Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2025-61028 SQL Injection in dos (CVE-2025-61028)
SQL injection in dos (CVE-2025-61028). Risk of unauthorized operations or information disclosure.
CVE-2025-61018 SQL Injection in dos (CVE-2025-61018)
SQL injection in dos (CVE-2025-61018). Risk of unauthorized operations or information disclosure.
CVE-2025-61019 SQL Injection in dos (CVE-2025-61019)
SQL injection in dos (CVE-2025-61019). Risk of unauthorized operations or information disclosure.
CVE-2026-52814 Vulnerability in gogs.io/gogs (CVE-2026-52814)
vulnerability in gogs.io/gogs (CVE-2026-52814). Risk of unauthorized operations or information disclosure. Exploitable via ``net.Conn``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52813 Vulnerability in gogs.io/gogs (CVE-2026-52813)
vulnerability in gogs.io/gogs (CVE-2026-52813). Successful exploitation can lead to full system takeover. Exploitable via ``hooks``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52811 Path Traversal in gogs.io/gogs (CVE-2026-52811)
path traversal in gogs.io/gogs (CVE-2026-52811). Risk of unauthorized operations or information disclosure. Exploitable via `GET /user/login`. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52806 Command Injection in gogs.io/gogs (CVE-2026-52806)
command injection in gogs.io/gogs (CVE-2026-52806). Successful exploitation can lead to full system takeover. Exploitable via ``b53d3162``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52805 SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-52805)
SSRF in gogs.io/gogs (CVE-2026-52805). Confidential information can be exposed externally. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52802 Open Redirect in gogs.io/gogs (CVE-2026-52802)
vulnerability in gogs.io/gogs (CVE-2026-52802). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-56694 Authorization Flaw in privilege-escalation (CVE-2026-56694)
vulnerability in privilege-escalation (CVE-2026-56694). Risk of unauthorized operations or information disclosure.
CVE-2026-56693 Vulnerability in privilege-escalation (CVE-2026-56693)
vulnerability in privilege-escalation (CVE-2026-56693). Data can be tampered with by attackers.
CVE-2026-56402 Vulnerability in privilege-escalation (CVE-2026-56402)
vulnerability in privilege-escalation (CVE-2026-56402). Data can be tampered with by attackers.
CVE-2026-52673 SQL Injection in sqli (CVE-2026-52673)
SQL injection in sqli (CVE-2026-52673). Confidential information can be exposed externally.
CVE-2025-55639 Vulnerability in c (CVE-2025-55639)
vulnerability in c (CVE-2025-55639). Risk of unauthorized operations or information disclosure.
CVE-2026-35019 Vulnerability in CVE-2026-35019 (CVE-2026-35019)
vulnerability in CVE-2026-35019 (CVE-2026-35019). Successful exploitation can lead to full system takeover.
CVE-2026-27604 Information Disclosure in csrf (CVE-2026-27604)
vulnerability in csrf (CVE-2026-27604). Risk of unauthorized operations or information disclosure. Exploitable via ``system``.
CVE-2026-28496 Vulnerability in CVE-2026-28496 (CVE-2026-28496)
vulnerability in CVE-2026-28496 (CVE-2026-28496). Risk of unauthorized operations or information disclosure. Exploitable via ``string_render``.
CVE-2026-35018 OS Command Injection in CVE-2026-35018 (CVE-2026-35018)
OS command injection in CVE-2026-35018 (CVE-2026-35018). Successful exploitation can lead to full system takeover.
CVE-2026-11772 Cross-Site Scripting (XSS) in CVE-2026-11772 (CVE-2026-11772)
cross-site scripting in CVE-2026-11772 (CVE-2026-11772). Risk of unauthorized operations or information disclosure.
CVE-2026-56376 Use-After-Free in dos (CVE-2026-56376)
vulnerability in dos (CVE-2026-56376). Risk of unauthorized operations or information disclosure.
CVE-2026-56315 Vulnerability in CVE-2026-56315 (CVE-2026-56315)
vulnerability in CVE-2026-56315 (CVE-2026-56315). Successful exploitation can lead to full system takeover.
CVE-2026-56263 Cross-Site Scripting (XSS) in kidocode (CVE-2026-56263)
cross-site scripting in kidocode (CVE-2026-56263). Risk of unauthorized operations or information disclosure.
CVE-2026-56248 Vulnerability in dos (CVE-2026-56248)
vulnerability in dos (CVE-2026-56248). Risk of unauthorized operations or information disclosure.
CVE-2026-54892 Vulnerability in dos (CVE-2026-54892)
vulnerability in dos (CVE-2026-54892). Risk of unauthorized operations or information disclosure.
CVE-2026-4610 Cross-Site Scripting (XSS) in wordpress (CVE-2026-4610)
cross-site scripting in wordpress (CVE-2026-4610). Risk of unauthorized operations or information disclosure.
CVE-2026-10857 Cross-Site Scripting (XSS) in CVE-2026-10857 (CVE-2026-10857)
cross-site scripting in CVE-2026-10857 (CVE-2026-10857). Risk of unauthorized operations or information disclosure.
CVE-2025-71341 Unsafe Deserialization in CVE-2025-71341 (CVE-2025-71341)
vulnerability in CVE-2025-71341 (CVE-2025-71341). Confidential information can be exposed externally.
CVE-2026-4983 Cross-Site Scripting (XSS) in eclipse (CVE-2026-4983)
cross-site scripting in eclipse (CVE-2026-4983). Risk of unauthorized operations or information disclosure.
CVE-2026-9733 Vulnerability in csrf (CVE-2026-9733)
vulnerability in csrf (CVE-2026-9733). Confidential information can be exposed externally.
CVE-2026-10521 An high privileged remote attacker can access a hidden configuration method, that should not be...
An high privileged remote attacker can access a hidden configuration method, that should not be...
CVE-2026-8172 Vulnerability in wordpress (CVE-2026-8172)
vulnerability in wordpress (CVE-2026-8172). Risk of unauthorized operations or information disclosure.
CVE-2026-8378 Vulnerability in wordpress (CVE-2026-8378)
vulnerability in wordpress (CVE-2026-8378). Risk of unauthorized operations or information disclosure.
CVE-2026-7842 Vulnerability in wordpress (CVE-2026-7842)
vulnerability in wordpress (CVE-2026-7842). Confidential information can be exposed externally.
CVE-2026-8163 Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
CVE-2026-55654 Out-of-Bounds Read in dos (CVE-2026-55654)
vulnerability in dos (CVE-2026-55654). Risk of unauthorized operations or information disclosure.
CVE-2026-55653 Vulnerability in dos (CVE-2026-55653)
vulnerability in dos (CVE-2026-55653). Risk of unauthorized operations or information disclosure.
CVE-2026-10651 Vulnerability in c (CVE-2026-10651)
vulnerability in c (CVE-2026-10651). Risk of unauthorized operations or information disclosure.
CVE-2026-10658 Out-of-Bounds Read in c (CVE-2026-10658)
vulnerability in c (CVE-2026-10658). Risk of unauthorized operations or information disclosure.
CVE-2026-10645 Out-of-Bounds Read in c (CVE-2026-10645)
vulnerability in c (CVE-2026-10645). Risk of unauthorized operations or information disclosure.
CVE-2026-52800 Cross-Site Request Forgery (CSRF) in gogs.io/gogs (CVE-2026-52800)
vulnerability in gogs.io/gogs (CVE-2026-52800). Successful exploitation can lead to full system takeover. Exploitable via ``TeamsAction``. Mitigation: upgrade to `0.14.3` or later.
CVE-2025-67038 KEV An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
CVE-2026-52798 Cross-Site Scripting (XSS) in gogs.io/gogs (CVE-2026-52798)
cross-site scripting in gogs.io/gogs (CVE-2026-52798). Confidential information can be exposed externally. Exploitable via ``poc``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52796 Vulnerability in gogs.io/gogs (CVE-2026-52796)
vulnerability in gogs.io/gogs (CVE-2026-52796). Risk of unauthorized operations or information disclosure. Exploitable via ``com.Expand``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-54353 Vulnerability in @budibase/backend-core (CVE-2026-54353)
vulnerability in @budibase/backend-core (CVE-2026-54353). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.9` or later.
CVE-2026-50132 Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-56221 SQL Injection in sqli (CVE-2026-56221)
SQL injection in sqli (CVE-2026-56221). Confidential information can be exposed externally.
CVE-2026-56255 Vulnerability in dos (CVE-2026-56255)
vulnerability in dos (CVE-2026-56255). Risk of unauthorized operations or information disclosure. Exploitable via `POST /app/demo`.
CVE-2026-48516 Vulnerability in MessagePack (CVE-2026-48516)
vulnerability in MessagePack (CVE-2026-48516). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48513 Vulnerability in MessagePack (CVE-2026-48513)
vulnerability in MessagePack (CVE-2026-48513). Risk of unauthorized operations or information disclosure. Exploitable via ``DynamicUnionResolver``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48517 Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →