Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-33871 |
|
Vulnerability in dos (CVE-2026-33871)
vulnerability in dos (CVE-2026-33871). Risk of unauthorized operations or information disclosure. Exploitable via ``CONTINUATION``.
|
| CVE-2026-30567 |
|
Cross-Site Scripting (XSS) in ahsanriaz26gmailcom (CVE-2026-30567)
cross-site scripting in ahsanriaz26gmailcom (CVE-2026-30567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56358 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-56358)
cross-site scripting in n8n (CVE-2026-56358). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `1.123.25` or later.
|
| CVE-2026-32983 |
|
Vulnerability in dos (CVE-2026-32983)
vulnerability in dos (CVE-2026-32983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32984 |
|
Out-of-Bounds Read in dos (CVE-2026-32984)
vulnerability in dos (CVE-2026-32984). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5010 |
|
Cross-Site Scripting (XSS) in CVE-2026-5010 (CVE-2026-5010)
cross-site scripting in CVE-2026-5010 (CVE-2026-5010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33758 |
|
Vulnerability in openbao (CVE-2026-33758)
vulnerability in openbao (CVE-2026-33758). Risk of unauthorized operations or information disclosure. Exploitable via ``error_description``.
|
| CVE-2026-27876 |
|
Code Injection in grafana (CVE-2026-27876)
code injection in grafana (CVE-2026-27876). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61190 |
|
Cross-Site Scripting (XSS) in lyrasis (CVE-2025-61190)
cross-site scripting in lyrasis (CVE-2025-61190). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32859 |
|
Cross-Site Scripting (XSS) in CVE-2026-32859 (CVE-2026-32859)
cross-site scripting in CVE-2026-32859 (CVE-2026-32859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33559 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22742 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22742)
SSRF in ssrf (CVE-2026-22742). Confidential information can be exposed externally.
|
| CVE-2026-33728 |
|
Unsafe Deserialization in com.datadoghq:dd-java-agent (CVE-2026-33728)
vulnerability in com.datadoghq:dd-java-agent (CVE-2026-33728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.60.3` or later.
|
| CVE-2026-33701 |
|
Unsafe Deserialization in linuxfoundation (CVE-2026-33701)
vulnerability in linuxfoundation (CVE-2026-33701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27893 |
|
Vulnerability in vllm (CVE-2026-27893)
vulnerability in vllm (CVE-2026-27893). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53521 KEV |
|
[KEV] Vulnerability in F5 big-ip (CVE-2025-53521)
vulnerability in F5 big-ip (CVE-2025-53521). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-2100 |
|
Vulnerability in dos (CVE-2026-2100)
vulnerability in dos (CVE-2026-2100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0968 |
|
Vulnerability in dos (CVE-2026-0968)
vulnerability in dos (CVE-2026-0968). Risk of unauthorized operations or information disclosure. Exploitable via ``SSH_FXP_NAME``.
|
| CVE-2026-0965 |
|
Vulnerability in dos (CVE-2026-0965)
vulnerability in dos (CVE-2026-0965). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0967 |
|
Vulnerability in dos (CVE-2026-0967)
vulnerability in dos (CVE-2026-0967). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0966 |
|
Vulnerability in dos (CVE-2026-0966)
vulnerability in dos (CVE-2026-0966). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32285 |
|
Vulnerability in dos (CVE-2026-32285)
vulnerability in dos (CVE-2026-32285). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4926 |
|
Vulnerability in c (CVE-2026-4926)
vulnerability in c (CVE-2026-4926). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30463 |
|
SQL Injection in sqli (CVE-2026-30463)
SQL injection in sqli (CVE-2026-30463). Confidential information can be exposed externally.
|
| CVE-2026-26213 |
|
OS Command Injection in thingino (CVE-2026-26213)
OS command injection in thingino (CVE-2026-26213). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32846 |
|
Path Traversal in openclaw (CVE-2026-32846)
path traversal in openclaw (CVE-2026-32846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.03.28` or later.
|
| CVE-2026-4887 |
|
Vulnerability in dos (CVE-2026-4887)
vulnerability in dos (CVE-2026-4887). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1961 |
|
OS Command Injection in CVE-2026-1961 (CVE-2026-1961)
OS command injection in CVE-2026-1961 (CVE-2026-1961). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29934 |
|
Cross-Site Scripting (XSS) in lightcms-project (CVE-2026-29934)
cross-site scripting in lightcms-project (CVE-2026-29934). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4809 |
|
Unrestricted File Upload in laravel (CVE-2026-4809)
vulnerability in laravel (CVE-2026-4809). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24068 |
|
Vulnerability in privilege-escalation (CVE-2026-24068)
vulnerability in privilege-escalation (CVE-2026-24068). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4874 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-4874)
SSRF in ssrf (CVE-2026-4874). Risk of unauthorized operations or information disclosure. Exploitable via ``client_session_host``.
|
| CVE-2026-33526 |
|
Use-After-Free in dos (CVE-2026-33526)
vulnerability in dos (CVE-2026-33526). Risk of unauthorized operations or information disclosure. Exploitable via ``icp_port``.
|
| CVE-2026-32748 |
|
Vulnerability in dos (CVE-2026-32748)
vulnerability in dos (CVE-2026-32748). Risk of unauthorized operations or information disclosure. Exploitable via ``icp_port``.
|
| CVE-2026-33634 KEV |
|
[KEV] Vulnerability in Aquasecurity trivy (CVE-2026-33634)
vulnerability in Aquasecurity trivy (CVE-2026-33634). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-30587 |
|
Cross-Site Scripting (XSS) in seafile (CVE-2026-30587)
cross-site scripting in seafile (CVE-2026-30587). Confidential information can be exposed externally. Mitigation: upgrade to `13.0.17` or later.
|
| CVE-2025-67030 |
|
Path Traversal in path-traversal (CVE-2025-67030)
path traversal in path-traversal (CVE-2025-67030). Successful exploitation can lead to full system takeover.
|
| CVE-2024-51348 |
|
Vulnerability in CVE-2024-51348 (CVE-2024-51348)
vulnerability in CVE-2024-51348 (CVE-2024-51348). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33017 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-33331 |
|
Cross-Site Scripting (XSS) in orpc (CVE-2026-33331)
cross-site scripting in orpc (CVE-2026-33331). Confidential information can be exposed externally.
|
| CVE-2026-4775 |
|
Vulnerability in dos (CVE-2026-4775)
vulnerability in dos (CVE-2026-4775). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3260 |
|
Vulnerability in io.undertow:undertow-core (CVE-2026-3260)
vulnerability in io.undertow:undertow-core (CVE-2026-3260). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33211 |
|
Path Traversal in path-traversal (CVE-2026-33211)
path traversal in path-traversal (CVE-2026-33211). Confidential information can be exposed externally. Exploitable via ``pathInRepo``.
|
| CVE-2026-33195 |
|
Path Traversal in activestorage (CVE-2026-33195)
path traversal in activestorage (CVE-2026-33195). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.2.3.1` or later.
|
| CVE-2026-32851 |
|
Cross-Site Scripting (XSS) in mailenable (CVE-2026-32851)
cross-site scripting in mailenable (CVE-2026-32851). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52204 |
|
Cross-Site Scripting (XSS) in CVE-2025-52204 (CVE-2025-52204)
cross-site scripting in CVE-2025-52204 (CVE-2025-52204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32284 |
|
Out-of-Bounds Read in github.com/shamaton/msgpack (CVE-2026-32284)
vulnerability in github.com/shamaton/msgpack (CVE-2026-32284). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32845 |
|
Vulnerability in dos (CVE-2026-32845)
vulnerability in dos (CVE-2026-32845). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41008 |
|
SQL Injection in sqli (CVE-2025-41008)
SQL injection in sqli (CVE-2025-41008). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-41007 |
|
SQL Injection in sqli (CVE-2025-41007)
SQL injection in sqli (CVE-2025-41007). Risk of unauthorized operations or information disclosure.
|