Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8438 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8438)
cross-site scripting in wordpress (CVE-2026-8438). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8900 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8900)
cross-site scripting in wordpress (CVE-2026-8900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8893 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45778 |
|
Cross-Site Scripting (XSS) in buffalo (CVE-2026-45778)
cross-site scripting in buffalo (CVE-2026-45778). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25624 |
|
Cross-Site Scripting (XSS) in arista (CVE-2026-25624)
cross-site scripting in arista (CVE-2026-25624). Confidential information can be exposed externally.
|
| CVE-2026-11338 |
|
Cross-Site Scripting (XSS) in CVE-2026-11338 (CVE-2026-11338)
cross-site scripting in CVE-2026-11338 (CVE-2026-11338). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11337 |
|
Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47387 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-47387)
cross-site scripting in nocodb (CVE-2026-47387). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect_url``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47383 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-47383)
cross-site scripting in nocodb (CVE-2026-47383). Risk of unauthorized operations or information disclosure. Exploitable via ``localStorage``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47376 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-47376)
cross-site scripting in nocodb (CVE-2026-47376). Risk of unauthorized operations or information disclosure. Exploitable via ``dataset.token``. Mitigation: upgrade to `2026.04.1` or later.
|
| CVE-2026-38579 |
|
Cross-Site Scripting (XSS) in CVE-2026-38579 (CVE-2026-38579)
cross-site scripting in CVE-2026-38579 (CVE-2026-38579). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50235 |
|
Cross-Site Scripting (XSS) in CVE-2026-50235 (CVE-2026-50235)
cross-site scripting in CVE-2026-50235 (CVE-2026-50235). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50232 |
|
Cross-Site Scripting (XSS) in CVE-2026-50232 (CVE-2026-50232)
cross-site scripting in CVE-2026-50232 (CVE-2026-50232). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50230 |
|
Cross-Site Scripting (XSS) in CVE-2026-50230 (CVE-2026-50230)
cross-site scripting in CVE-2026-50230 (CVE-2026-50230). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50231 |
|
Cross-Site Scripting (XSS) in CVE-2026-50231 (CVE-2026-50231)
cross-site scripting in CVE-2026-50231 (CVE-2026-50231). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-21825 |
|
Cross-Site Scripting (XSS) in hcltech (CVE-2026-21825)
cross-site scripting in hcltech (CVE-2026-21825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50591 |
|
IN Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.
IN Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.
|
| CVE-2026-50592 |
|
Cross-Site Scripting (XSS) in CVE-2026-50592 (CVE-2026-50592)
cross-site scripting in CVE-2026-50592 (CVE-2026-50592). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11273 |
|
Vulnerability in google (CVE-2026-11273)
vulnerability in google (CVE-2026-11273). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11186 |
|
Cross-Site Scripting (XSS) in google (CVE-2026-11186)
cross-site scripting in google (CVE-2026-11186). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11166 |
|
Cross-Site Scripting (XSS) in google (CVE-2026-11166)
cross-site scripting in google (CVE-2026-11166). Confidential information can be exposed externally.
|
| CVE-2026-11150 |
|
Cross-Site Scripting (XSS) in google (CVE-2026-11150)
cross-site scripting in google (CVE-2026-11150). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41518 |
|
Cross-Site Scripting (XSS) in CVE-2026-41518 (CVE-2026-41518)
cross-site scripting in CVE-2026-41518 (CVE-2026-41518). Confidential information can be exposed externally. Exploitable via ``ChartDatasetConfig.legend``.
|
| CVE-2025-65640 |
|
Cross-Site Scripting (XSS) in CVE-2025-65640 (CVE-2025-65640)
cross-site scripting in CVE-2025-65640 (CVE-2025-65640). Confidential information can be exposed externally.
|
| CVE-2025-67448 |
|
Cross-Site Scripting (XSS) in CVE-2025-67448 (CVE-2025-67448)
cross-site scripting in CVE-2025-67448 (CVE-2025-67448). Confidential information can be exposed externally.
|
| CVE-2026-43984 |
|
Cross-Site Scripting (XSS) in CVE-2026-43984 (CVE-2026-43984)
cross-site scripting in CVE-2026-43984 (CVE-2026-43984). Confidential information can be exposed externally. Exploitable via ``log_js_errors``.
|
| CVE-2026-10810 |
|
Cross-Site Scripting (XSS) in CVE-2026-10810 (CVE-2026-10810)
cross-site scripting in CVE-2026-10810 (CVE-2026-10810). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25744 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25744)
cross-site scripting in wordpress (CVE-2019-25744). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25739 |
|
Cross-Site Scripting (XSS) in CVE-2019-25739 (CVE-2019-25739)
cross-site scripting in CVE-2019-25739 (CVE-2019-25739). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25743 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25743)
cross-site scripting in wordpress (CVE-2019-25743). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25737 |
|
Cross-Site Scripting (XSS) in CVE-2019-25737 (CVE-2019-25737)
cross-site scripting in CVE-2019-25737 (CVE-2019-25737). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25742 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2019-25742)
cross-site scripting in wordpress (CVE-2019-25742). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25731 |
|
Cross-Site Scripting (XSS) in CVE-2019-25731 (CVE-2019-25731)
cross-site scripting in CVE-2019-25731 (CVE-2019-25731). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37700 |
|
Cross-Site Scripting (XSS) in CVE-2026-37700 (CVE-2026-37700)
cross-site scripting in CVE-2026-37700 (CVE-2026-37700). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42840 |
|
Cross-Site Scripting (XSS) in CVE-2026-42840 (CVE-2026-42840)
cross-site scripting in CVE-2026-42840 (CVE-2026-42840). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42839 |
|
Cross-Site Scripting (XSS) in CVE-2026-42839 (CVE-2026-42839)
cross-site scripting in CVE-2026-42839 (CVE-2026-42839). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26378 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-26378)
cross-site scripting in koha (CVE-2026-26378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39107 |
|
Cross-Site Scripting (XSS) in CVE-2026-39107 (CVE-2026-39107)
cross-site scripting in CVE-2026-39107 (CVE-2026-39107). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36460 |
|
Cross-Site Scripting (XSS) in CVE-2026-36460 (CVE-2026-36460)
cross-site scripting in CVE-2026-36460 (CVE-2026-36460). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20233 |
|
Cross-Site Scripting (XSS) in Cisco webex-meetings (CVE-2026-20233)
cross-site scripting in Cisco webex-meetings (CVE-2026-20233). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42321 |
|
Cross-Site Scripting (XSS) in CVE-2026-42321 (CVE-2026-42321)
cross-site scripting in CVE-2026-42321 (CVE-2026-42321). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36748 |
|
Cross-Site Scripting (XSS) in CVE-2026-36748 (CVE-2026-36748)
cross-site scripting in CVE-2026-36748 (CVE-2026-36748). Successful exploitation can lead to full system takeover.
|
| CVE-2022-31114 |
|
Cross-Site Scripting (XSS) in backpack/crud (CVE-2022-31114)
cross-site scripting in backpack/crud (CVE-2022-31114). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.63` or later.
|
| CVE-2026-47324 |
|
Cross-Site Scripting (XSS) in CVE-2026-47324 (CVE-2026-47324)
cross-site scripting in CVE-2026-47324 (CVE-2026-47324). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14773 |
|
Cross-Site Scripting (XSS) in abb (CVE-2025-14773)
cross-site scripting in abb (CVE-2025-14773). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15654 |
|
Cross-Site Scripting (XSS) in CVE-2025-15654 (CVE-2025-15654)
cross-site scripting in CVE-2025-15654 (CVE-2025-15654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7421 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7421)
cross-site scripting in wordpress (CVE-2026-7421). Risk of unauthorized operations or information disclosure. Exploitable via ``shop_name``.
|
| CVE-2026-40108 |
|
Cross-Site Scripting (XSS) in CVE-2026-40108 (CVE-2026-40108)
cross-site scripting in CVE-2026-40108 (CVE-2026-40108). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35212 |
|
Cross-Site Scripting (XSS) in pycti (CVE-2026-35212)
cross-site scripting in pycti (CVE-2026-35212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.260227.0` or later.
|
| CVE-2026-42849 |
|
Cross-Site Scripting (XSS) in authentik (CVE-2026-42849)
cross-site scripting in authentik (CVE-2026-42849). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|