Unauthenticated Content Injection in Auros Core <= 5.3.1 versions.
CVE-2026-13314 Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
CVE-2026-13225 Vulnerability in CVE-2026-13225 (CVE-2026-13225)
vulnerability in CVE-2026-13225 (CVE-2026-13225). Risk of unauthorized operations or information disclosure.
CVE-2026-57533 Vulnerability in CVE-2026-57533 (CVE-2026-57533)
vulnerability in CVE-2026-57533 (CVE-2026-57533). Risk of unauthorized operations or information disclosure.
CVE-2026-57535 Vulnerability in ssrf (CVE-2026-57535)
vulnerability in ssrf (CVE-2026-57535). Risk of unauthorized operations or information disclosure.
CVE-2026-57532 Vulnerability in CVE-2026-57532 (CVE-2026-57532)
vulnerability in CVE-2026-57532 (CVE-2026-57532). Risk of unauthorized operations or information disclosure.
CVE-2026-57534 Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
CVE-2026-52816 Vulnerability in gogs.io/gogs (CVE-2026-52816)
vulnerability in gogs.io/gogs (CVE-2026-52816). Risk of unauthorized operations or information disclosure. Exploitable via `POST /-/api/sanitize_ipynb`. Mitigation: upgrade to `0.14.3` or later.
CVE-2025-62198 Vulnerability in apache (CVE-2025-62198)
vulnerability in apache (CVE-2025-62198). Risk of unauthorized operations or information disclosure.
CVE-2026-12812 Vulnerability in CVE-2026-12812 (CVE-2026-12812)
vulnerability in CVE-2026-12812 (CVE-2026-12812). Risk of unauthorized operations or information disclosure.
CVE-2025-71331 Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
CVE-2026-50146 Vulnerability in astro (CVE-2026-50146)
vulnerability in astro (CVE-2026-50146). Data can be tampered with by attackers. Exploitable via ``astro.config.mjs``. Mitigation: upgrade to `6.3.3` or later.
CVE-2026-34033 Cross-Site Scripting (XSS) in apache (CVE-2026-34033)
cross-site scripting in apache (CVE-2026-34033). Risk of unauthorized operations or information disclosure.
CVE-2026-11511 Vulnerability in CVE-2026-11511 (CVE-2026-11511)
vulnerability in CVE-2026-11511 (CVE-2026-11511). Risk of unauthorized operations or information disclosure.
CVE-2026-9646 A reflected cross-site scripting issue exists in URL handling.
A reflected cross-site scripting issue exists in URL handling.
CVE-2026-44839 Vulnerability in rabbitmq (CVE-2026-44839)
vulnerability in rabbitmq (CVE-2026-44839). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-39642 Vulnerability in CVE-2026-39642 (CVE-2026-39642)
vulnerability in CVE-2026-39642 (CVE-2026-39642). Risk of unauthorized operations or information disclosure.
CVE-2025-71310 Vulnerability in CVE-2025-71310 (CVE-2025-71310)
vulnerability in CVE-2025-71310 (CVE-2025-71310). Risk of unauthorized operations or information disclosure.
CVE-2026-46492 Vulnerability in md-fileserver (CVE-2026-46492)
vulnerability in md-fileserver (CVE-2026-46492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.3` or later.
CVE-2026-34246 Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
CVE-2026-45346 Vulnerability in open-webui (CVE-2026-45346)
vulnerability in open-webui (CVE-2026-45346). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.31` or later.
CVE-2025-15345 Vulnerability in wordpress (CVE-2025-15345)
vulnerability in wordpress (CVE-2025-15345). Risk of unauthorized operations or information disclosure.
CVE-2026-44369 Vulnerability in CVE-2026-44369 (CVE-2026-44369)
vulnerability in CVE-2026-44369 (CVE-2026-44369). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.64.0` or later.
CVE-2026-44259 Vulnerability in CVE-2026-44259 (CVE-2026-44259)
vulnerability in CVE-2026-44259 (CVE-2026-44259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
CVE-2026-41611 Command Injection in microsoft (CVE-2026-41611)
command injection in microsoft (CVE-2026-41611). Successful exploitation can lead to full system takeover.
CVE-2026-43938 Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
CVE-2026-43939 Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
CVE-2021-47948 Vulnerability in wordpress (CVE-2021-47948)
vulnerability in wordpress (CVE-2021-47948). Risk of unauthorized operations or information disclosure.
CVE-2026-20170 Vulnerability in Cisco webex-contact-center (CVE-2026-20170)
vulnerability in Cisco webex-contact-center (CVE-2026-20170). Risk of unauthorized operations or information disclosure.
CVE-2026-42451 Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
CVE-2026-42030 Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
CVE-2026-41575 Cross-Site Scripting (XSS) in th30d4y (CVE-2026-41575)
cross-site scripting in th30d4y (CVE-2026-41575). Risk of unauthorized operations or information disclosure.
CVE-2026-44264 Cross-Site Scripting (XSS) in weblate (CVE-2026-44264)
cross-site scripting in weblate (CVE-2026-44264). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.17.1` or later.
CVE-2026-35453 Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
CVE-2025-13505 Cross-Site Scripting (XSS) in datateam (CVE-2025-13505)
cross-site scripting in datateam (CVE-2025-13505). Risk of unauthorized operations or information disclosure.
CVE-2025-51989 Vulnerability in CVE-2025-51989 (CVE-2025-51989)
vulnerability in CVE-2025-51989 (CVE-2025-51989). Confidential information can be exposed externally.
CVE-2024-11404 Vulnerability in django-filer (CVE-2024-11404)
vulnerability in django-filer (CVE-2024-11404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.0` or later.
CVE-2024-9147 Vulnerability in bna (CVE-2024-9147)
vulnerability in bna (CVE-2024-9147). Risk of unauthorized operations or information disclosure.
CVE-2024-2010 Cross-Site Scripting (XSS) in tebilisim (CVE-2024-2010)
cross-site scripting in tebilisim (CVE-2024-2010). Risk of unauthorized operations or information disclosure.
CVE-2020-13965 KEV [KEV] Vulnerability in Roundcube webmail (CVE-2020-13965)
vulnerability in Roundcube webmail (CVE-2020-13965). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-4663 Cross-Site Scripting (XSS) in adobe (CVE-2023-4663)
cross-site scripting in adobe (CVE-2023-4663). Risk of unauthorized operations or information disclosure.
CVE-2023-1013 Vulnerability in dizayn (CVE-2023-1013)
vulnerability in dizayn (CVE-2023-1013). Risk of unauthorized operations or information disclosure.
CVE-2021-44197 Cross-Site Scripting (XSS) in ubit (CVE-2021-44197)
cross-site scripting in ubit (CVE-2021-44197). Risk of unauthorized operations or information disclosure.
CVE-2021-44196 Cross-Site Scripting (XSS) in ubit (CVE-2021-44196)
cross-site scripting in ubit (CVE-2021-44196). Risk of unauthorized operations or information disclosure.
CVE-2022-35278 Cross-Site Scripting (XSS) in org.apache.activemq:artemis-server (CVE-2022-35278)
cross-site scripting in org.apache.activemq:artemis-server (CVE-2022-35278). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.24.0` or later.
CVE-2022-35509 Cross-Site Scripting (XSS) in eyoucms (CVE-2022-35509)
cross-site scripting in eyoucms (CVE-2022-35509). Risk of unauthorized operations or information disclosure.
CVE-2018-19943 KEV [KEV] Cross-Site Scripting (XSS) in Qnap network-attached-storage-nas (CVE-2018-19943)
cross-site scripting in Qnap network-attached-storage-nas (CVE-2018-19943). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →