Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40089 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2026-40089)
SSRF in c (CVE-2026-40089). Confidential information can be exposed externally.
|
| CVE-2026-1584 |
|
Vulnerability in dos (CVE-2026-1584)
vulnerability in dos (CVE-2026-1584). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40072 |
|
SSRF (Server-Side Request Forgery) in web3 (CVE-2026-40072)
SSRF in web3 (CVE-2026-40072). Risk of unauthorized operations or information disclosure. Exploitable via ``OffchainLookup``. Mitigation: upgrade to `8.0.0b2` or later.
|
| CVE-2026-39981 |
|
Path Traversal in path-traversal (CVE-2026-39981)
path traversal in path-traversal (CVE-2026-39981). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2025-62718 |
|
Vulnerability in axios (CVE-2025-62718)
vulnerability in axios (CVE-2025-62718). Confidential information can be exposed externally. Exploitable via ``NO_PROXY``. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-39976 |
|
Authentication Bypass in laravel (CVE-2026-39976)
authentication bypass in laravel (CVE-2026-39976). Confidential information can be exposed externally. Mitigation: upgrade to `13.7.1` or later.
|
| CVE-2026-4878 |
|
Vulnerability in privilege-escalation (CVE-2026-4878)
vulnerability in privilege-escalation (CVE-2026-4878). Successful exploitation can lead to full system takeover.
|
| CVE-2025-70365 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-70365)
cross-site scripting in c (CVE-2025-70365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4112 |
|
SQL Injection in sqli (CVE-2026-4112)
SQL injection in sqli (CVE-2026-4112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23869 |
|
Vulnerability in react (CVE-2026-23869)
vulnerability in react (CVE-2026-23869). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4837 |
|
Vulnerability in rapid7 (CVE-2026-4837)
vulnerability in rapid7 (CVE-2026-4837). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31017 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
SSRF in ssrf (CVE-2026-31017). Confidential information can be exposed externally.
|
| CVE-2026-2377 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2377)
SSRF in ssrf (CVE-2026-2377). Confidential information can be exposed externally.
|
| CVE-2026-5795 |
|
Vulnerability in privilege-escalation (CVE-2026-5795)
vulnerability in privilege-escalation (CVE-2026-5795). Confidential information can be exposed externally.
|
| CVE-2026-35585 |
|
OS Command Injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-35585)
OS command injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-35585). Successful exploitation can lead to full system takeover. Exploitable via ``os.Expand``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-32283 |
|
Vulnerability in stdlib (CVE-2026-32283)
vulnerability in stdlib (CVE-2026-32283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-32280 |
|
Vulnerability in stdlib (CVE-2026-32280)
vulnerability in stdlib (CVE-2026-32280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-28390 |
|
Vulnerability in dos (CVE-2026-28390)
vulnerability in dos (CVE-2026-28390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28389 |
|
Vulnerability in dos (CVE-2026-28389)
vulnerability in dos (CVE-2026-28389). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28388 |
|
Vulnerability in dos (CVE-2026-28388)
vulnerability in dos (CVE-2026-28388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24156 |
|
Unsafe Deserialization in deserialization (CVE-2026-24156)
vulnerability in deserialization (CVE-2026-24156). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30460 |
|
Code Injection in thedaylightstudio (CVE-2026-30460)
code injection in thedaylightstudio (CVE-2026-30460). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4740 |
|
Vulnerability in privilege-escalation (CVE-2026-4740)
vulnerability in privilege-escalation (CVE-2026-4740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22675 |
|
Cross-Site Scripting (XSS) in ocsinventory-ng (CVE-2026-22675)
cross-site scripting in ocsinventory-ng (CVE-2026-22675). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-35029 |
|
Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
|
| CVE-2026-34977 |
|
OS Command Injection in c (CVE-2026-34977)
OS command injection in c (CVE-2026-34977). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-31313 |
|
Cross-Site Scripting (XSS) in feehi (CVE-2026-31313)
cross-site scripting in feehi (CVE-2026-31313). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34756 |
|
Vulnerability in dos (CVE-2026-34756)
vulnerability in dos (CVE-2026-34756). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.19.0` or later.
|
| CVE-2026-35616 KEV |
|
[KEV] Vulnerability in Fortinet forticlient-ems (CVE-2026-35616)
vulnerability in Fortinet forticlient-ems (CVE-2026-35616). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-5586 |
|
Vulnerability in sqli (CVE-2026-5586)
vulnerability in sqli (CVE-2026-5586). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25247 |
|
Cross-Site Scripting (XSS) in mybb (CVE-2018-25247)
cross-site scripting in mybb (CVE-2018-25247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34780 |
|
Vulnerability in electronjs (CVE-2026-34780)
vulnerability in electronjs (CVE-2026-34780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22661 |
|
Path Traversal in path-traversal (CVE-2026-22661)
path traversal in path-traversal (CVE-2026-22661). Confidential information can be exposed externally.
|
| CVE-2026-0545 |
|
Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28373 |
|
Path Traversal in path-traversal (CVE-2026-28373)
path traversal in path-traversal (CVE-2026-28373). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35535 |
|
Vulnerability in privilege-escalation (CVE-2026-35535)
vulnerability in privilege-escalation (CVE-2026-35535). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47099 |
|
Cross-Site Scripting (XSS) in telejson (CVE-2026-47099)
cross-site scripting in telejson (CVE-2026-47099). Risk of unauthorized operations or information disclosure. Exploitable via ``postMessage``. Mitigation: upgrade to `6.0.0` or later.
|
| CVE-2026-35466 |
|
Cross-Site Scripting (XSS) in cmu (CVE-2026-35466)
cross-site scripting in cmu (CVE-2026-35466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34829 |
|
Vulnerability in rack (CVE-2026-34829)
vulnerability in rack (CVE-2026-34829). Risk of unauthorized operations or information disclosure. Exploitable via ``BoundedIO``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-34827 |
|
Vulnerability in rack (CVE-2026-34827)
vulnerability in rack (CVE-2026-34827). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2023-7343 |
|
Privilege Escalation in privilege-escalation (CVE-2023-7343)
vulnerability in privilege-escalation (CVE-2023-7343). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32871 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-4634 |
|
Vulnerability in dos (CVE-2026-4634)
vulnerability in dos (CVE-2026-4634). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4282 |
|
Vulnerability in privilege-escalation (CVE-2026-4282)
vulnerability in privilege-escalation (CVE-2026-4282). Confidential information can be exposed externally.
|
| CVE-2026-32145 |
|
Vulnerability in dos (CVE-2026-32145)
vulnerability in dos (CVE-2026-32145). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3502 KEV |
|
[KEV] Vulnerability in Trueconf client (CVE-2026-3502)
vulnerability in Trueconf client (CVE-2026-3502). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34545 |
|
Vulnerability in openexr (CVE-2026-34545)
vulnerability in openexr (CVE-2026-34545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34072 |
|
Authentication Bypass in fccview (CVE-2026-34072)
authentication bypass in fccview (CVE-2026-34072). Confidential information can be exposed externally.
|
| CVE-2026-27489 |
|
Vulnerability in path-traversal (CVE-2026-27489)
vulnerability in path-traversal (CVE-2026-27489). Confidential information can be exposed externally.
|