Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-28390 Vulnerability in dos (CVE-2026-28390)
vulnerability in dos (CVE-2026-28390). Risk of unauthorized operations or information disclosure.
CVE-2026-28389 Vulnerability in dos (CVE-2026-28389)
vulnerability in dos (CVE-2026-28389). Risk of unauthorized operations or information disclosure.
CVE-2026-28388 Vulnerability in dos (CVE-2026-28388)
vulnerability in dos (CVE-2026-28388). Risk of unauthorized operations or information disclosure.
CVE-2026-24156 Unsafe Deserialization in deserialization (CVE-2026-24156)
vulnerability in deserialization (CVE-2026-24156). Successful exploitation can lead to full system takeover.
CVE-2026-30460 Code Injection in thedaylightstudio (CVE-2026-30460)
code injection in thedaylightstudio (CVE-2026-30460). Successful exploitation can lead to full system takeover.
CVE-2026-4740 Vulnerability in privilege-escalation (CVE-2026-4740)
vulnerability in privilege-escalation (CVE-2026-4740). Successful exploitation can lead to full system takeover.
CVE-2026-22675 Cross-Site Scripting (XSS) in ocsinventory-ng (CVE-2026-22675)
cross-site scripting in ocsinventory-ng (CVE-2026-22675). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
CVE-2026-35029 Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
CVE-2026-34977 OS Command Injection in c (CVE-2026-34977)
OS command injection in c (CVE-2026-34977). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-31313 Cross-Site Scripting (XSS) in feehi (CVE-2026-31313)
cross-site scripting in feehi (CVE-2026-31313). Risk of unauthorized operations or information disclosure.
CVE-2026-34756 Vulnerability in dos (CVE-2026-34756)
vulnerability in dos (CVE-2026-34756). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.19.0` or later.
CVE-2026-35616 KEV [KEV] Vulnerability in Fortinet forticlient-ems (CVE-2026-35616)
vulnerability in Fortinet forticlient-ems (CVE-2026-35616). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-5586 Vulnerability in sqli (CVE-2026-5586)
vulnerability in sqli (CVE-2026-5586). Risk of unauthorized operations or information disclosure.
CVE-2018-25247 Cross-Site Scripting (XSS) in mybb (CVE-2018-25247)
cross-site scripting in mybb (CVE-2018-25247). Risk of unauthorized operations or information disclosure.
CVE-2026-34780 Vulnerability in electronjs (CVE-2026-34780)
vulnerability in electronjs (CVE-2026-34780). Successful exploitation can lead to full system takeover.
CVE-2026-22661 Path Traversal in path-traversal (CVE-2026-22661)
path traversal in path-traversal (CVE-2026-22661). Confidential information can be exposed externally.
CVE-2026-0545 Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
CVE-2026-28373 Path Traversal in path-traversal (CVE-2026-28373)
path traversal in path-traversal (CVE-2026-28373). Successful exploitation can lead to full system takeover.
CVE-2026-35535 Vulnerability in privilege-escalation (CVE-2026-35535)
vulnerability in privilege-escalation (CVE-2026-35535). Successful exploitation can lead to full system takeover.
CVE-2026-47099 Cross-Site Scripting (XSS) in telejson (CVE-2026-47099)
cross-site scripting in telejson (CVE-2026-47099). Risk of unauthorized operations or information disclosure. Exploitable via ``postMessage``. Mitigation: upgrade to `6.0.0` or later.
CVE-2026-35466 Cross-Site Scripting (XSS) in cmu (CVE-2026-35466)
cross-site scripting in cmu (CVE-2026-35466). Risk of unauthorized operations or information disclosure.
CVE-2026-34829 Vulnerability in rack (CVE-2026-34829)
vulnerability in rack (CVE-2026-34829). Risk of unauthorized operations or information disclosure. Exploitable via ``BoundedIO``. Mitigation: upgrade to `3.2.6` or later.
CVE-2026-34827 Vulnerability in rack (CVE-2026-34827)
vulnerability in rack (CVE-2026-34827). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `3.2.6` or later.
CVE-2023-7343 Privilege Escalation in privilege-escalation (CVE-2023-7343)
vulnerability in privilege-escalation (CVE-2023-7343). Successful exploitation can lead to full system takeover.
CVE-2026-32871 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-4634 Vulnerability in dos (CVE-2026-4634)
vulnerability in dos (CVE-2026-4634). Risk of unauthorized operations or information disclosure.
CVE-2026-4282 Vulnerability in privilege-escalation (CVE-2026-4282)
vulnerability in privilege-escalation (CVE-2026-4282). Confidential information can be exposed externally.
CVE-2026-32145 Vulnerability in dos (CVE-2026-32145)
vulnerability in dos (CVE-2026-32145). Risk of unauthorized operations or information disclosure.
CVE-2026-3502 KEV [KEV] Vulnerability in Trueconf client (CVE-2026-3502)
vulnerability in Trueconf client (CVE-2026-3502). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-34545 Vulnerability in openexr (CVE-2026-34545)
vulnerability in openexr (CVE-2026-34545). Successful exploitation can lead to full system takeover.
CVE-2026-34072 Authentication Bypass in fccview (CVE-2026-34072)
authentication bypass in fccview (CVE-2026-34072). Confidential information can be exposed externally.
CVE-2026-27489 Vulnerability in path-traversal (CVE-2026-27489)
vulnerability in path-traversal (CVE-2026-27489). Confidential information can be exposed externally.
CVE-2026-30526 Cross-Site Scripting (XSS) in pushpam02 (CVE-2026-30526)
cross-site scripting in pushpam02 (CVE-2026-30526). Risk of unauthorized operations or information disclosure.
CVE-2026-29598 Cross-Site Scripting (XSS) in CVE-2026-29598 (CVE-2026-29598)
cross-site scripting in CVE-2026-29598 (CVE-2026-29598). Risk of unauthorized operations or information disclosure.
CVE-2026-35091 Vulnerability in dos (CVE-2026-35091)
vulnerability in dos (CVE-2026-35091). Risk of unauthorized operations or information disclosure.
CVE-2026-35092 Vulnerability in dos (CVE-2026-35092)
vulnerability in dos (CVE-2026-35092). Risk of unauthorized operations or information disclosure.
CVE-2026-5281 KEV [KEV] Use-After-Free in Google dawn (CVE-2026-5281)
vulnerability in Google dawn (CVE-2026-5281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-22561 Vulnerability in privilege-escalation (CVE-2026-22561)
vulnerability in privilege-escalation (CVE-2026-22561). Successful exploitation can lead to full system takeover.
CVE-2026-4317 SQL Injection in sqli (CVE-2026-4317)
SQL injection in sqli (CVE-2026-4317). Risk of unauthorized operations or information disclosure.
CVE-2026-5201 Vulnerability in dos (CVE-2026-5201)
vulnerability in dos (CVE-2026-5201). Risk of unauthorized operations or information disclosure.
CVE-2026-34881 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
SSRF in ssrf (CVE-2026-34881). Risk of unauthorized operations or information disclosure.
CVE-2026-34070 Path Traversal in path-traversal (CVE-2026-34070)
path traversal in path-traversal (CVE-2026-34070). Confidential information can be exposed externally.
CVE-2026-33983 Vulnerability in dos (CVE-2026-33983)
vulnerability in dos (CVE-2026-33983). Risk of unauthorized operations or information disclosure.
CVE-2026-29597 Vulnerability in privilege-escalation (CVE-2026-29597)
vulnerability in privilege-escalation (CVE-2026-29597). Confidential information can be exposed externally.
CVE-2026-30082 Cross-Site Scripting (XSS) in CVE-2026-30082 (CVE-2026-30082)
cross-site scripting in CVE-2026-30082 (CVE-2026-30082). Risk of unauthorized operations or information disclosure.
CVE-2025-15036 Vulnerability in path-traversal (CVE-2025-15036)
vulnerability in path-traversal (CVE-2025-15036). Successful exploitation can lead to full system takeover. Exploitable via ``extract_archive_to_dir``.
CVE-2026-33943 Code Injection in capricorn86 (CVE-2026-33943)
code injection in capricorn86 (CVE-2026-33943). Successful exploitation can lead to full system takeover. Exploitable via ``ECMAScriptModuleCompiler``.
CVE-2026-33939 Vulnerability in dos (CVE-2026-33939)
vulnerability in dos (CVE-2026-33939). Risk of unauthorized operations or information disclosure. Exploitable via ``undefined``.
CVE-2026-33937 Code Injection in handlebarsjs (CVE-2026-33937)
code injection in handlebarsjs (CVE-2026-33937). Successful exploitation can lead to full system takeover. Exploitable via ``value``.
CVE-2026-33891 Vulnerability in dos (CVE-2026-33891)
vulnerability in dos (CVE-2026-33891). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →