Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42239 |
|
Vulnerability in @budibase/backend-core (CVE-2026-42239)
vulnerability in @budibase/backend-core (CVE-2026-42239). Confidential information can be exposed externally. Exploitable via ``document.cookie``. Mitigation: upgrade to `3.35.10` or later.
|
| CVE-2026-3007 |
|
Cross-Site Scripting (XSS) in CVE-2026-3007 (CVE-2026-3007)
cross-site scripting in CVE-2026-3007 (CVE-2026-3007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41650 |
|
Vulnerability in fast-xml-parser (CVE-2026-41650)
vulnerability in fast-xml-parser (CVE-2026-41650). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.7.0` or later.
|
| CVE-2018-25269 |
|
Cross-Site Scripting (XSS) in icewarp (CVE-2018-25269)
cross-site scripting in icewarp (CVE-2018-25269). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40451 |
|
Cross-Site Scripting (XSS) in CVE-2026-40451 (CVE-2026-40451)
cross-site scripting in CVE-2026-40451 (CVE-2026-40451). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10354 |
|
Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3317 |
|
Cross-Site Scripting (XSS) in CVE-2026-3317 (CVE-2026-3317)
cross-site scripting in CVE-2026-3317 (CVE-2026-3317). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-7083 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-48700 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2749 KEV |
|
[KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33436 |
|
Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40899 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-40899)
cross-site scripting in c (CVE-2025-40899). Data can be tampered with by attackers.
|
| CVE-2026-26291 |
|
Cross-Site Scripting (XSS) in CVE-2026-26291 (CVE-2026-26291)
cross-site scripting in CVE-2026-26291 (CVE-2026-26291). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65134 |
|
Cross-Site Scripting (XSS) in CVE-2025-65134 (CVE-2025-65134)
cross-site scripting in CVE-2025-65134 (CVE-2025-65134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37980 |
|
Cross-Site Scripting (XSS) in redhat (CVE-2026-37980)
cross-site scripting in redhat (CVE-2026-37980). Confidential information can be exposed externally. Exploitable via ``organization.alias``.
|
| CVE-2025-63743 |
|
Cross-Site Scripting (XSS) in CVE-2025-63743 (CVE-2025-63743)
cross-site scripting in CVE-2025-63743 (CVE-2025-63743). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.3.2` or later.
|
| CVE-2026-6179 |
|
Cross-Site Scripting (XSS) in fptsoftware (CVE-2026-6179)
cross-site scripting in fptsoftware (CVE-2026-6179). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31845 |
|
Cross-Site Scripting (XSS) in CVE-2026-31845 (CVE-2026-31845)
cross-site scripting in CVE-2026-31845 (CVE-2026-31845). Confidential information can be exposed externally.
|
| CVE-2026-21904 |
|
Cross-Site Scripting (XSS) in juniper (CVE-2026-21904)
cross-site scripting in juniper (CVE-2026-21904). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70365 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-70365)
cross-site scripting in c (CVE-2025-70365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22675 |
|
Cross-Site Scripting (XSS) in ocsinventory-ng (CVE-2026-22675)
cross-site scripting in ocsinventory-ng (CVE-2026-22675). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-31313 |
|
Cross-Site Scripting (XSS) in feehi (CVE-2026-31313)
cross-site scripting in feehi (CVE-2026-31313). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25247 |
|
Cross-Site Scripting (XSS) in mybb (CVE-2018-25247)
cross-site scripting in mybb (CVE-2018-25247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34780 |
|
Vulnerability in electronjs (CVE-2026-34780)
vulnerability in electronjs (CVE-2026-34780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47099 |
|
Cross-Site Scripting (XSS) in telejson (CVE-2026-47099)
cross-site scripting in telejson (CVE-2026-47099). Risk of unauthorized operations or information disclosure. Exploitable via ``postMessage``. Mitigation: upgrade to `6.0.0` or later.
|
| CVE-2026-35466 |
|
Cross-Site Scripting (XSS) in cmu (CVE-2026-35466)
cross-site scripting in cmu (CVE-2026-35466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30526 |
|
Cross-Site Scripting (XSS) in pushpam02 (CVE-2026-30526)
cross-site scripting in pushpam02 (CVE-2026-30526). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29598 |
|
Cross-Site Scripting (XSS) in CVE-2026-29598 (CVE-2026-29598)
cross-site scripting in CVE-2026-29598 (CVE-2026-29598). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30082 |
|
Cross-Site Scripting (XSS) in CVE-2026-30082 (CVE-2026-30082)
cross-site scripting in CVE-2026-30082 (CVE-2026-30082). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30567 |
|
Cross-Site Scripting (XSS) in ahsanriaz26gmailcom (CVE-2026-30567)
cross-site scripting in ahsanriaz26gmailcom (CVE-2026-30567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56358 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-56358)
cross-site scripting in n8n (CVE-2026-56358). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `1.123.25` or later.
|
| CVE-2026-5010 |
|
Cross-Site Scripting (XSS) in CVE-2026-5010 (CVE-2026-5010)
cross-site scripting in CVE-2026-5010 (CVE-2026-5010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33758 |
|
Vulnerability in openbao (CVE-2026-33758)
vulnerability in openbao (CVE-2026-33758). Risk of unauthorized operations or information disclosure. Exploitable via ``error_description``.
|
| CVE-2025-61190 |
|
Cross-Site Scripting (XSS) in lyrasis (CVE-2025-61190)
cross-site scripting in lyrasis (CVE-2025-61190). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32859 |
|
Cross-Site Scripting (XSS) in CVE-2026-32859 (CVE-2026-32859)
cross-site scripting in CVE-2026-32859 (CVE-2026-32859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33559 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29934 |
|
Cross-Site Scripting (XSS) in lightcms-project (CVE-2026-29934)
cross-site scripting in lightcms-project (CVE-2026-29934). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30587 |
|
Cross-Site Scripting (XSS) in seafile (CVE-2026-30587)
cross-site scripting in seafile (CVE-2026-30587). Confidential information can be exposed externally. Mitigation: upgrade to `13.0.17` or later.
|
| CVE-2026-33331 |
|
Cross-Site Scripting (XSS) in orpc (CVE-2026-33331)
cross-site scripting in orpc (CVE-2026-33331). Confidential information can be exposed externally.
|
| CVE-2026-32851 |
|
Cross-Site Scripting (XSS) in mailenable (CVE-2026-32851)
cross-site scripting in mailenable (CVE-2026-32851). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52204 |
|
Cross-Site Scripting (XSS) in CVE-2025-52204 (CVE-2025-52204)
cross-site scripting in CVE-2025-52204 (CVE-2025-52204). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63260 |
|
Cross-Site Scripting (XSS) in syncfusion (CVE-2025-63260)
cross-site scripting in syncfusion (CVE-2025-63260). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22895 |
|
Cross-Site Scripting (XSS) in qnap (CVE-2026-22895)
cross-site scripting in qnap (CVE-2026-22895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30695 |
|
Cross-Site Scripting (XSS) in CVE-2026-30695 (CVE-2026-30695)
cross-site scripting in CVE-2026-30695 (CVE-2026-30695). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-2274 |
|
Cross-Site Scripting (XSS) in forcepoint (CVE-2025-2274)
cross-site scripting in forcepoint (CVE-2025-2274). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-20032 |
|
Cross-Site Scripting (XSS) in CVE-2016-20032 (CVE-2016-20032)
cross-site scripting in CVE-2016-20032 (CVE-2016-20032). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-20027 |
|
Cross-Site Scripting (XSS) in CVE-2016-20027 (CVE-2016-20027)
cross-site scripting in CVE-2016-20027 (CVE-2016-20027). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13702 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2025-13702)
cross-site scripting in ibm (CVE-2025-13702). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20117 |
|
Cross-Site Scripting (XSS) in express (CVE-2026-20117)
cross-site scripting in express (CVE-2026-20117). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13902 |
|
Cross-Site Scripting (XSS) in schneider-electric (CVE-2025-13902)
cross-site scripting in schneider-electric (CVE-2025-13902). Risk of unauthorized operations or information disclosure.
|