Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-7650 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7650)
cross-site scripting in wordpress (CVE-2026-7650). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7475 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7475)
cross-site scripting in wordpress (CVE-2026-7475). Risk of unauthorized operations or information disclosure. Exploitable via ``sky_script_content``.
|
| CVE-2026-5341 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5341)
cross-site scripting in wordpress (CVE-2026-5341). Risk of unauthorized operations or information disclosure. Exploitable via ``strava_nmr_connect``.
|
| CVE-2026-7330 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-33724 |
|
Cross-Site Scripting (XSS) in CVE-2024-33724 (CVE-2024-33724)
cross-site scripting in CVE-2024-33724 (CVE-2024-33724). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-42345 |
|
Cross-Site Scripting (XSS) in CVE-2023-42345 (CVE-2023-42345)
cross-site scripting in CVE-2023-42345 (CVE-2023-42345). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-42343 |
|
Cross-Site Scripting (XSS) in CVE-2023-42343 (CVE-2023-42343)
cross-site scripting in CVE-2023-42343 (CVE-2023-42343). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-23961 |
|
Cross-Site Scripting (XSS) in CVE-2022-23961 (CVE-2022-23961)
cross-site scripting in CVE-2022-23961 (CVE-2022-23961). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8136 |
|
Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136)
cross-site scripting in CVE-2026-8136 (CVE-2026-8136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42150 |
|
Cross-Site Scripting (XSS) in wlc (CVE-2026-42150)
cross-site scripting in wlc (CVE-2026-42150). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.0` or later.
|
| CVE-2026-8117 |
|
Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)
cross-site scripting in CVE-2026-8117 (CVE-2026-8117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8106 |
|
Cross-Site Scripting (XSS) in github (CVE-2026-8106)
cross-site scripting in github (CVE-2026-8106). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41929 |
|
Cross-Site Scripting (XSS) in CVE-2026-41929 (CVE-2026-41929)
cross-site scripting in CVE-2026-41929 (CVE-2026-41929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32207 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)
cross-site scripting in microsoft (CVE-2026-32207). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44742 |
|
Cross-Site Scripting (XSS) in postorius (CVE-2026-44742)
cross-site scripting in postorius (CVE-2026-44742). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41692 |
|
Cross-Site Scripting (XSS) in i18nextify (CVE-2026-41692)
cross-site scripting in i18nextify (CVE-2026-41692). Risk of unauthorized operations or information disclosure. Exploitable via ``i18nextify``. Mitigation: upgrade to `4.0.8` or later.
|
| CVE-2026-39823 |
|
Cross-Site Scripting (XSS) in golang (CVE-2026-39823)
cross-site scripting in golang (CVE-2026-39823). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-36388 |
|
Cross-Site Scripting (XSS) in CVE-2026-36388 (CVE-2026-36388)
cross-site scripting in CVE-2026-36388 (CVE-2026-36388). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-67202 |
|
Cross-Site Scripting (XSS) in sidekiq-cron (CVE-2025-67202)
cross-site scripting in sidekiq-cron (CVE-2025-67202). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.0` or later.
|
| CVE-2026-8080 |
|
Cross-Site Scripting (XSS) in misp (CVE-2026-8080)
cross-site scripting in misp (CVE-2026-8080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21947 |
|
Cross-Site Scripting (XSS) in java (CVE-2026-21947)
cross-site scripting in java (CVE-2026-21947). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2026-36358 |
|
Cross-Site Scripting (XSS) in CVE-2026-36358 (CVE-2026-36358)
cross-site scripting in CVE-2026-36358 (CVE-2026-36358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44903 |
|
Cross-Site Scripting (XSS) in github.com/prometheus/prometheus (CVE-2026-44903)
cross-site scripting in github.com/prometheus/prometheus (CVE-2026-44903). Risk of unauthorized operations or information disclosure. Exploitable via ``label_replace``. Mitigation: upgrade to `2.7.2` or later.
|
| CVE-2026-35453 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-38432 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52206 |
|
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
|
| CVE-2026-27694 |
|
Cross-Site Scripting (XSS) in traccar (CVE-2026-27694)
cross-site scripting in traccar (CVE-2026-27694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42138 |
|
Cross-Site Scripting (XSS) in langgenius (CVE-2026-42138)
cross-site scripting in langgenius (CVE-2026-42138). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/files/upload`.
|
| CVE-2026-42052 |
|
Cross-Site Scripting (XSS) in beets (CVE-2026-42052)
cross-site scripting in beets (CVE-2026-42052). Risk of unauthorized operations or information disclosure. Exploitable via ``title``. Mitigation: upgrade to `2.10.0` or later.
|
| CVE-2026-42086 |
|
Cross-Site Scripting (XSS) in openc3 (CVE-2026-42086)
cross-site scripting in openc3 (CVE-2026-42086). Risk of unauthorized operations or information disclosure. Exploitable via ``convertToValue``. Mitigation: upgrade to `7.0.0` or later.
|
| CVE-2026-42090 |
|
Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
cross-site scripting in streetwriters (CVE-2026-42090). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14320 |
|
Cross-Site Scripting (XSS) in CVE-2025-14320 (CVE-2025-14320)
cross-site scripting in CVE-2025-14320 (CVE-2025-14320). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37503 |
|
Cross-Site Scripting (XSS) in v2board (CVE-2026-37503)
cross-site scripting in v2board (CVE-2026-37503). Confidential information can be exposed externally.
|
| CVE-2026-40296 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-40296)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-40296). Risk of unauthorized operations or information disclosure. Exploitable via ``General``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-38949 |
|
Cross-Site Scripting (XSS) in CVE-2026-38949 (CVE-2026-38949)
cross-site scripting in CVE-2026-38949 (CVE-2026-38949). Confidential information can be exposed externally.
|
| CVE-2026-5362 |
|
Cross-Site Scripting (XSS) in pimcore (CVE-2026-5362)
cross-site scripting in pimcore (CVE-2026-5362). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38935 |
|
Cross-Site Scripting (XSS) in CVE-2026-38935 (CVE-2026-38935)
cross-site scripting in CVE-2026-38935 (CVE-2026-38935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38936 |
|
Cross-Site Scripting (XSS) in CVE-2026-38936 (CVE-2026-38936)
cross-site scripting in CVE-2026-38936 (CVE-2026-38936). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6999 |
|
Cross-Site Scripting (XSS) in CVE-2026-6999 (CVE-2026-6999)
cross-site scripting in CVE-2026-6999 (CVE-2026-6999). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3007 |
|
Cross-Site Scripting (XSS) in CVE-2026-3007 (CVE-2026-3007)
cross-site scripting in CVE-2026-3007 (CVE-2026-3007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3837 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-3837)
cross-site scripting in frappe (CVE-2026-3837). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3673 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-3673)
cross-site scripting in frappe (CVE-2026-3673). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25269 |
|
Cross-Site Scripting (XSS) in icewarp (CVE-2018-25269)
cross-site scripting in icewarp (CVE-2018-25269). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40451 |
|
Cross-Site Scripting (XSS) in CVE-2026-40451 (CVE-2026-40451)
cross-site scripting in CVE-2026-40451 (CVE-2026-40451). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10354 |
|
Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3317 |
|
Cross-Site Scripting (XSS) in CVE-2026-3317 (CVE-2026-3317)
cross-site scripting in CVE-2026-3317 (CVE-2026-3317). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-7083 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-48700 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33436 |
|
Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56761 |
|
Cross-Site Scripting (XSS) in hono (CVE-2026-56761)
cross-site scripting in hono (CVE-2026-56761). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.14` or later.
|