Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45087 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087). Successful exploitation can lead to full system takeover. Exploitable via `POST /scan`. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-6813 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6813)
cross-site scripting in wordpress (CVE-2026-6813). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6800 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6800)
cross-site scripting in wordpress (CVE-2026-6800). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7661 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7661)
cross-site scripting in wordpress (CVE-2026-7661). Risk of unauthorized operations or information disclosure. Exploitable via ``box``.
|
| CVE-2026-6913 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6913)
cross-site scripting in wordpress (CVE-2026-6913). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7659 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7659)
cross-site scripting in wordpress (CVE-2026-7659). Risk of unauthorized operations or information disclosure. Exploitable via ``social``.
|
| CVE-2026-7464 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7464)
cross-site scripting in wordpress (CVE-2026-7464). Risk of unauthorized operations or information disclosure. Exploitable via ``page``.
|
| CVE-2026-6808 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6808)
cross-site scripting in wordpress (CVE-2026-6808). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7437 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7437)
cross-site scripting in wordpress (CVE-2026-7437). Risk of unauthorized operations or information disclosure. Exploitable via ``editpos_hidden``.
|
| CVE-2026-6690 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6690)
cross-site scripting in wordpress (CVE-2026-6690). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_ajax_nopriv_lp_update_mds``.
|
| CVE-2026-6256 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6256)
cross-site scripting in wordpress (CVE-2026-6256). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6247 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6247)
cross-site scripting in wordpress (CVE-2026-6247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5715 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5715)
cross-site scripting in wordpress (CVE-2026-5715). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5340 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5340)
cross-site scripting in wordpress (CVE-2026-5340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6237 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6237)
cross-site scripting in wordpress (CVE-2026-6237). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4920 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4920)
cross-site scripting in wordpress (CVE-2026-4920). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4859 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4859)
cross-site scripting in wordpress (CVE-2026-4859). Risk of unauthorized operations or information disclosure. Exploitable via ``wpsbd_post_carousel``.
|
| CVE-2026-3604 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3604)
cross-site scripting in wordpress (CVE-2026-3604). Risk of unauthorized operations or information disclosure. Exploitable via ``_kcseo_ative_tab``.
|
| CVE-2026-2300 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2300)
cross-site scripting in wordpress (CVE-2026-2300). Risk of unauthorized operations or information disclosure. Exploitable via ``preg_replace``.
|
| CVE-2024-34577 |
|
Cross-Site Scripting (XSS) in jvn (CVE-2024-34577)
cross-site scripting in jvn (CVE-2024-34577). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27682 |
|
Cross-Site Scripting (XSS) in sap (CVE-2026-27682)
cross-site scripting in sap (CVE-2026-27682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45392 |
|
Reserved. Details will be published at disclosure.
Reserved. Details will be published at disclosure.
|
| CVE-2026-43900 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-43900)
cross-site scripting in vue (CVE-2026-43900). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.4-beta.1` or later.
|
| CVE-2026-42554 |
|
Cross-Site Scripting (XSS) in github.com/gofiber/fiber/v3 (CVE-2026-42554)
cross-site scripting in github.com/gofiber/fiber/v3 (CVE-2026-42554). Risk of unauthorized operations or information disclosure. Exploitable via ``DefaultRes.AutoFormat``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-45026 |
|
Cross-Site Scripting (XSS) in CVE-2026-45026 (CVE-2026-45026)
cross-site scripting in CVE-2026-45026 (CVE-2026-45026). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-45025 |
|
Cross-Site Scripting (XSS) in CVE-2026-45025 (CVE-2026-45025)
cross-site scripting in CVE-2026-45025 (CVE-2026-45025). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-42887 |
|
Cross-Site Scripting (XSS) in CVE-2026-42887 (CVE-2026-42887)
cross-site scripting in CVE-2026-42887 (CVE-2026-42887). Confidential information can be exposed externally. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2026-42870 |
|
Cross-Site Scripting (XSS) in CVE-2026-42870 (CVE-2026-42870)
cross-site scripting in CVE-2026-42870 (CVE-2026-42870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42872 |
|
Cross-Site Scripting (XSS) in CVE-2026-42872 (CVE-2026-42872)
cross-site scripting in CVE-2026-42872 (CVE-2026-42872). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42874 |
|
Vulnerability in microdot (CVE-2026-42874)
vulnerability in microdot (CVE-2026-42874). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.1` or later.
|
| CVE-2026-41149 |
|
Code Injection in mermaid (CVE-2026-41149)
code injection in mermaid (CVE-2026-41149). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
|
| CVE-2026-34463 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-34463)
cross-site scripting in mantisbt/mantisbt (CVE-2026-34463). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-43968 |
|
Vulnerability in cowlib (CVE-2026-43968)
vulnerability in cowlib (CVE-2026-43968). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.16.1` or later.
|
| CVE-2026-38569 |
|
Cross-Site Scripting (XSS) in CVE-2026-38569 (CVE-2026-38569)
cross-site scripting in CVE-2026-38569 (CVE-2026-38569). Risk of unauthorized operations or information disclosure. Exploitable via `POST /candidates/add`.
|
| CVE-2026-36906 |
|
Cross-Site Scripting (XSS) in CVE-2026-36906 (CVE-2026-36906)
cross-site scripting in CVE-2026-36906 (CVE-2026-36906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41250 |
|
Cross-Site Scripting (XSS) in CVE-2026-41250 (CVE-2026-41250)
cross-site scripting in CVE-2026-41250 (CVE-2026-41250). Confidential information can be exposed externally. Mitigation: upgrade to `6.9.1` or later.
|
| CVE-2026-42842 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42842)
cross-site scripting in getgrav/grav (CVE-2026-42842). Risk of unauthorized operations or information disclosure. Exploitable via ``on_events``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-7814 |
|
Cross-Site Scripting (XSS) in pgadmin4 (CVE-2026-7814)
cross-site scripting in pgadmin4 (CVE-2026-7814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-42612 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42612)
cross-site scripting in getgrav/grav (CVE-2026-42612). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42611 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42611)
cross-site scripting in getgrav/grav (CVE-2026-42611). Confidential information can be exposed externally. Exploitable via `POST /grav-log`. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-3320 |
|
Cross-Site Scripting (XSS) in CVE-2026-3320 (CVE-2026-3320)
cross-site scripting in CVE-2026-3320 (CVE-2026-3320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3319 |
|
Cross-Site Scripting (XSS) in CVE-2026-3319 (CVE-2026-3319)
cross-site scripting in CVE-2026-3319 (CVE-2026-3319). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65417 |
|
Cross-Site Scripting (XSS) in CVE-2025-65417 (CVE-2025-65417)
cross-site scripting in CVE-2025-65417 (CVE-2025-65417). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61314 |
|
Cross-Site Scripting (XSS) in CVE-2025-61314 (CVE-2025-61314)
cross-site scripting in CVE-2025-61314 (CVE-2025-61314). Confidential information can be exposed externally.
|
| CVE-2025-61313 |
|
Cross-Site Scripting (XSS) in CVE-2025-61313 (CVE-2025-61313)
cross-site scripting in CVE-2025-61313 (CVE-2025-61313). Confidential information can be exposed externally.
|
| CVE-2025-61312 |
|
Cross-Site Scripting (XSS) in CVE-2025-61312 (CVE-2025-61312)
cross-site scripting in CVE-2025-61312 (CVE-2025-61312). Confidential information can be exposed externally.
|
| CVE-2025-61311 |
|
Cross-Site Scripting (XSS) in CVE-2025-61311 (CVE-2025-61311)
cross-site scripting in CVE-2025-61311 (CVE-2025-61311). Confidential information can be exposed externally.
|
| CVE-2025-61309 |
|
Cross-Site Scripting (XSS) in CVE-2025-61309 (CVE-2025-61309)
cross-site scripting in CVE-2025-61309 (CVE-2025-61309). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61308 |
|
Cross-Site Scripting (XSS) in CVE-2025-61308 (CVE-2025-61308)
cross-site scripting in CVE-2025-61308 (CVE-2025-61308). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61310 |
|
Cross-Site Scripting (XSS) in CVE-2025-61310 (CVE-2025-61310)
cross-site scripting in CVE-2025-61310 (CVE-2025-61310). Risk of unauthorized operations or information disclosure.
|