Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-30526 Cross-Site Scripting (XSS) in pushpam02 (CVE-2026-30526)
cross-site scripting in pushpam02 (CVE-2026-30526). Risk of unauthorized operations or information disclosure.
CVE-2026-29598 Cross-Site Scripting (XSS) in CVE-2026-29598 (CVE-2026-29598)
cross-site scripting in CVE-2026-29598 (CVE-2026-29598). Risk of unauthorized operations or information disclosure.
CVE-2026-35091 Vulnerability in dos (CVE-2026-35091)
vulnerability in dos (CVE-2026-35091). Risk of unauthorized operations or information disclosure.
CVE-2026-35092 Vulnerability in dos (CVE-2026-35092)
vulnerability in dos (CVE-2026-35092). Risk of unauthorized operations or information disclosure.
CVE-2026-5281 KEV [KEV] Use-After-Free in Google dawn (CVE-2026-5281)
vulnerability in Google dawn (CVE-2026-5281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-22561 Vulnerability in privilege-escalation (CVE-2026-22561)
vulnerability in privilege-escalation (CVE-2026-22561). Successful exploitation can lead to full system takeover.
CVE-2026-4317 SQL Injection in sqli (CVE-2026-4317)
SQL injection in sqli (CVE-2026-4317). Risk of unauthorized operations or information disclosure.
CVE-2026-5201 Vulnerability in dos (CVE-2026-5201)
vulnerability in dos (CVE-2026-5201). Risk of unauthorized operations or information disclosure.
CVE-2026-34881 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
SSRF in ssrf (CVE-2026-34881). Risk of unauthorized operations or information disclosure.
CVE-2026-34070 Path Traversal in path-traversal (CVE-2026-34070)
path traversal in path-traversal (CVE-2026-34070). Confidential information can be exposed externally.
CVE-2026-33983 Vulnerability in dos (CVE-2026-33983)
vulnerability in dos (CVE-2026-33983). Risk of unauthorized operations or information disclosure.
CVE-2026-29597 Vulnerability in privilege-escalation (CVE-2026-29597)
vulnerability in privilege-escalation (CVE-2026-29597). Confidential information can be exposed externally.
CVE-2026-30082 Cross-Site Scripting (XSS) in CVE-2026-30082 (CVE-2026-30082)
cross-site scripting in CVE-2026-30082 (CVE-2026-30082). Risk of unauthorized operations or information disclosure.
CVE-2025-15036 Vulnerability in path-traversal (CVE-2025-15036)
vulnerability in path-traversal (CVE-2025-15036). Successful exploitation can lead to full system takeover. Exploitable via ``extract_archive_to_dir``.
CVE-2026-33943 Code Injection in capricorn86 (CVE-2026-33943)
code injection in capricorn86 (CVE-2026-33943). Successful exploitation can lead to full system takeover. Exploitable via ``ECMAScriptModuleCompiler``.
CVE-2026-33939 Vulnerability in dos (CVE-2026-33939)
vulnerability in dos (CVE-2026-33939). Risk of unauthorized operations or information disclosure. Exploitable via ``undefined``.
CVE-2026-33937 Code Injection in handlebarsjs (CVE-2026-33937)
code injection in handlebarsjs (CVE-2026-33937). Successful exploitation can lead to full system takeover. Exploitable via ``value``.
CVE-2026-33891 Vulnerability in dos (CVE-2026-33891)
vulnerability in dos (CVE-2026-33891). Risk of unauthorized operations or information disclosure.
CVE-2026-33871 Vulnerability in dos (CVE-2026-33871)
vulnerability in dos (CVE-2026-33871). Risk of unauthorized operations or information disclosure. Exploitable via ``CONTINUATION``.
CVE-2026-30567 Cross-Site Scripting (XSS) in ahsanriaz26gmailcom (CVE-2026-30567)
cross-site scripting in ahsanriaz26gmailcom (CVE-2026-30567). Risk of unauthorized operations or information disclosure.
CVE-2026-56358 Cross-Site Scripting (XSS) in n8n (CVE-2026-56358)
cross-site scripting in n8n (CVE-2026-56358). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `1.123.25` or later.
CVE-2026-32983 Vulnerability in dos (CVE-2026-32983)
vulnerability in dos (CVE-2026-32983). Risk of unauthorized operations or information disclosure.
CVE-2026-32984 Out-of-Bounds Read in dos (CVE-2026-32984)
vulnerability in dos (CVE-2026-32984). Risk of unauthorized operations or information disclosure.
CVE-2026-5010 Cross-Site Scripting (XSS) in CVE-2026-5010 (CVE-2026-5010)
cross-site scripting in CVE-2026-5010 (CVE-2026-5010). Risk of unauthorized operations or information disclosure.
CVE-2026-33758 Vulnerability in openbao (CVE-2026-33758)
vulnerability in openbao (CVE-2026-33758). Risk of unauthorized operations or information disclosure. Exploitable via ``error_description``.
CVE-2026-27876 Code Injection in grafana (CVE-2026-27876)
code injection in grafana (CVE-2026-27876). Successful exploitation can lead to full system takeover.
CVE-2025-61190 Cross-Site Scripting (XSS) in lyrasis (CVE-2025-61190)
cross-site scripting in lyrasis (CVE-2025-61190). Risk of unauthorized operations or information disclosure.
CVE-2026-32859 Cross-Site Scripting (XSS) in CVE-2026-32859 (CVE-2026-32859)
cross-site scripting in CVE-2026-32859 (CVE-2026-32859). Risk of unauthorized operations or information disclosure.
CVE-2026-33559 Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
CVE-2026-22742 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22742)
SSRF in ssrf (CVE-2026-22742). Confidential information can be exposed externally.
CVE-2026-33728 Unsafe Deserialization in com.datadoghq:dd-java-agent (CVE-2026-33728)
vulnerability in com.datadoghq:dd-java-agent (CVE-2026-33728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.60.3` or later.
CVE-2026-33701 Unsafe Deserialization in linuxfoundation (CVE-2026-33701)
vulnerability in linuxfoundation (CVE-2026-33701). Successful exploitation can lead to full system takeover.
CVE-2026-27893 Vulnerability in vllm (CVE-2026-27893)
vulnerability in vllm (CVE-2026-27893). Successful exploitation can lead to full system takeover.
CVE-2025-53521 KEV [KEV] Vulnerability in F5 big-ip (CVE-2025-53521)
vulnerability in F5 big-ip (CVE-2025-53521). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-2100 Vulnerability in dos (CVE-2026-2100)
vulnerability in dos (CVE-2026-2100). Risk of unauthorized operations or information disclosure.
CVE-2026-0968 Vulnerability in dos (CVE-2026-0968)
vulnerability in dos (CVE-2026-0968). Risk of unauthorized operations or information disclosure. Exploitable via ``SSH_FXP_NAME``.
CVE-2026-0965 Vulnerability in dos (CVE-2026-0965)
vulnerability in dos (CVE-2026-0965). Risk of unauthorized operations or information disclosure.
CVE-2026-0967 Vulnerability in dos (CVE-2026-0967)
vulnerability in dos (CVE-2026-0967). Risk of unauthorized operations or information disclosure.
CVE-2026-0966 Vulnerability in dos (CVE-2026-0966)
vulnerability in dos (CVE-2026-0966). Risk of unauthorized operations or information disclosure.
CVE-2026-32285 Vulnerability in dos (CVE-2026-32285)
vulnerability in dos (CVE-2026-32285). Risk of unauthorized operations or information disclosure.
CVE-2026-4926 Vulnerability in c (CVE-2026-4926)
vulnerability in c (CVE-2026-4926). Risk of unauthorized operations or information disclosure.
CVE-2026-30463 SQL Injection in sqli (CVE-2026-30463)
SQL injection in sqli (CVE-2026-30463). Confidential information can be exposed externally.
CVE-2026-26213 OS Command Injection in thingino (CVE-2026-26213)
OS command injection in thingino (CVE-2026-26213). Successful exploitation can lead to full system takeover.
CVE-2026-32846 Path Traversal in openclaw (CVE-2026-32846)
path traversal in openclaw (CVE-2026-32846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.03.28` or later.
CVE-2026-4887 Vulnerability in dos (CVE-2026-4887)
vulnerability in dos (CVE-2026-4887). Risk of unauthorized operations or information disclosure.
CVE-2026-1961 OS Command Injection in CVE-2026-1961 (CVE-2026-1961)
OS command injection in CVE-2026-1961 (CVE-2026-1961). Successful exploitation can lead to full system takeover.
CVE-2026-29934 Cross-Site Scripting (XSS) in lightcms-project (CVE-2026-29934)
cross-site scripting in lightcms-project (CVE-2026-29934). Risk of unauthorized operations or information disclosure.
CVE-2026-4809 Unrestricted File Upload in laravel (CVE-2026-4809)
vulnerability in laravel (CVE-2026-4809). Successful exploitation can lead to full system takeover.
CVE-2026-24068 Vulnerability in privilege-escalation (CVE-2026-24068)
vulnerability in privilege-escalation (CVE-2026-24068). Successful exploitation can lead to full system takeover.
CVE-2026-4874 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-4874)
SSRF in ssrf (CVE-2026-4874). Risk of unauthorized operations or information disclosure. Exploitable via ``client_session_host``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →