Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49134 |
|
Vulnerability in privilege-escalation (CVE-2026-49134)
vulnerability in privilege-escalation (CVE-2026-49134). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45275 |
|
Vulnerability in privilege-escalation (CVE-2026-45275)
vulnerability in privilege-escalation (CVE-2026-45275). Confidential information can be exposed externally.
|
| CVE-2026-41013 |
|
Vulnerability in privilege-escalation (CVE-2026-41013)
vulnerability in privilege-escalation (CVE-2026-41013). Confidential information can be exposed externally.
|
| CVE-2026-48879 |
|
Vulnerability in privilege-escalation (CVE-2026-48879)
vulnerability in privilege-escalation (CVE-2026-48879). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42680 |
|
Vulnerability in privilege-escalation (CVE-2026-42680)
vulnerability in privilege-escalation (CVE-2026-42680). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10532 |
|
Unsafe Deserialization in privilege-escalation (CVE-2026-10532)
vulnerability in privilege-escalation (CVE-2026-10532). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9051 |
|
Vulnerability in privilege-escalation (CVE-2026-9051)
vulnerability in privilege-escalation (CVE-2026-9051). Confidential information can be exposed externally.
|
| CVE-2026-44962 |
|
Vulnerability in privilege-escalation (CVE-2026-44962)
vulnerability in privilege-escalation (CVE-2026-44962). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32906 |
|
Authorization Flaw in privilege-escalation (CVE-2026-32906)
vulnerability in privilege-escalation (CVE-2026-32906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45043 |
|
Privilege Escalation in privilege-escalation (CVE-2026-45043)
vulnerability in privilege-escalation (CVE-2026-45043). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /rustfs/admin/v3/import-iam`. Mitigation: upgrade to `1.0.0-beta.2` or later.
|
| CVE-2026-8732 |
|
Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8809 |
|
Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5343 |
|
Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
|
| CVE-2026-49095 |
|
Vulnerability in elk (CVE-2026-49095)
vulnerability in elk (CVE-2026-49095). Confidential information can be exposed externally. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
|
| CVE-2026-9094 |
|
Vulnerability in privilege-escalation (CVE-2026-9094)
vulnerability in privilege-escalation (CVE-2026-9094). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22872 |
|
Vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872)
vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-9828 |
|
Unsafe Deserialization in ch.qos.logback:logback-core (CVE-2026-9828)
vulnerability in ch.qos.logback:logback-core (CVE-2026-9828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.5.33` or later.
|
| CVE-2026-8980 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8980)
vulnerability in privilege-escalation (CVE-2026-8980). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49237 |
|
Vulnerability in privilege-escalation (CVE-2026-49237)
vulnerability in privilege-escalation (CVE-2026-49237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6226 |
|
Privilege Escalation in wordpress (CVE-2026-6226)
vulnerability in wordpress (CVE-2026-6226). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9802 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9802)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9802). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-9795 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9795)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9795). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.4` or later.
|
| CVE-2026-32996 |
|
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
|
| CVE-2026-9789 |
|
Path Traversal in privilege-escalation (CVE-2026-9789)
path traversal in privilege-escalation (CVE-2026-9789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48150 |
|
Vulnerability in @budibase/server (CVE-2026-48150)
vulnerability in @budibase/server (CVE-2026-48150). Confidential information can be exposed externally. Exploitable via `GET /api/global/self/api_key`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2025-68712 |
|
Vulnerability in c (CVE-2025-68712)
vulnerability in c (CVE-2025-68712). Confidential information can be exposed externally.
|
| CVE-2026-9704 |
|
Vulnerability in org.keycloak:keycloak-server-spi-private (CVE-2026-9704)
vulnerability in org.keycloak:keycloak-server-spi-private (CVE-2026-9704). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-42758 |
|
Vulnerability in privilege-escalation (CVE-2026-42758)
vulnerability in privilege-escalation (CVE-2026-42758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42731 |
|
Vulnerability in privilege-escalation (CVE-2026-42731)
vulnerability in privilege-escalation (CVE-2026-42731). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41670 |
|
Vulnerability in privilege-escalation (CVE-2025-41670)
vulnerability in privilege-escalation (CVE-2025-41670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8787 |
|
Privilege Escalation in wordpress (CVE-2026-8787)
vulnerability in wordpress (CVE-2026-8787). Successful exploitation can lead to full system takeover. Exploitable via ``user_email``.
|
| CVE-2025-68711 |
|
Vulnerability in c (CVE-2025-68711)
vulnerability in c (CVE-2025-68711). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68708 |
|
Vulnerability in c (CVE-2025-68708)
vulnerability in c (CVE-2025-68708). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68710 |
|
Vulnerability in c (CVE-2025-68710)
vulnerability in c (CVE-2025-68710). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68709 |
|
Cross-Site Scripting (XSS) in privilege-escalation (CVE-2025-68709)
cross-site scripting in privilege-escalation (CVE-2025-68709). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9560 |
|
OS Command Injection in privilege-escalation (CVE-2026-9560)
OS command injection in privilege-escalation (CVE-2026-9560). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48899 |
|
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
|
| CVE-2026-48898 |
|
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
|
| CVE-2026-25112 |
|
Vulnerability in privilege-escalation (CVE-2026-25112)
vulnerability in privilege-escalation (CVE-2026-25112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44469 |
|
Vulnerability in privilege-escalation (CVE-2026-44469)
vulnerability in privilege-escalation (CVE-2026-44469). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44468 |
|
Vulnerability in privilege-escalation (CVE-2026-44468)
vulnerability in privilege-escalation (CVE-2026-44468). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45216 |
|
Vulnerability in privilege-escalation (CVE-2026-45216)
vulnerability in privilege-escalation (CVE-2026-45216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48845 |
|
Vulnerability in privilege-escalation (CVE-2026-48845)
vulnerability in privilege-escalation (CVE-2026-48845). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9489 |
|
Path Traversal in privilege-escalation (CVE-2026-9489)
path traversal in privilege-escalation (CVE-2026-9489). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6895 |
|
Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6419 |
|
Privilege Escalation in wordpress (CVE-2026-6419)
vulnerability in wordpress (CVE-2026-6419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-39821 |
|
Vulnerability in golang.org/x/net (CVE-2026-39821)
vulnerability in golang.org/x/net (CVE-2026-39821). Confidential information can be exposed externally. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47101 |
|
Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
|