Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-10539 |
|
Vulnerability in draugiemgroup (CVE-2025-10539)
vulnerability in draugiemgroup (CVE-2025-10539). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-1708 KEV |
|
[KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-38936 |
|
Cross-Site Scripting (XSS) in CVE-2026-38936 (CVE-2026-38936)
cross-site scripting in CVE-2026-38936 (CVE-2026-38936). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38935 |
|
Cross-Site Scripting (XSS) in CVE-2026-38935 (CVE-2026-38935)
cross-site scripting in CVE-2026-38935 (CVE-2026-38935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30462 |
|
Path Traversal in path-traversal (CVE-2026-30462)
path traversal in path-traversal (CVE-2026-30462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41465 |
|
Path Traversal in path-traversal (CVE-2026-41465)
path traversal in path-traversal (CVE-2026-41465). Confidential information can be exposed externally.
|
| CVE-2026-30352 |
|
Command Injection in CVE-2026-30352 (CVE-2026-30352)
command injection in CVE-2026-30352 (CVE-2026-30352). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32688 |
|
Vulnerability in dos (CVE-2026-32688)
vulnerability in dos (CVE-2026-32688). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33453 |
|
Vulnerability in apache (CVE-2026-33453)
vulnerability in apache (CVE-2026-33453). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40453 |
|
Vulnerability in org.apache.camel:camel-coap (CVE-2026-40453)
vulnerability in org.apache.camel:camel-coap (CVE-2026-40453). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-40860 |
|
Unsafe Deserialization in apache (CVE-2026-40860)
vulnerability in apache (CVE-2026-40860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40048 |
|
Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
|
| CVE-2026-3006 |
|
Vulnerability in privilege-escalation (CVE-2026-3006)
vulnerability in privilege-escalation (CVE-2026-3006). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6999 |
|
Cross-Site Scripting (XSS) in CVE-2026-6999 (CVE-2026-6999)
cross-site scripting in CVE-2026-6999 (CVE-2026-6999). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6951 |
|
Code Injection in simple-git (CVE-2026-6951)
code injection in simple-git (CVE-2026-6951). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.36.0` or later.
|
| CVE-2026-42044 |
|
Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2026-41140 |
|
Path Traversal in path-traversal (CVE-2026-41140)
path traversal in path-traversal (CVE-2026-41140). Data can be tampered with by attackers. Mitigation: upgrade to `2.3.4` or later.
|
| CVE-2026-42239 |
|
Vulnerability in @budibase/backend-core (CVE-2026-42239)
vulnerability in @budibase/backend-core (CVE-2026-42239). Confidential information can be exposed externally. Exploitable via ``document.cookie``. Mitigation: upgrade to `3.35.10` or later.
|
| CVE-2026-41316 |
|
Vulnerability in erb (CVE-2026-41316)
vulnerability in erb (CVE-2026-41316). Successful exploitation can lead to full system takeover. Exploitable via ``Marshal.load``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-41246 |
|
Code Injection in github.com/projectcontour/contour (CVE-2026-41246)
code injection in github.com/projectcontour/contour (CVE-2026-41246). Confidential information can be exposed externally. Exploitable via ``HTTPProxy``. Mitigation: upgrade to `1.33.4` or later.
|
| CVE-2026-1952 |
|
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.
|
| CVE-2026-33317 |
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mis...
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds...
|
| CVE-2025-29635 KEV |
|
[KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7399 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57728 KEV |
|
[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57726 KEV |
|
[KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6732 |
|
Vulnerability in dos (CVE-2026-6732)
vulnerability in dos (CVE-2026-6732). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6942 |
|
OS Command Injection in radare (CVE-2026-6942)
OS command injection in radare (CVE-2026-6942). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28525 |
|
Out-of-Bounds Read in c (CVE-2026-28525)
vulnerability in c (CVE-2026-28525). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39087 |
|
Vulnerability in heckel.io/ntfy/v2 (CVE-2026-39087)
vulnerability in heckel.io/ntfy/v2 (CVE-2026-39087). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.22.0` or later.
|
| CVE-2026-33999 |
|
Vulnerability in dos (CVE-2026-33999)
vulnerability in dos (CVE-2026-33999). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34001 |
|
Vulnerability in dos (CVE-2026-34001)
vulnerability in dos (CVE-2026-34001). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34003 |
|
Out-of-Bounds Read in dos (CVE-2026-34003)
vulnerability in dos (CVE-2026-34003). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6886 |
|
Vulnerability in CVE-2026-6886 (CVE-2026-6886)
vulnerability in CVE-2026-6886 (CVE-2026-6886). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6887 |
|
SQL Injection in sqli (CVE-2026-6887)
SQL injection in sqli (CVE-2026-6887). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3960 |
|
Code Injection in h2o (CVE-2026-3960)
code injection in h2o (CVE-2026-3960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41040 |
|
Vulnerability in dos (CVE-2026-41040)
vulnerability in dos (CVE-2026-41040). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3007 |
|
Cross-Site Scripting (XSS) in CVE-2026-3007 (CVE-2026-3007)
cross-site scripting in CVE-2026-3007 (CVE-2026-3007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40062 |
|
Path Traversal in path-traversal (CVE-2026-40062)
path traversal in path-traversal (CVE-2026-40062). Confidential information can be exposed externally.
|
| CVE-2026-1726 |
|
Privilege Escalation in privilege-escalation (CVE-2026-1726)
vulnerability in privilege-escalation (CVE-2026-1726). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39987 KEV |
|
[KEV] Vulnerability in Marimo remote-attack (CVE-2026-39987)
vulnerability in Marimo remote-attack (CVE-2026-39987). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41134 |
|
Code Injection in deserialization (CVE-2026-41134)
code injection in deserialization (CVE-2026-41134). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41650 |
|
Vulnerability in fast-xml-parser (CVE-2026-41650)
vulnerability in fast-xml-parser (CVE-2026-41650). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.7.0` or later.
|
| CVE-2026-41644 |
|
Vulnerability in github.com/monetr/monetr (CVE-2026-41644)
vulnerability in github.com/monetr/monetr (CVE-2026-41644). Confidential information can be exposed externally. Exploitable via `POST /api/lunch_flow/link`. Mitigation: upgrade to `1.12.5` or later.
|
| CVE-2018-25269 |
|
Cross-Site Scripting (XSS) in icewarp (CVE-2018-25269)
cross-site scripting in icewarp (CVE-2018-25269). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6857 |
|
Unsafe Deserialization in org.apache.camel:camel-infinispan (CVE-2026-6857)
vulnerability in org.apache.camel:camel-infinispan (CVE-2026-6857). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-35548 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-35548)
SSRF in ssrf (CVE-2026-35548). Confidential information can be exposed externally.
|
| CVE-2026-6862 |
|
Vulnerability in dos (CVE-2026-6862)
vulnerability in dos (CVE-2026-6862). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41651 |
|
Vulnerability in c (CVE-2026-41651)
vulnerability in c (CVE-2026-41651). Successful exploitation can lead to full system takeover. Exploitable via ``RUNNING``.
|
| CVE-2026-31476 |
|
Vulnerability in dos (CVE-2026-31476)
vulnerability in dos (CVE-2026-31476). Risk of unauthorized operations or information disclosure.
|