Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40544 |
|
Cross-Site Scripting (XSS) in CVE-2026-40544 (CVE-2026-40544)
cross-site scripting in CVE-2026-40544 (CVE-2026-40544). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10234 |
|
Cross-Site Scripting (XSS) in CVE-2026-10234 (CVE-2026-10234)
cross-site scripting in CVE-2026-10234 (CVE-2026-10234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10228 |
|
Cross-Site Scripting (XSS) in CVE-2026-10228 (CVE-2026-10228)
cross-site scripting in CVE-2026-10228 (CVE-2026-10228). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48209 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-48209)
cross-site scripting in c (CVE-2026-48209). Data can be tampered with by attackers.
|
| CVE-2026-10173 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-10173)
cross-site scripting in vue (CVE-2026-10173). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10153 |
|
Cross-Site Scripting (XSS) in CVE-2026-10153 (CVE-2026-10153)
cross-site scripting in CVE-2026-10153 (CVE-2026-10153). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10112 |
|
Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
cross-site scripting in CVE-2026-10112 (CVE-2026-10112). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34127 |
|
Cross-Site Scripting (XSS) in tp-link (CVE-2026-34127)
cross-site scripting in tp-link (CVE-2026-34127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49384 |
|
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
|
| CVE-2026-49381 |
|
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
|
| CVE-2026-49375 |
|
Cross-Site Scripting (XSS) in jetbrains (CVE-2026-49375)
cross-site scripting in jetbrains (CVE-2026-49375). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49371 |
|
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
|
| CVE-2026-49368 |
|
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
|
| CVE-2026-45668 |
|
Path Traversal in path-traversal (CVE-2026-45668)
path traversal in path-traversal (CVE-2026-45668). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.102.2` or later.
|
| CVE-2026-36324 |
|
Cross-Site Scripting (XSS) in CVE-2026-36324 (CVE-2026-36324)
cross-site scripting in CVE-2026-36324 (CVE-2026-36324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33386 |
|
Cross-Site Scripting (XSS) in CVE-2026-33386 (CVE-2026-33386)
cross-site scripting in CVE-2026-33386 (CVE-2026-33386). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25384 |
|
Cross-Site Scripting (XSS) in CVE-2018-25384 (CVE-2018-25384)
cross-site scripting in CVE-2018-25384 (CVE-2018-25384). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47694 |
|
Cross-Site Scripting (XSS) in WWBN/AVideo (CVE-2026-47694)
cross-site scripting in WWBN/AVideo (CVE-2026-47694). Risk of unauthorized operations or information disclosure. Exploitable via ``category_description``.
|
| CVE-2026-48527 |
|
Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-48527)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-48527). Confidential information can be exposed externally. Exploitable via `POST /system/api/saveNode`. Mitigation: upgrade to `26.0.1` or later.
|
| CVE-2026-45551 |
|
Cross-Site Scripting (XSS) in CVE-2026-45551 (CVE-2026-45551)
cross-site scripting in CVE-2026-45551 (CVE-2026-45551). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.25` or later.
|
| CVE-2026-9811 |
|
Cross-Site Scripting (XSS) in mautic/core (CVE-2026-9811)
cross-site scripting in mautic/core (CVE-2026-9811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-9809 |
|
Cross-Site Scripting (XSS) in mautic/core (CVE-2026-9809)
cross-site scripting in mautic/core (CVE-2026-9809). Data can be tampered with by attackers. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-10058 |
|
Cross-Site Scripting (XSS) in CVE-2026-10058 (CVE-2026-10058)
cross-site scripting in CVE-2026-10058 (CVE-2026-10058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10057 |
|
Cross-Site Scripting (XSS) in CVE-2026-10057 (CVE-2026-10057)
cross-site scripting in CVE-2026-10057 (CVE-2026-10057). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9243 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9243)
cross-site scripting in wordpress (CVE-2026-9243). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11262 |
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
| CVE-2026-9714 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9714)
cross-site scripting in wordpress (CVE-2026-9714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6275 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6275)
cross-site scripting in wordpress (CVE-2026-6275). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14042 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2025-14042)
cross-site scripting in wordpress (CVE-2025-14042). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7430 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7430)
cross-site scripting in wordpress (CVE-2026-7430). Risk of unauthorized operations or information disclosure. Exploitable via ``WPEditor.php``.
|
| CVE-2026-9971 |
|
Cross-Site Scripting (XSS) in google (CVE-2026-9971)
cross-site scripting in google (CVE-2026-9971). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45343 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2026-45343)
cross-site scripting in csrf (CVE-2026-45343). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.6` or later.
|
| CVE-2026-42401 |
|
Cross-Site Scripting (XSS) in elk (CVE-2026-42401)
cross-site scripting in elk (CVE-2026-42401). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.19.16, 9.4.0` or later.
|
| CVE-2026-45323 |
|
Cross-Site Scripting (XSS) in jpettitt (CVE-2026-45323)
cross-site scripting in jpettitt (CVE-2026-45323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.3.3` or later.
|
| CVE-2026-6824 |
|
Cross-Site Scripting (XSS) in cisa (CVE-2026-6824)
cross-site scripting in cisa (CVE-2026-6824). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47761 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47761)
cross-site scripting in tinymce (CVE-2026-47761). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-47759 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47759)
cross-site scripting in tinymce (CVE-2026-47759). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-47762 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47762)
cross-site scripting in tinymce (CVE-2026-47762). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-47760 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47760)
cross-site scripting in tinymce (CVE-2026-47760). Confidential information can be exposed externally. Mitigation: upgrade to `7.1.0` or later.
|
| CVE-2024-47097 |
|
Cross-Site Scripting (XSS) in CVE-2024-47097 (CVE-2024-47097)
cross-site scripting in CVE-2024-47097 (CVE-2024-47097). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4334 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4334)
cross-site scripting in wordpress (CVE-2026-4334). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-47096 |
|
Cross-Site Scripting (XSS) in CVE-2024-47096 (CVE-2024-47096)
cross-site scripting in CVE-2024-47096 (CVE-2024-47096). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9806 |
|
Cross-Site Scripting (XSS) in CVE-2026-9806 (CVE-2026-9806)
cross-site scripting in CVE-2026-9806 (CVE-2026-9806). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7660 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7660)
cross-site scripting in wordpress (CVE-2026-7660). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6427 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6427)
cross-site scripting in wordpress (CVE-2026-6427). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7052 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7052)
cross-site scripting in wordpress (CVE-2026-7052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7634 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7634)
cross-site scripting in wordpress (CVE-2026-7634). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9644 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9644)
cross-site scripting in wordpress (CVE-2026-9644). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2374 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
|
| CVE-2026-42197 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-42197)
cross-site scripting in django (CVE-2026-42197). Confidential information can be exposed externally. Exploitable via ``ParticipationAdmin``.
|