Search
6,905 CVEs
CVEs (6,905, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 6,905 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2026-3320 | NONE | — | 2026-05-11 | Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the en… | |
| CVE-2026-42607 | CRITICAL | Patched | 9.1 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specia… |
| CVE-2026-42608 | CRITICAL | Patched | 9.1 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passe… |
| CVE-2026-42609 | HIGH | Patched | 8.1 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permi… |
| CVE-2026-42610 | MEDIUM | Patched | 6.5 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update permissions) can bypass the existing Twig sandbox… |
| CVE-2026-42611 | HIGH | Patched | 8.9 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS… |
| CVE-2026-42612 | HIGH | Patched | 8.5 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbit… |
| CVE-2026-42613 | CRITICAL | Patched | 9.4 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the reg… |
| CVE-2026-42841 | MEDIUM | Patched | 4.8 | 2026-05-11 | Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute in… |
| CVE-2026-44197 | MEDIUM | Patched | 6.5 | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of… |
| CVE-2026-44198 | MEDIUM | Patched | 4.3 | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the hi… |
| CVE-2026-44199 | MEDIUM | Patched | 6.5 | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions t… |
| CVE-2026-44200 | MEDIUM | Patched | 6.5 | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't ha… |
| CVE-2026-44201 | MEDIUM | Patched | 5.3 | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collec… |
| CVE-2026-44643 | CRITICAL | Patched | 10.0 | 2026-05-11 | Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters… |
| CVE-2026-6093 | NONE | — | 2026-05-11 | Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8. | |
| CVE-2026-6815 | MEDIUM | Patched | 5.9 | 2026-05-11 | An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administ… |
| CVE-2026-7813 | CRITICAL | Patched | 9.9 | 2026-05-11 | Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetch… |
| CVE-2026-7814 | MEDIUM | Patched | 4.8 | 2026-05-11 | Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names (database, schema, table,… |
| CVE-2026-7815 | HIGH | Patched | 8.8 | 2026-05-11 | SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel, vacuum_index_cleanup, reindex_tablespace) w… |
| CVE-2026-7816 | HIGH | Patched | 8.8 | 2026-05-11 | OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into a psql \copy metacommand template w… |
| CVE-2026-7817 | MEDIUM | Patched | 6.5 | 2026-05-11 | Local file inclusion (LFI) and server-side request forgery (SSRF) vulnerabilities in pgAdmin 4 LLM API configuration endpoints. User-supplied api_key_file and api_url pref… |
| CVE-2026-7818 | HIGH | Patched | 7.0 | 2026-05-11 | Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Pyt… |
| CVE-2026-7819 | HIGH | Patched | 8.1 | 2026-05-11 | Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic li… |
| CVE-2026-7820 | MEDIUM | Patched | 6.5 | 2026-05-11 | Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4. pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flas… |