Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6855 |
|
Path Traversal in path-traversal (CVE-2026-6855)
path traversal in path-traversal (CVE-2026-6855). Confidential information can be exposed externally. Exploitable via ``logs_dir``.
|
| CVE-2026-6844 |
|
Vulnerability in dos (CVE-2026-6844)
vulnerability in dos (CVE-2026-6844). Risk of unauthorized operations or information disclosure. Exploitable via ``readelf``.
|
| CVE-2026-6845 |
|
Vulnerability in dos (CVE-2026-6845)
vulnerability in dos (CVE-2026-6845). Risk of unauthorized operations or information disclosure. Exploitable via ``readelf``.
|
| CVE-2026-6846 |
|
Vulnerability in dos (CVE-2026-6846)
vulnerability in dos (CVE-2026-6846). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6843 |
|
Vulnerability in dos (CVE-2026-6843)
vulnerability in dos (CVE-2026-6843). Risk of unauthorized operations or information disclosure. Exploitable via ``printf``.
|
| CVE-2026-40451 |
|
Cross-Site Scripting (XSS) in CVE-2026-40451 (CVE-2026-40451)
cross-site scripting in CVE-2026-40451 (CVE-2026-40451). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41144 |
|
Vulnerability in cpp (CVE-2026-41144)
vulnerability in cpp (CVE-2026-41144). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33825 KEV |
|
[KEV] Vulnerability in Microsoft defender (CVE-2026-33825)
vulnerability in Microsoft defender (CVE-2026-33825). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6832 |
|
Path Traversal in path-traversal (CVE-2026-6832)
path traversal in path-traversal (CVE-2026-6832). Data can be tampered with by attackers.
|
| CVE-2026-40906 |
|
SQL Injection in sqli (CVE-2026-40906)
SQL injection in sqli (CVE-2026-40906). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.0` or later.
|
| CVE-2025-70420 |
|
SQL Injection in sqli (CVE-2025-70420)
SQL injection in sqli (CVE-2025-70420). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40923 |
|
Path Traversal in github.com/tektoncd/pipeline (CVE-2026-40923)
path traversal in github.com/tektoncd/pipeline (CVE-2026-40923). Risk of unauthorized operations or information disclosure. Exploitable via ``strings.HasPrefix``. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-40611 |
|
Path Traversal in path-traversal (CVE-2026-40611)
path traversal in path-traversal (CVE-2026-40611). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.34.0` or later.
|
| CVE-2025-41029 |
|
SQL Injection in sqli (CVE-2025-41029)
SQL injection in sqli (CVE-2025-41029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6750 |
|
Privilege Escalation in privilege-escalation (CVE-2026-6750)
vulnerability in privilege-escalation (CVE-2026-6750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31019 |
|
OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10354 |
|
Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32147 |
|
Path Traversal in path-traversal (CVE-2026-32147)
path traversal in path-traversal (CVE-2026-32147). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3317 |
|
Cross-Site Scripting (XSS) in CVE-2026-3317 (CVE-2026-3317)
cross-site scripting in CVE-2026-3317 (CVE-2026-3317). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13826 |
|
Vulnerability in dos (CVE-2025-13826)
vulnerability in dos (CVE-2025-13826). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6058 |
|
Vulnerability in c (CVE-2026-6058)
vulnerability in c (CVE-2026-6058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41245 |
|
Path Traversal in path-traversal (CVE-2026-41245)
path traversal in path-traversal (CVE-2026-41245). Data can be tampered with by attackers. Exploitable via ``LocalFolderExtractor``.
|
| CVE-2026-5966 |
|
Vulnerability in path-traversal (CVE-2026-5966)
vulnerability in path-traversal (CVE-2026-5966). Data can be tampered with by attackers.
|
| CVE-2026-5967 |
|
OS Command Injection in privilege-escalation (CVE-2026-5967)
OS command injection in privilege-escalation (CVE-2026-5967). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5963 |
|
SQL Injection in csharp (CVE-2026-5963)
SQL injection in csharp (CVE-2026-5963). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5964 |
|
SQL Injection in csharp (CVE-2026-5964)
SQL injection in csharp (CVE-2026-5964). Successful exploitation can lead to full system takeover.
|
| CVE-2024-7083 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-27199 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20122 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122)
vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32975 KEV |
|
[KEV] Authentication Bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975)
authentication bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20128 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27351 KEV |
|
[KEV] Authentication Bypass in Papercut ngmf (CVE-2023-27351)
authentication bypass in Papercut ngmf (CVE-2023-27351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2749 KEV |
|
[KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48700 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20133 KEV |
|
[KEV] Information Disclosure in Cisco catalyst-sd-wan-manager (CVE-2026-20133)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40948 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-40948)
vulnerability in apache (CVE-2026-40948). Risk of unauthorized operations or information disclosure. Exploitable via ``state``.
|
| CVE-2026-40192 |
|
Vulnerability in pillow (CVE-2026-40192)
vulnerability in pillow (CVE-2026-40192). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.2.0` or later.
|
| CVE-2026-41589 |
|
Path Traversal in charm.land/wish/v2 (CVE-2026-41589)
path traversal in charm.land/wish/v2 (CVE-2026-41589). Confidential information can be exposed externally. Exploitable via ``main``. Mitigation: upgrade to `2.0.1` or later.
|
| CVE-2026-40346 |
|
SSRF (Server-Side Request Forgery) in @nocobase/plugin-workflow-request (CVE-2026-40346)
SSRF in @nocobase/plugin-workflow-request (CVE-2026-40346). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `2.0.37` or later.
|
| CVE-2026-5720 |
|
Out-of-Bounds Read in dos (CVE-2026-5720)
vulnerability in dos (CVE-2026-5720). Confidential information can be exposed externally.
|
| CVE-2026-33436 |
|
Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40518 |
|
Path Traversal in path-traversal (CVE-2026-40518)
path traversal in path-traversal (CVE-2026-40518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41481 |
|
SSRF (Server-Side Request Forgery) in langchain-text-splitters (CVE-2026-41481)
SSRF in langchain-text-splitters (CVE-2026-41481). Confidential information can be exposed externally. Exploitable via ``Document``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-41113 |
|
OS Command Injection in c (CVE-2026-41113)
OS command injection in c (CVE-2026-41113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40170 |
|
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
|
| CVE-2025-54502 |
|
Vulnerability in privilege-escalation (CVE-2025-54502)
vulnerability in privilege-escalation (CVE-2025-54502). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-56269 |
|
Vulnerability in flowise (CVE-2026-56269)
vulnerability in flowise (CVE-2026-56269). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-41205 |
|
Path Traversal in Mako (CVE-2026-41205)
path traversal in Mako (CVE-2026-41205). Confidential information can be exposed externally. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.11` or later.
|