Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-28390 |
|
Vulnerability in dos (CVE-2026-28390)
vulnerability in dos (CVE-2026-28390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28389 |
|
Vulnerability in dos (CVE-2026-28389)
vulnerability in dos (CVE-2026-28389). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28388 |
|
Vulnerability in dos (CVE-2026-28388)
vulnerability in dos (CVE-2026-28388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24156 |
|
Unsafe Deserialization in deserialization (CVE-2026-24156)
vulnerability in deserialization (CVE-2026-24156). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30460 |
|
Code Injection in thedaylightstudio (CVE-2026-30460)
code injection in thedaylightstudio (CVE-2026-30460). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4740 |
|
Vulnerability in privilege-escalation (CVE-2026-4740)
vulnerability in privilege-escalation (CVE-2026-4740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22675 |
|
Cross-Site Scripting (XSS) in ocsinventory-ng (CVE-2026-22675)
cross-site scripting in ocsinventory-ng (CVE-2026-22675). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-35029 |
|
Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
|
| CVE-2026-34977 |
|
OS Command Injection in c (CVE-2026-34977)
OS command injection in c (CVE-2026-34977). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-31313 |
|
Cross-Site Scripting (XSS) in feehi (CVE-2026-31313)
cross-site scripting in feehi (CVE-2026-31313). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34756 |
|
Vulnerability in dos (CVE-2026-34756)
vulnerability in dos (CVE-2026-34756). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.19.0` or later.
|
| CVE-2026-35616 KEV |
|
[KEV] Vulnerability in Fortinet forticlient-ems (CVE-2026-35616)
vulnerability in Fortinet forticlient-ems (CVE-2026-35616). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-5586 |
|
Vulnerability in sqli (CVE-2026-5586)
vulnerability in sqli (CVE-2026-5586). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25247 |
|
Cross-Site Scripting (XSS) in mybb (CVE-2018-25247)
cross-site scripting in mybb (CVE-2018-25247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34780 |
|
Vulnerability in electronjs (CVE-2026-34780)
vulnerability in electronjs (CVE-2026-34780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22661 |
|
Path Traversal in path-traversal (CVE-2026-22661)
path traversal in path-traversal (CVE-2026-22661). Confidential information can be exposed externally.
|
| CVE-2026-0545 |
|
Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28373 |
|
Path Traversal in path-traversal (CVE-2026-28373)
path traversal in path-traversal (CVE-2026-28373). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35535 |
|
Vulnerability in privilege-escalation (CVE-2026-35535)
vulnerability in privilege-escalation (CVE-2026-35535). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47099 |
|
Cross-Site Scripting (XSS) in telejson (CVE-2026-47099)
cross-site scripting in telejson (CVE-2026-47099). Risk of unauthorized operations or information disclosure. Exploitable via ``postMessage``. Mitigation: upgrade to `6.0.0` or later.
|
| CVE-2026-35466 |
|
Cross-Site Scripting (XSS) in cmu (CVE-2026-35466)
cross-site scripting in cmu (CVE-2026-35466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34829 |
|
Vulnerability in rack (CVE-2026-34829)
vulnerability in rack (CVE-2026-34829). Risk of unauthorized operations or information disclosure. Exploitable via ``BoundedIO``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-34827 |
|
Vulnerability in rack (CVE-2026-34827)
vulnerability in rack (CVE-2026-34827). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2023-7343 |
|
Privilege Escalation in privilege-escalation (CVE-2023-7343)
vulnerability in privilege-escalation (CVE-2023-7343). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32871 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-4634 |
|
Vulnerability in dos (CVE-2026-4634)
vulnerability in dos (CVE-2026-4634). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4282 |
|
Vulnerability in privilege-escalation (CVE-2026-4282)
vulnerability in privilege-escalation (CVE-2026-4282). Confidential information can be exposed externally.
|
| CVE-2026-32145 |
|
Vulnerability in dos (CVE-2026-32145)
vulnerability in dos (CVE-2026-32145). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3502 KEV |
|
[KEV] Vulnerability in Trueconf client (CVE-2026-3502)
vulnerability in Trueconf client (CVE-2026-3502). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34545 |
|
Vulnerability in openexr (CVE-2026-34545)
vulnerability in openexr (CVE-2026-34545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34072 |
|
Authentication Bypass in fccview (CVE-2026-34072)
authentication bypass in fccview (CVE-2026-34072). Confidential information can be exposed externally.
|
| CVE-2026-27489 |
|
Vulnerability in path-traversal (CVE-2026-27489)
vulnerability in path-traversal (CVE-2026-27489). Confidential information can be exposed externally.
|
| CVE-2026-30526 |
|
Cross-Site Scripting (XSS) in pushpam02 (CVE-2026-30526)
cross-site scripting in pushpam02 (CVE-2026-30526). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29598 |
|
Cross-Site Scripting (XSS) in CVE-2026-29598 (CVE-2026-29598)
cross-site scripting in CVE-2026-29598 (CVE-2026-29598). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35091 |
|
Vulnerability in dos (CVE-2026-35091)
vulnerability in dos (CVE-2026-35091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35092 |
|
Vulnerability in dos (CVE-2026-35092)
vulnerability in dos (CVE-2026-35092). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5281 KEV |
|
[KEV] Use-After-Free in Google dawn (CVE-2026-5281)
vulnerability in Google dawn (CVE-2026-5281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-22561 |
|
Vulnerability in privilege-escalation (CVE-2026-22561)
vulnerability in privilege-escalation (CVE-2026-22561). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4317 |
|
SQL Injection in sqli (CVE-2026-4317)
SQL injection in sqli (CVE-2026-4317). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5201 |
|
Vulnerability in dos (CVE-2026-5201)
vulnerability in dos (CVE-2026-5201). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34881 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
SSRF in ssrf (CVE-2026-34881). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34070 |
|
Path Traversal in path-traversal (CVE-2026-34070)
path traversal in path-traversal (CVE-2026-34070). Confidential information can be exposed externally.
|
| CVE-2026-33983 |
|
Vulnerability in dos (CVE-2026-33983)
vulnerability in dos (CVE-2026-33983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29597 |
|
Vulnerability in privilege-escalation (CVE-2026-29597)
vulnerability in privilege-escalation (CVE-2026-29597). Confidential information can be exposed externally.
|
| CVE-2026-30082 |
|
Cross-Site Scripting (XSS) in CVE-2026-30082 (CVE-2026-30082)
cross-site scripting in CVE-2026-30082 (CVE-2026-30082). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15036 |
|
Vulnerability in path-traversal (CVE-2025-15036)
vulnerability in path-traversal (CVE-2025-15036). Successful exploitation can lead to full system takeover. Exploitable via ``extract_archive_to_dir``.
|
| CVE-2026-33943 |
|
Code Injection in capricorn86 (CVE-2026-33943)
code injection in capricorn86 (CVE-2026-33943). Successful exploitation can lead to full system takeover. Exploitable via ``ECMAScriptModuleCompiler``.
|
| CVE-2026-33939 |
|
Vulnerability in dos (CVE-2026-33939)
vulnerability in dos (CVE-2026-33939). Risk of unauthorized operations or information disclosure. Exploitable via ``undefined``.
|
| CVE-2026-33937 |
|
Code Injection in handlebarsjs (CVE-2026-33937)
code injection in handlebarsjs (CVE-2026-33937). Successful exploitation can lead to full system takeover. Exploitable via ``value``.
|
| CVE-2026-33891 |
|
Vulnerability in dos (CVE-2026-33891)
vulnerability in dos (CVE-2026-33891). Risk of unauthorized operations or information disclosure.
|