Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-61028 |
|
SQL Injection in dos (CVE-2025-61028)
SQL injection in dos (CVE-2025-61028). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61018 |
|
SQL Injection in dos (CVE-2025-61018)
SQL injection in dos (CVE-2025-61018). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61019 |
|
SQL Injection in dos (CVE-2025-61019)
SQL injection in dos (CVE-2025-61019). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52814 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52814)
vulnerability in gogs.io/gogs (CVE-2026-52814). Risk of unauthorized operations or information disclosure. Exploitable via ``net.Conn``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52813 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52813)
vulnerability in gogs.io/gogs (CVE-2026-52813). Successful exploitation can lead to full system takeover. Exploitable via ``hooks``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52811 |
|
Path Traversal in gogs.io/gogs (CVE-2026-52811)
path traversal in gogs.io/gogs (CVE-2026-52811). Risk of unauthorized operations or information disclosure. Exploitable via `GET /user/login`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52806 |
|
Command Injection in gogs.io/gogs (CVE-2026-52806)
command injection in gogs.io/gogs (CVE-2026-52806). Successful exploitation can lead to full system takeover. Exploitable via ``b53d3162``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52805 |
|
SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-52805)
SSRF in gogs.io/gogs (CVE-2026-52805). Confidential information can be exposed externally. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52802 |
|
Open Redirect in gogs.io/gogs (CVE-2026-52802)
vulnerability in gogs.io/gogs (CVE-2026-52802). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56694 |
|
Authorization Flaw in privilege-escalation (CVE-2026-56694)
vulnerability in privilege-escalation (CVE-2026-56694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56693 |
|
Vulnerability in privilege-escalation (CVE-2026-56693)
vulnerability in privilege-escalation (CVE-2026-56693). Data can be tampered with by attackers.
|
| CVE-2026-56402 |
|
Vulnerability in privilege-escalation (CVE-2026-56402)
vulnerability in privilege-escalation (CVE-2026-56402). Data can be tampered with by attackers.
|
| CVE-2026-52673 |
|
SQL Injection in sqli (CVE-2026-52673)
SQL injection in sqli (CVE-2026-52673). Confidential information can be exposed externally.
|
| CVE-2025-55639 |
|
Vulnerability in c (CVE-2025-55639)
vulnerability in c (CVE-2025-55639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35019 |
|
Vulnerability in CVE-2026-35019 (CVE-2026-35019)
vulnerability in CVE-2026-35019 (CVE-2026-35019). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27604 |
|
Information Disclosure in csrf (CVE-2026-27604)
vulnerability in csrf (CVE-2026-27604). Risk of unauthorized operations or information disclosure. Exploitable via ``system``.
|
| CVE-2026-28496 |
|
Vulnerability in CVE-2026-28496 (CVE-2026-28496)
vulnerability in CVE-2026-28496 (CVE-2026-28496). Risk of unauthorized operations or information disclosure. Exploitable via ``string_render``.
|
| CVE-2026-35018 |
|
OS Command Injection in CVE-2026-35018 (CVE-2026-35018)
OS command injection in CVE-2026-35018 (CVE-2026-35018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11772 |
|
Cross-Site Scripting (XSS) in CVE-2026-11772 (CVE-2026-11772)
cross-site scripting in CVE-2026-11772 (CVE-2026-11772). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56376 |
|
Use-After-Free in dos (CVE-2026-56376)
vulnerability in dos (CVE-2026-56376). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56315 |
|
Vulnerability in CVE-2026-56315 (CVE-2026-56315)
vulnerability in CVE-2026-56315 (CVE-2026-56315). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56263 |
|
Cross-Site Scripting (XSS) in kidocode (CVE-2026-56263)
cross-site scripting in kidocode (CVE-2026-56263). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56248 |
|
Vulnerability in dos (CVE-2026-56248)
vulnerability in dos (CVE-2026-56248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54892 |
|
Vulnerability in dos (CVE-2026-54892)
vulnerability in dos (CVE-2026-54892). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4610 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4610)
cross-site scripting in wordpress (CVE-2026-4610). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10857 |
|
Cross-Site Scripting (XSS) in CVE-2026-10857 (CVE-2026-10857)
cross-site scripting in CVE-2026-10857 (CVE-2026-10857). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71341 |
|
Unsafe Deserialization in CVE-2025-71341 (CVE-2025-71341)
vulnerability in CVE-2025-71341 (CVE-2025-71341). Confidential information can be exposed externally.
|
| CVE-2026-4983 |
|
Cross-Site Scripting (XSS) in eclipse (CVE-2026-4983)
cross-site scripting in eclipse (CVE-2026-4983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9733 |
|
Vulnerability in csrf (CVE-2026-9733)
vulnerability in csrf (CVE-2026-9733). Confidential information can be exposed externally.
|
| CVE-2026-10521 |
|
An high privileged remote attacker can access a hidden configuration method, that should not be...
An high privileged remote attacker can access a hidden configuration method, that should not be...
|
| CVE-2026-8172 |
|
Vulnerability in wordpress (CVE-2026-8172)
vulnerability in wordpress (CVE-2026-8172). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8378 |
|
Vulnerability in wordpress (CVE-2026-8378)
vulnerability in wordpress (CVE-2026-8378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7842 |
|
Vulnerability in wordpress (CVE-2026-7842)
vulnerability in wordpress (CVE-2026-7842). Confidential information can be exposed externally.
|
| CVE-2026-8163 |
|
Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55654 |
|
Out-of-Bounds Read in dos (CVE-2026-55654)
vulnerability in dos (CVE-2026-55654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55653 |
|
Vulnerability in dos (CVE-2026-55653)
vulnerability in dos (CVE-2026-55653). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10651 |
|
Vulnerability in c (CVE-2026-10651)
vulnerability in c (CVE-2026-10651). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10658 |
|
Out-of-Bounds Read in c (CVE-2026-10658)
vulnerability in c (CVE-2026-10658). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10645 |
|
Out-of-Bounds Read in c (CVE-2026-10645)
vulnerability in c (CVE-2026-10645). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52800 |
|
Cross-Site Request Forgery (CSRF) in gogs.io/gogs (CVE-2026-52800)
vulnerability in gogs.io/gogs (CVE-2026-52800). Successful exploitation can lead to full system takeover. Exploitable via ``TeamsAction``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2025-67038 KEV |
|
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
|
| CVE-2026-52798 |
|
Cross-Site Scripting (XSS) in gogs.io/gogs (CVE-2026-52798)
cross-site scripting in gogs.io/gogs (CVE-2026-52798). Confidential information can be exposed externally. Exploitable via ``poc``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52796 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52796)
vulnerability in gogs.io/gogs (CVE-2026-52796). Risk of unauthorized operations or information disclosure. Exploitable via ``com.Expand``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-54353 |
|
Vulnerability in @budibase/backend-core (CVE-2026-54353)
vulnerability in @budibase/backend-core (CVE-2026-54353). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-50132 |
|
Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-56221 |
|
SQL Injection in sqli (CVE-2026-56221)
SQL injection in sqli (CVE-2026-56221). Confidential information can be exposed externally.
|
| CVE-2026-56255 |
|
Vulnerability in dos (CVE-2026-56255)
vulnerability in dos (CVE-2026-56255). Risk of unauthorized operations or information disclosure. Exploitable via `POST /app/demo`.
|
| CVE-2026-48516 |
|
Vulnerability in MessagePack (CVE-2026-48516)
vulnerability in MessagePack (CVE-2026-48516). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48513 |
|
Vulnerability in MessagePack (CVE-2026-48513)
vulnerability in MessagePack (CVE-2026-48513). Risk of unauthorized operations or information disclosure. Exploitable via ``DynamicUnionResolver``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48517 |
|
Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
|