Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-50949 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50949)
cross-site scripting in wordpress (CVE-2022-50949). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50945 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50945)
cross-site scripting in wordpress (CVE-2022-50945). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50946 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50946)
cross-site scripting in wordpress (CVE-2022-50946). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50947 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2022-50947)
cross-site scripting in wordpress (CVE-2022-50947). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50948 |
|
Cross-Site Scripting (XSS) in CVE-2022-50948 (CVE-2022-50948)
cross-site scripting in CVE-2022-50948 (CVE-2022-50948). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-50943 |
|
Cross-Site Scripting (XSS) in moodle (CVE-2022-50943)
cross-site scripting in moodle (CVE-2022-50943). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47951 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47951)
cross-site scripting in wordpress (CVE-2021-47951). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47950 |
|
Cross-Site Scripting (XSS) in CVE-2021-47950 (CVE-2021-47950)
cross-site scripting in CVE-2021-47950 (CVE-2021-47950). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47947 |
|
Cross-Site Scripting (XSS) in CVE-2021-47947 (CVE-2021-47947)
cross-site scripting in CVE-2021-47947 (CVE-2021-47947). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47931 |
|
Cross-Site Scripting (XSS) in CVE-2021-47931 (CVE-2021-47931)
cross-site scripting in CVE-2021-47931 (CVE-2021-47931). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47929 |
|
Cross-Site Scripting (XSS) in CVE-2021-47929 (CVE-2021-47929)
cross-site scripting in CVE-2021-47929 (CVE-2021-47929). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47927 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2021-47927)
cross-site scripting in wordpress (CVE-2021-47927). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47926 |
|
Cross-Site Scripting (XSS) in CVE-2021-47926 (CVE-2021-47926)
cross-site scripting in CVE-2021-47926 (CVE-2021-47926). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47925 |
|
Cross-Site Scripting (XSS) in CVE-2021-47925 (CVE-2021-47925)
cross-site scripting in CVE-2021-47925 (CVE-2021-47925). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47924 |
|
Cross-Site Scripting (XSS) in CVE-2021-47924 (CVE-2021-47924)
cross-site scripting in CVE-2021-47924 (CVE-2021-47924). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47922 |
|
Cross-Site Scripting (XSS) in CVE-2021-47922 (CVE-2021-47922)
cross-site scripting in CVE-2021-47922 (CVE-2021-47922). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47910 |
|
Cross-Site Scripting (XSS) in CVE-2021-47910 (CVE-2021-47910)
cross-site scripting in CVE-2021-47910 (CVE-2021-47910). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47907 |
|
Cross-Site Scripting (XSS) in CVE-2021-47907 (CVE-2021-47907)
cross-site scripting in CVE-2021-47907 (CVE-2021-47907). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6735 |
|
Cross-Site Scripting (XSS) in libphp (CVE-2026-6735)
cross-site scripting in libphp (CVE-2026-6735). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-8220 |
|
Cross-Site Scripting (XSS) in CVE-2026-8220 (CVE-2026-8220)
cross-site scripting in CVE-2026-8220 (CVE-2026-8220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8221 |
|
Cross-Site Scripting (XSS) in CVE-2026-8221 (CVE-2026-8221)
cross-site scripting in CVE-2026-8221 (CVE-2026-8221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8218 |
|
Cross-Site Scripting (XSS) in CVE-2026-8218 (CVE-2026-8218)
cross-site scripting in CVE-2026-8218 (CVE-2026-8218). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8219 |
|
Cross-Site Scripting (XSS) in CVE-2026-8219 (CVE-2026-8219)
cross-site scripting in CVE-2026-8219 (CVE-2026-8219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8195 |
|
Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)
cross-site scripting in CVE-2026-8195 (CVE-2026-8195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20108 |
|
Cross-Site Scripting (XSS) in Cisco catalyst-sd-wan-manager (CVE-2026-20108)
cross-site scripting in Cisco catalyst-sd-wan-manager (CVE-2026-20108). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20132 |
|
Cross-Site Scripting (XSS) in Cisco identity-services-engine (CVE-2026-20132)
cross-site scripting in Cisco identity-services-engine (CVE-2026-20132). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42455 |
|
Cross-Site Scripting (XSS) in CVE-2026-42455 (CVE-2026-42455)
cross-site scripting in CVE-2026-42455 (CVE-2026-42455). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/archives/`.
|
| CVE-2026-44897 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44897)
cross-site scripting in mistune (CVE-2026-44897). Risk of unauthorized operations or information disclosure. Exploitable via ``toc_1``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-44896 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44896)
cross-site scripting in mistune (CVE-2026-44896). Risk of unauthorized operations or information disclosure. Exploitable via ``figclass``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-44708 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44708)
cross-site scripting in mistune (CVE-2026-44708). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape``.
|
| CVE-2026-42556 |
|
Cross-Site Scripting (XSS) in gitroom (CVE-2026-42556)
cross-site scripting in gitroom (CVE-2026-42556). Confidential information can be exposed externally.
|
| CVE-2026-42451 |
|
Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
|
| CVE-2026-42224 |
|
Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
cross-site scripting in ipl/web (CVE-2026-42224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.10.3` or later.
|
| CVE-2026-44549 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
cross-site scripting in open-webui (CVE-2026-44549). Confidential information can be exposed externally. Exploitable via ``XLSX.utils.sheet_to_html``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44831 |
|
Cross-Site Scripting (XSS) in snipe/snipe-it (CVE-2026-44831)
cross-site scripting in snipe/snipe-it (CVE-2026-44831). Risk of unauthorized operations or information disclosure. Exploitable via ``notes``. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-44568 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44568)
cross-site scripting in open-webui (CVE-2026-44568). Risk of unauthorized operations or information disclosure. Exploitable via ``AccountPending.svelte``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-42192 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-42192)
cross-site scripting in react (CVE-2026-42192). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44737 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-44737)
cross-site scripting in getgrav/grav (CVE-2026-44737). Risk of unauthorized operations or information disclosure. Exploitable via `GET /admin/pages/`. Mitigation: upgrade to `1.7.49.5` or later.
|
| CVE-2026-44588 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588). Risk of unauthorized operations or information disclosure. Exploitable via ``getAttribute``.
|
| CVE-2026-44721 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44429 |
|
Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/github-at`. Mitigation: upgrade to `1.7.7` or later.
|
| CVE-2026-44212 |
|
Cross-Site Scripting (XSS) in prestashop/prestashop (CVE-2026-44212)
cross-site scripting in prestashop/prestashop (CVE-2026-44212). Confidential information can be exposed externally. Mitigation: upgrade to `9.1.1` or later.
|
| CVE-2026-44670 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670). Risk of unauthorized operations or information disclosure. Exploitable via ``outerHTML``. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
|
| CVE-2026-41886 |
|
Vulnerability in locize (CVE-2026-41886)
vulnerability in locize (CVE-2026-41886). Data can be tampered with by attackers. Exploitable via ``locize``. Mitigation: upgrade to `4.0.21` or later.
|
| CVE-2026-42794 |
|
Cross-Site Scripting (XSS) in absinthe_plug (CVE-2026-42794)
cross-site scripting in absinthe_plug (CVE-2026-42794). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41591 |
|
Cross-Site Scripting (XSS) in marko (CVE-2026-41591)
cross-site scripting in marko (CVE-2026-41591). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape_script``. Mitigation: upgrade to `5.38.36` or later.
|
| CVE-2026-41683 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41575 |
|
Cross-Site Scripting (XSS) in th30d4y (CVE-2026-41575)
cross-site scripting in th30d4y (CVE-2026-41575). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41576 |
|
Cross-Site Scripting (XSS) in CVE-2026-41576 (CVE-2026-41576)
cross-site scripting in CVE-2026-41576 (CVE-2026-41576). Confidential information can be exposed externally.
|
| CVE-2026-41524 |
|
Cross-Site Scripting (XSS) in laravel (CVE-2026-41524)
cross-site scripting in laravel (CVE-2026-41524). Confidential information can be exposed externally.
|