Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-10810 |
|
Cross-Site Scripting (XSS) in CVE-2026-10810 (CVE-2026-10810)
cross-site scripting in CVE-2026-10810 (CVE-2026-10810). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44016 |
|
Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-10688 |
|
Vulnerability in CVE-2026-10688 (CVE-2026-10688)
vulnerability in CVE-2026-10688 (CVE-2026-10688). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49143 |
|
Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
|
| CVE-2026-1829 |
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
| CVE-2026-47117 |
|
Code Injection in openmed (CVE-2026-47117)
code injection in openmed (CVE-2026-47117). Successful exploitation can lead to full system takeover. Exploitable via ``model_name``. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-39552 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2026-10567 |
|
Cross-Site Scripting (XSS) in CVE-2026-10567 (CVE-2026-10567)
cross-site scripting in CVE-2026-10567 (CVE-2026-10567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10529 |
|
Cross-Site Scripting (XSS) in CVE-2026-10529 (CVE-2026-10529)
cross-site scripting in CVE-2026-10529 (CVE-2026-10529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10514 |
|
Cross-Site Scripting (XSS) in CVE-2026-10514 (CVE-2026-10514)
cross-site scripting in CVE-2026-10514 (CVE-2026-10514). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10301 |
|
Cross-Site Scripting (XSS) in CVE-2026-10301 (CVE-2026-10301)
cross-site scripting in CVE-2026-10301 (CVE-2026-10301). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10289 |
|
Cross-Site Scripting (XSS) in CVE-2026-10289 (CVE-2026-10289)
cross-site scripting in CVE-2026-10289 (CVE-2026-10289). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9311 |
|
Code Injection in ibm (CVE-2026-9311)
code injection in ibm (CVE-2026-9311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45131 |
|
Code Injection in CVE-2026-45131 (CVE-2026-45131)
code injection in CVE-2026-45131 (CVE-2026-45131). Confidential information can be exposed externally.
|
| CVE-2026-45132 |
|
Code Injection in CVE-2026-45132 (CVE-2026-45132)
code injection in CVE-2026-45132 (CVE-2026-45132). Confidential information can be exposed externally.
|
| CVE-2026-8931 |
|
Code Injection in CVE-2026-8931 (CVE-2026-8931)
code injection in CVE-2026-8931 (CVE-2026-8931). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10246 |
|
Cross-Site Scripting (XSS) in CVE-2026-10246 (CVE-2026-10246)
cross-site scripting in CVE-2026-10246 (CVE-2026-10246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10247 |
|
Cross-Site Scripting (XSS) in CVE-2026-10247 (CVE-2026-10247)
cross-site scripting in CVE-2026-10247 (CVE-2026-10247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10245 |
|
Cross-Site Scripting (XSS) in CVE-2026-10245 (CVE-2026-10245)
cross-site scripting in CVE-2026-10245 (CVE-2026-10245). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10244 |
|
Cross-Site Scripting (XSS) in CVE-2026-10244 (CVE-2026-10244)
cross-site scripting in CVE-2026-10244 (CVE-2026-10244). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42588 |
|
Vulnerability in activemq (CVE-2026-42588)
vulnerability in activemq (CVE-2026-42588). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-45505 |
|
Vulnerability in activemq (CVE-2026-45505)
vulnerability in activemq (CVE-2026-45505). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-10234 |
|
Cross-Site Scripting (XSS) in CVE-2026-10234 (CVE-2026-10234)
cross-site scripting in CVE-2026-10234 (CVE-2026-10234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10228 |
|
Cross-Site Scripting (XSS) in CVE-2026-10228 (CVE-2026-10228)
cross-site scripting in CVE-2026-10228 (CVE-2026-10228). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-21182 KEV |
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
|
| CVE-2026-10173 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-10173)
cross-site scripting in vue (CVE-2026-10173). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10175 |
|
Vulnerability in aider-chat (CVE-2026-10175)
vulnerability in aider-chat (CVE-2026-10175). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10153 |
|
Cross-Site Scripting (XSS) in CVE-2026-10153 (CVE-2026-10153)
cross-site scripting in CVE-2026-10153 (CVE-2026-10153). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10112 |
|
Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
cross-site scripting in CVE-2026-10112 (CVE-2026-10112). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44287 |
|
Code Injection in CVE-2026-44287 (CVE-2026-44287)
code injection in CVE-2026-44287 (CVE-2026-44287). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.15.0-beta1` or later.
|
| CVE-2026-44495 |
|
Code Injection in axios (CVE-2026-44495)
code injection in axios (CVE-2026-44495). Confidential information can be exposed externally. Exploitable via ``Object.prototype.transformResponse``. Mitigation: upgrade to `1.15.0` or later.
|
| CVE-2026-45555 |
|
Code Injection in csharp (CVE-2026-45555)
code injection in csharp (CVE-2026-45555). Successful exploitation can lead to full system takeover. Exploitable via ``get_diagnostics``. Mitigation: upgrade to `1.17.0` or later.
|
| CVE-2026-44698 |
|
Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
|
| CVE-2026-9938 |
|
Code Injection in google (CVE-2026-9938)
code injection in google (CVE-2026-9938). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9976 |
|
Code Injection in google (CVE-2026-9976)
code injection in google (CVE-2026-9976). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45261 |
|
Code Injection in CVE-2026-45261 (CVE-2026-45261)
code injection in CVE-2026-45261 (CVE-2026-45261). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.19.7` or later.
|
| CVE-2026-32999 |
|
Code Injection in CVE-2026-32999 (CVE-2026-32999)
code injection in CVE-2026-32999 (CVE-2026-32999). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44888 |
|
Code Injection in CVE-2026-44888 (CVE-2026-44888)
code injection in CVE-2026-44888 (CVE-2026-44888). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026-05-07` or later.
|
| CVE-2026-44887 |
|
Code Injection in CVE-2026-44887 (CVE-2026-44887)
code injection in CVE-2026-44887 (CVE-2026-44887). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026-05-07` or later.
|
| CVE-2026-25879 |
|
SQL Injection in langroid (CVE-2026-25879)
SQL injection in langroid (CVE-2026-25879). Successful exploitation can lead to full system takeover. Exploitable via ``query``. Mitigation: upgrade to `0.63.0` or later.
|
| CVE-2026-37713 |
|
Code Injection in CVE-2026-37713 (CVE-2026-37713)
code injection in CVE-2026-37713 (CVE-2026-37713). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37711 |
|
Code Injection in CVE-2026-37711 (CVE-2026-37711)
code injection in CVE-2026-37711 (CVE-2026-37711). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37712 |
|
Code Injection in CVE-2026-37712 (CVE-2026-37712)
code injection in CVE-2026-37712 (CVE-2026-37712). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3012 |
|
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
|
| CVE-2026-6169 |
|
Code Injection in wordpress (CVE-2026-6169)
code injection in wordpress (CVE-2026-6169). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8832 |
|
Code Injection in wordpress (CVE-2026-8832)
code injection in wordpress (CVE-2026-8832). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5760 |
|
Code Injection in jvn (CVE-2026-5760)
code injection in jvn (CVE-2026-5760). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48962 |
|
Vulnerability in CVE-2026-48962 (CVE-2026-48962)
vulnerability in CVE-2026-48962 (CVE-2026-48962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9608 |
|
Cross-Site Scripting (XSS) in CVE-2026-9608 (CVE-2026-9608)
cross-site scripting in CVE-2026-9608 (CVE-2026-9608). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9568 |
|
Vulnerability in CVE-2026-9568 (CVE-2026-9568)
vulnerability in CVE-2026-9568 (CVE-2026-9568). Risk of unauthorized operations or information disclosure.
|