Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-33526 Use-After-Free in dos (CVE-2026-33526)
vulnerability in dos (CVE-2026-33526). Risk of unauthorized operations or information disclosure. Exploitable via ``icp_port``.
CVE-2026-32748 Vulnerability in dos (CVE-2026-32748)
vulnerability in dos (CVE-2026-32748). Risk of unauthorized operations or information disclosure. Exploitable via ``icp_port``.
CVE-2026-33634 KEV [KEV] Vulnerability in Aquasecurity trivy (CVE-2026-33634)
vulnerability in Aquasecurity trivy (CVE-2026-33634). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-30587 Cross-Site Scripting (XSS) in seafile (CVE-2026-30587)
cross-site scripting in seafile (CVE-2026-30587). Confidential information can be exposed externally. Mitigation: upgrade to `13.0.17` or later.
CVE-2025-67030 Path Traversal in path-traversal (CVE-2025-67030)
path traversal in path-traversal (CVE-2025-67030). Successful exploitation can lead to full system takeover.
CVE-2024-51348 Vulnerability in CVE-2024-51348 (CVE-2024-51348)
vulnerability in CVE-2024-51348 (CVE-2024-51348). Successful exploitation can lead to full system takeover.
CVE-2026-33017 KEV [KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-33331 Cross-Site Scripting (XSS) in orpc (CVE-2026-33331)
cross-site scripting in orpc (CVE-2026-33331). Confidential information can be exposed externally.
CVE-2026-4775 Vulnerability in dos (CVE-2026-4775)
vulnerability in dos (CVE-2026-4775). Successful exploitation can lead to full system takeover.
CVE-2026-3260 Vulnerability in io.undertow:undertow-core (CVE-2026-3260)
vulnerability in io.undertow:undertow-core (CVE-2026-3260). Risk of unauthorized operations or information disclosure.
CVE-2026-33211 Path Traversal in path-traversal (CVE-2026-33211)
path traversal in path-traversal (CVE-2026-33211). Confidential information can be exposed externally. Exploitable via ``pathInRepo``.
CVE-2026-33195 Path Traversal in activestorage (CVE-2026-33195)
path traversal in activestorage (CVE-2026-33195). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.2.3.1` or later.
CVE-2026-32851 Cross-Site Scripting (XSS) in mailenable (CVE-2026-32851)
cross-site scripting in mailenable (CVE-2026-32851). Risk of unauthorized operations or information disclosure.
CVE-2025-52204 Cross-Site Scripting (XSS) in CVE-2025-52204 (CVE-2025-52204)
cross-site scripting in CVE-2025-52204 (CVE-2025-52204). Risk of unauthorized operations or information disclosure.
CVE-2026-32284 Out-of-Bounds Read in github.com/shamaton/msgpack (CVE-2026-32284)
vulnerability in github.com/shamaton/msgpack (CVE-2026-32284). Risk of unauthorized operations or information disclosure.
CVE-2026-32845 Vulnerability in dos (CVE-2026-32845)
vulnerability in dos (CVE-2026-32845). Successful exploitation can lead to full system takeover.
CVE-2025-41008 SQL Injection in sqli (CVE-2025-41008)
SQL injection in sqli (CVE-2025-41008). Risk of unauthorized operations or information disclosure.
CVE-2025-41007 SQL Injection in sqli (CVE-2025-41007)
SQL injection in sqli (CVE-2025-41007). Risk of unauthorized operations or information disclosure.
CVE-2026-28809 XXE (XML External Entity) in esaml (CVE-2026-28809)
vulnerability in esaml (CVE-2026-28809). Risk of unauthorized operations or information disclosure.
CVE-2026-4606 Vulnerability in privilege-escalation (CVE-2026-4606)
vulnerability in privilege-escalation (CVE-2026-4606). Risk of unauthorized operations or information disclosure.
CVE-2026-33236 Path Traversal in path-traversal (CVE-2026-33236)
path traversal in path-traversal (CVE-2026-33236). Data can be tampered with by attackers. Exploitable via ``subdir``.
CVE-2026-33231 Vulnerability in dos (CVE-2026-33231)
vulnerability in dos (CVE-2026-33231). Risk of unauthorized operations or information disclosure. Exploitable via `GET /SHUTDOWN`.
CVE-2026-29796 Vulnerability in privilege-escalation (CVE-2026-29796)
vulnerability in privilege-escalation (CVE-2026-29796). Confidential information can be exposed externally.
CVE-2026-33210 Vulnerability in dos (CVE-2026-33210)
vulnerability in dos (CVE-2026-33210). Confidential information can be exposed externally.
CVE-2025-63260 Cross-Site Scripting (XSS) in syncfusion (CVE-2025-63260)
cross-site scripting in syncfusion (CVE-2025-63260). Risk of unauthorized operations or information disclosure.
CVE-2026-22895 Cross-Site Scripting (XSS) in qnap (CVE-2026-22895)
cross-site scripting in qnap (CVE-2026-22895). Risk of unauthorized operations or information disclosure.
CVE-2026-0677 Unsafe Deserialization in deserialization (CVE-2026-0677)
vulnerability in deserialization (CVE-2026-0677). Risk of unauthorized operations or information disclosure.
CVE-2026-32874 Vulnerability in c (CVE-2026-32874)
vulnerability in c (CVE-2026-32874). Risk of unauthorized operations or information disclosure.
CVE-2026-32875 Vulnerability in c (CVE-2026-32875)
vulnerability in c (CVE-2026-32875). Risk of unauthorized operations or information disclosure.
CVE-2026-3029 Path Traversal in path-traversal (CVE-2026-3029)
path traversal in path-traversal (CVE-2026-3029). Risk of unauthorized operations or information disclosure.
CVE-2025-14716 Authentication Bypass in CVE-2025-14716 (CVE-2025-14716)
authentication bypass in CVE-2025-14716 (CVE-2025-14716). Confidential information can be exposed externally.
CVE-2025-15031 Path Traversal in lfprojects (CVE-2025-15031)
path traversal in lfprojects (CVE-2025-15031). Confidential information can be exposed externally. Exploitable via ``tarfile.extractall``.
CVE-2026-26740 Out-of-Bounds Write in dos (CVE-2026-26740)
out-of-bounds write in dos (CVE-2026-26740). Risk of unauthorized operations or information disclosure.
CVE-2026-23268 Vulnerability in Kernel (CVE-2026-23268)
vulnerability in Kernel (CVE-2026-23268). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.6.130, 6.12.77, 6.18.18, 6.19.8` or later.
CVE-2026-30695 Cross-Site Scripting (XSS) in CVE-2026-30695 (CVE-2026-30695)
cross-site scripting in CVE-2026-30695 (CVE-2026-30695). Risk of unauthorized operations or information disclosure.
CVE-2026-24063 Vulnerability in privilege-escalation (CVE-2026-24063)
vulnerability in privilege-escalation (CVE-2026-24063). Successful exploitation can lead to full system takeover.
CVE-2026-24062 Vulnerability in privilege-escalation (CVE-2026-24062)
vulnerability in privilege-escalation (CVE-2026-24062). Successful exploitation can lead to full system takeover.
CVE-2025-71267 Vulnerability in dos (CVE-2025-71267)
vulnerability in dos (CVE-2025-71267). Risk of unauthorized operations or information disclosure.
CVE-2025-71265 Vulnerability in dos (CVE-2025-71265)
vulnerability in dos (CVE-2025-71265). Risk of unauthorized operations or information disclosure.
CVE-2025-71266 Vulnerability in dos (CVE-2025-71266)
vulnerability in dos (CVE-2025-71266). Risk of unauthorized operations or information disclosure.
CVE-2026-2575 Vulnerability in dos (CVE-2026-2575)
vulnerability in dos (CVE-2026-2575). Risk of unauthorized operations or information disclosure.
CVE-2026-32841 Vulnerability in edimax (CVE-2026-32841)
vulnerability in edimax (CVE-2026-32841). Successful exploitation can lead to full system takeover.
CVE-2026-32981 Path Traversal in ray (CVE-2026-32981)
path traversal in ray (CVE-2026-32981). Confidential information can be exposed externally. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-4324 SQL Injection in katello (CVE-2026-4324)
SQL injection in katello (CVE-2026-4324). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.19.1` or later.
CVE-2026-3888 Vulnerability in privilege-escalation (CVE-2026-3888)
vulnerability in privilege-escalation (CVE-2026-3888). Successful exploitation can lead to full system takeover.
CVE-2026-4271 Use-After-Free in dos (CVE-2026-4271)
vulnerability in dos (CVE-2026-4271). Risk of unauthorized operations or information disclosure.
CVE-2026-0708 Out-of-Bounds Read in dos (CVE-2026-0708)
vulnerability in dos (CVE-2026-0708). Confidential information can be exposed externally. Exploitable via ``ucl_object_emit``.
CVE-2025-50881 Code Injection in CVE-2025-50881 (CVE-2025-50881)
code injection in CVE-2025-50881 (CVE-2025-50881). Successful exploitation can lead to full system takeover. Exploitable via ``action``.
CVE-2026-32759 Vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-32759)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-32759). Data can be tampered with by attackers. Exploitable via ``enableExec``. Mitigation: upgrade to `2.33.8` or later.
CVE-2026-27962 Vulnerability in deserialization (CVE-2026-27962)
vulnerability in deserialization (CVE-2026-27962). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →