Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50555 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-52725 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-52725)
cross-site scripting in @angular/core (CVE-2026-52725). Risk of unauthorized operations or information disclosure. Exploitable via ``createComponent``. Mitigation: upgrade to `20.3.22` or later.
|
| CVE-2025-15659 |
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
|
| CVE-2025-15658 |
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
|
| CVE-2016-20084 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20084)
cross-site scripting in wordpress (CVE-2016-20084). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-20070 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20070)
cross-site scripting in wordpress (CVE-2016-20070). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-20066 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2016-20066)
cross-site scripting in wordpress (CVE-2016-20066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9278 |
|
Vulnerability in wordpress (CVE-2026-9278)
vulnerability in wordpress (CVE-2026-9278). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
|
| CVE-2026-12202 |
|
Cross-Site Scripting (XSS) in CVE-2026-12202 (CVE-2026-12202)
cross-site scripting in CVE-2026-12202 (CVE-2026-12202). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12176 |
|
Cross-Site Scripting (XSS) in CVE-2026-12176 (CVE-2026-12176)
cross-site scripting in CVE-2026-12176 (CVE-2026-12176). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5513 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5513)
cross-site scripting in wordpress (CVE-2026-5513). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9629 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9629)
cross-site scripting in wordpress (CVE-2026-9629). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3297 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3297)
cross-site scripting in wordpress (CVE-2026-3297). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9134 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9134)
cross-site scripting in wordpress (CVE-2026-9134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9109 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9109)
cross-site scripting in wordpress (CVE-2026-9109). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9061 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9061)
cross-site scripting in wordpress (CVE-2026-9061). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
|
| CVE-2026-11443 |
|
Cross-Site Scripting (XSS) in CVE-2026-11443 (CVE-2026-11443)
cross-site scripting in CVE-2026-11443 (CVE-2026-11443). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53608 |
|
Cross-Site Scripting (XSS) in CVE-2026-53608 (CVE-2026-53608)
cross-site scripting in CVE-2026-53608 (CVE-2026-53608). Confidential information can be exposed externally. Exploitable via ``seoGoogleTrackingId``.
|
| CVE-2026-54395 |
|
Cross-Site Scripting (XSS) in CVE-2026-54395 (CVE-2026-54395)
cross-site scripting in CVE-2026-54395 (CVE-2026-54395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54393 |
|
Cross-Site Scripting (XSS) in CVE-2026-54393 (CVE-2026-54393)
cross-site scripting in CVE-2026-54393 (CVE-2026-54393). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12130 |
|
Cross-Site Scripting (XSS) in CVE-2026-12130 (CVE-2026-12130)
cross-site scripting in CVE-2026-12130 (CVE-2026-12130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12129 |
|
Cross-Site Scripting (XSS) in CVE-2026-12129 (CVE-2026-12129)
cross-site scripting in CVE-2026-12129 (CVE-2026-12129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53606 |
|
Cross-Site Scripting (XSS) in CVE-2026-53606 (CVE-2026-53606)
cross-site scripting in CVE-2026-53606 (CVE-2026-53606). Risk of unauthorized operations or information disclosure. Exploitable via ``allowedSchemesAppliedToAttributes``.
|
| CVE-2026-45014 |
|
Cross-Site Scripting (XSS) in CVE-2026-45014 (CVE-2026-45014)
cross-site scripting in CVE-2026-45014 (CVE-2026-45014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44311 |
|
Cross-Site Scripting (XSS) in fabric (CVE-2026-44311)
cross-site scripting in fabric (CVE-2026-44311). Risk of unauthorized operations or information disclosure. Exploitable via ``color``. Mitigation: upgrade to `7.4.0` or later.
|
| CVE-2026-53724 |
|
Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
|
| CVE-2026-53568 |
|
Cross-Site Scripting (XSS) in CVE-2026-53568 (CVE-2026-53568)
cross-site scripting in CVE-2026-53568 (CVE-2026-53568). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53787 |
|
Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53722 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-53722)
cross-site scripting in nuxt (CVE-2026-53722). Risk of unauthorized operations or information disclosure. Exploitable via ``href``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-47739 |
|
Cross-Site Scripting (XSS) in CVE-2026-47739 (CVE-2026-47739)
cross-site scripting in CVE-2026-47739 (CVE-2026-47739). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44205 |
|
Cross-Site Scripting (XSS) in CVE-2026-44205 (CVE-2026-44205)
cross-site scripting in CVE-2026-44205 (CVE-2026-44205). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9269 |
|
Vulnerability in wordpress (CVE-2026-9269)
vulnerability in wordpress (CVE-2026-9269). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9125 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9125)
cross-site scripting in wordpress (CVE-2026-9125). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42653 |
|
Cross-Site Scripting (XSS) in CVE-2026-42653 (CVE-2026-42653)
cross-site scripting in CVE-2026-42653 (CVE-2026-42653). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46489 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
|
| CVE-2026-4096 |
|
Vulnerability in ibm (CVE-2026-4096)
vulnerability in ibm (CVE-2026-4096). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2023-33999 |
|
Cross-Site Scripting (XSS) in CVE-2023-33999 (CVE-2023-33999)
cross-site scripting in CVE-2023-33999 (CVE-2023-33999). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2827 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2827)
cross-site scripting in wordpress (CVE-2026-2827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42558 |
|
Cross-Site Scripting (XSS) in CVE-2026-42558 (CVE-2026-42558)
cross-site scripting in CVE-2026-42558 (CVE-2026-42558). Confidential information can be exposed externally.
|
| CVE-2026-0266 |
|
Cross-Site Scripting (XSS) in CVE-2026-0266 (CVE-2026-0266)
cross-site scripting in CVE-2026-0266 (CVE-2026-0266). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53693 |
|
Cross-Site Scripting (XSS) in CVE-2026-53693 (CVE-2026-53693)
cross-site scripting in CVE-2026-53693 (CVE-2026-53693). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53473 |
|
Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
cross-site scripting in kubev2v (CVE-2026-53473). Confidential information can be exposed externally.
|
| CVE-2026-53441 |
|
Cross-Site Scripting (XSS) in org.jenkins-ci.main:jenkins-core (CVE-2026-53441)
cross-site scripting in org.jenkins-ci.main:jenkins-core (CVE-2026-53441). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.568` or later.
|
| CVE-2026-49069 |
|
Cross-Site Scripting (XSS) in CVE-2026-49069 (CVE-2026-49069)
cross-site scripting in CVE-2026-49069 (CVE-2026-49069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11859 |
|
Vulnerability in CVE-2026-11859 (CVE-2026-11859)
vulnerability in CVE-2026-11859 (CVE-2026-11859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9019 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9019)
cross-site scripting in wordpress (CVE-2026-9019). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8613 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8613)
cross-site scripting in wordpress (CVE-2026-8613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8853 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8853)
cross-site scripting in wordpress (CVE-2026-8853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9060 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9060)
cross-site scripting in wordpress (CVE-2026-9060). Risk of unauthorized operations or information disclosure. Exploitable via ``unfiltered_html``.
|
| CVE-2025-8444 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-8444)
cross-site scripting in wordpress (CVE-2025-8444). Risk of unauthorized operations or information disclosure.
|