Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-94 Clear
ID Title
CVE-2026-10810 Cross-Site Scripting (XSS) in CVE-2026-10810 (CVE-2026-10810)
cross-site scripting in CVE-2026-10810 (CVE-2026-10810). Risk of unauthorized operations or information disclosure.
CVE-2026-44016 Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-10688 Vulnerability in CVE-2026-10688 (CVE-2026-10688)
vulnerability in CVE-2026-10688 (CVE-2026-10688). Risk of unauthorized operations or information disclosure.
CVE-2026-49143 Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
CVE-2026-47117 Code Injection in openmed (CVE-2026-47117)
code injection in openmed (CVE-2026-47117). Successful exploitation can lead to full system takeover. Exploitable via ``model_name``. Mitigation: upgrade to `1.5.2` or later.
CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-10567 Cross-Site Scripting (XSS) in CVE-2026-10567 (CVE-2026-10567)
cross-site scripting in CVE-2026-10567 (CVE-2026-10567). Risk of unauthorized operations or information disclosure.
CVE-2026-10529 Cross-Site Scripting (XSS) in CVE-2026-10529 (CVE-2026-10529)
cross-site scripting in CVE-2026-10529 (CVE-2026-10529). Risk of unauthorized operations or information disclosure.
CVE-2026-10514 Cross-Site Scripting (XSS) in CVE-2026-10514 (CVE-2026-10514)
cross-site scripting in CVE-2026-10514 (CVE-2026-10514). Risk of unauthorized operations or information disclosure.
CVE-2026-10301 Cross-Site Scripting (XSS) in CVE-2026-10301 (CVE-2026-10301)
cross-site scripting in CVE-2026-10301 (CVE-2026-10301). Risk of unauthorized operations or information disclosure.
CVE-2026-10289 Cross-Site Scripting (XSS) in CVE-2026-10289 (CVE-2026-10289)
cross-site scripting in CVE-2026-10289 (CVE-2026-10289). Risk of unauthorized operations or information disclosure.
CVE-2026-9311 Code Injection in ibm (CVE-2026-9311)
code injection in ibm (CVE-2026-9311). Successful exploitation can lead to full system takeover.
CVE-2026-45131 Code Injection in CVE-2026-45131 (CVE-2026-45131)
code injection in CVE-2026-45131 (CVE-2026-45131). Confidential information can be exposed externally.
CVE-2026-45132 Code Injection in CVE-2026-45132 (CVE-2026-45132)
code injection in CVE-2026-45132 (CVE-2026-45132). Confidential information can be exposed externally.
CVE-2026-8931 Code Injection in CVE-2026-8931 (CVE-2026-8931)
code injection in CVE-2026-8931 (CVE-2026-8931). Risk of unauthorized operations or information disclosure.
CVE-2026-10246 Cross-Site Scripting (XSS) in CVE-2026-10246 (CVE-2026-10246)
cross-site scripting in CVE-2026-10246 (CVE-2026-10246). Risk of unauthorized operations or information disclosure.
CVE-2026-10247 Cross-Site Scripting (XSS) in CVE-2026-10247 (CVE-2026-10247)
cross-site scripting in CVE-2026-10247 (CVE-2026-10247). Risk of unauthorized operations or information disclosure.
CVE-2026-10245 Cross-Site Scripting (XSS) in CVE-2026-10245 (CVE-2026-10245)
cross-site scripting in CVE-2026-10245 (CVE-2026-10245). Risk of unauthorized operations or information disclosure.
CVE-2026-10244 Cross-Site Scripting (XSS) in CVE-2026-10244 (CVE-2026-10244)
cross-site scripting in CVE-2026-10244 (CVE-2026-10244). Risk of unauthorized operations or information disclosure.
CVE-2026-42588 Vulnerability in activemq (CVE-2026-42588)
vulnerability in activemq (CVE-2026-42588). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-45505 Vulnerability in activemq (CVE-2026-45505)
vulnerability in activemq (CVE-2026-45505). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-10234 Cross-Site Scripting (XSS) in CVE-2026-10234 (CVE-2026-10234)
cross-site scripting in CVE-2026-10234 (CVE-2026-10234). Risk of unauthorized operations or information disclosure.
CVE-2026-10228 Cross-Site Scripting (XSS) in CVE-2026-10228 (CVE-2026-10228)
cross-site scripting in CVE-2026-10228 (CVE-2026-10228). Risk of unauthorized operations or information disclosure.
CVE-2024-21182 KEV Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
CVE-2026-10173 Cross-Site Scripting (XSS) in vue (CVE-2026-10173)
cross-site scripting in vue (CVE-2026-10173). Risk of unauthorized operations or information disclosure.
CVE-2026-10175 Vulnerability in aider-chat (CVE-2026-10175)
vulnerability in aider-chat (CVE-2026-10175). Risk of unauthorized operations or information disclosure.
CVE-2026-10153 Cross-Site Scripting (XSS) in CVE-2026-10153 (CVE-2026-10153)
cross-site scripting in CVE-2026-10153 (CVE-2026-10153). Risk of unauthorized operations or information disclosure.
CVE-2026-10112 Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
cross-site scripting in CVE-2026-10112 (CVE-2026-10112). Risk of unauthorized operations or information disclosure.
CVE-2026-44287 Code Injection in CVE-2026-44287 (CVE-2026-44287)
code injection in CVE-2026-44287 (CVE-2026-44287). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.15.0-beta1` or later.
CVE-2026-44495 Code Injection in axios (CVE-2026-44495)
code injection in axios (CVE-2026-44495). Confidential information can be exposed externally. Exploitable via ``Object.prototype.transformResponse``. Mitigation: upgrade to `1.15.0` or later.
CVE-2026-45555 Code Injection in csharp (CVE-2026-45555)
code injection in csharp (CVE-2026-45555). Successful exploitation can lead to full system takeover. Exploitable via ``get_diagnostics``. Mitigation: upgrade to `1.17.0` or later.
CVE-2026-44698 Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
CVE-2026-9938 Code Injection in google (CVE-2026-9938)
code injection in google (CVE-2026-9938). Successful exploitation can lead to full system takeover.
CVE-2026-9976 Code Injection in google (CVE-2026-9976)
code injection in google (CVE-2026-9976). Successful exploitation can lead to full system takeover.
CVE-2026-45261 Code Injection in CVE-2026-45261 (CVE-2026-45261)
code injection in CVE-2026-45261 (CVE-2026-45261). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.19.7` or later.
CVE-2026-32999 Code Injection in CVE-2026-32999 (CVE-2026-32999)
code injection in CVE-2026-32999 (CVE-2026-32999). Successful exploitation can lead to full system takeover.
CVE-2026-44888 Code Injection in CVE-2026-44888 (CVE-2026-44888)
code injection in CVE-2026-44888 (CVE-2026-44888). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026-05-07` or later.
CVE-2026-44887 Code Injection in CVE-2026-44887 (CVE-2026-44887)
code injection in CVE-2026-44887 (CVE-2026-44887). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026-05-07` or later.
CVE-2026-25879 SQL Injection in langroid (CVE-2026-25879)
SQL injection in langroid (CVE-2026-25879). Successful exploitation can lead to full system takeover. Exploitable via ``query``. Mitigation: upgrade to `0.63.0` or later.
CVE-2026-37713 Code Injection in CVE-2026-37713 (CVE-2026-37713)
code injection in CVE-2026-37713 (CVE-2026-37713). Risk of unauthorized operations or information disclosure.
CVE-2026-37711 Code Injection in CVE-2026-37711 (CVE-2026-37711)
code injection in CVE-2026-37711 (CVE-2026-37711). Risk of unauthorized operations or information disclosure.
CVE-2026-37712 Code Injection in CVE-2026-37712 (CVE-2026-37712)
code injection in CVE-2026-37712 (CVE-2026-37712). Risk of unauthorized operations or information disclosure.
CVE-2026-3012 A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
CVE-2026-6169 Code Injection in wordpress (CVE-2026-6169)
code injection in wordpress (CVE-2026-6169). Successful exploitation can lead to full system takeover.
CVE-2026-8832 Code Injection in wordpress (CVE-2026-8832)
code injection in wordpress (CVE-2026-8832). Successful exploitation can lead to full system takeover.
CVE-2026-5760 Code Injection in jvn (CVE-2026-5760)
code injection in jvn (CVE-2026-5760). Successful exploitation can lead to full system takeover.
CVE-2026-48962 Vulnerability in CVE-2026-48962 (CVE-2026-48962)
vulnerability in CVE-2026-48962 (CVE-2026-48962). Risk of unauthorized operations or information disclosure.
CVE-2026-9608 Cross-Site Scripting (XSS) in CVE-2026-9608 (CVE-2026-9608)
cross-site scripting in CVE-2026-9608 (CVE-2026-9608). Risk of unauthorized operations or information disclosure.
CVE-2026-9568 Vulnerability in CVE-2026-9568 (CVE-2026-9568)
vulnerability in CVE-2026-9568 (CVE-2026-9568). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →