Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48512 |
|
Vulnerability in MessagePack (CVE-2026-48512)
vulnerability in MessagePack (CVE-2026-48512). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSerializer.ConvertFromJson``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48167 |
|
Cross-Site Scripting (XSS) in filament/infolists (CVE-2026-48167)
cross-site scripting in filament/infolists (CVE-2026-48167). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageColumn``. Mitigation: upgrade to `5.6.5` or later.
|
| CVE-2026-44272 |
|
SQL Injection in sqli (CVE-2026-44272)
SQL injection in sqli (CVE-2026-44272). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44271 |
|
SQL Injection in sqli (CVE-2026-44271)
SQL injection in sqli (CVE-2026-44271). Confidential information can be exposed externally.
|
| CVE-2026-53779 |
|
Path Traversal in path-traversal (CVE-2026-53779)
path traversal in path-traversal (CVE-2026-53779). Confidential information can be exposed externally.
|
| CVE-2026-39904 |
|
Vulnerability in dos (CVE-2026-39904)
vulnerability in dos (CVE-2026-39904). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10852 |
|
Vulnerability in dos (CVE-2026-10852)
vulnerability in dos (CVE-2026-10852). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46607 |
|
Unsafe Deserialization in glances (CVE-2026-46607)
vulnerability in glances (CVE-2026-46607). Successful exploitation can lead to full system takeover. Exploitable via ``self.cache_file``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2026-55599 |
|
SSRF (Server-Side Request Forgery) in phpseclib/phpseclib (CVE-2026-55599)
SSRF in phpseclib/phpseclib (CVE-2026-55599). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ssrf`. Mitigation: upgrade to `3.0.54` or later.
|
| CVE-2026-11994 |
|
Cross-Site Scripting (XSS) in CVE-2026-11994 (CVE-2026-11994)
cross-site scripting in CVE-2026-11994 (CVE-2026-11994). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42127 |
|
Vulnerability in dos (CVE-2026-42127)
vulnerability in dos (CVE-2026-42127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31978 |
|
Path Traversal in motioneye (CVE-2026-31978)
path traversal in motioneye (CVE-2026-31978). Confidential information can be exposed externally. Exploitable via ``mediafiles.py``. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2025-64719 |
|
Vulnerability in gogs.io/gogs (CVE-2025-64719)
vulnerability in gogs.io/gogs (CVE-2025-64719). Risk of unauthorized operations or information disclosure. Exploitable via ``view.go``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-9071 |
|
Vulnerability in dos (CVE-2026-9071)
vulnerability in dos (CVE-2026-9071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9320 |
|
Vulnerability in dos (CVE-2026-9320)
vulnerability in dos (CVE-2026-9320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9006 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9006)
SSRF in ssrf (CVE-2026-9006). Confidential information can be exposed externally.
|
| CVE-2026-9072 |
|
Code Injection in dos (CVE-2026-9072)
code injection in dos (CVE-2026-9072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8858 |
|
Code Injection in dos (CVE-2026-8858)
code injection in dos (CVE-2026-8858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7253 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-7253)
SSRF in ssrf (CVE-2026-7253). Confidential information can be exposed externally.
|
| CVE-2026-8059 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2026-8059)
cross-site scripting in ibm (CVE-2026-8059). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41046 |
|
Vulnerability in path-traversal (CVE-2026-41046)
vulnerability in path-traversal (CVE-2026-41046). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12725 |
|
Vulnerability in dos (CVE-2026-12725)
vulnerability in dos (CVE-2026-12725). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11942 |
|
Cross-Site Scripting (XSS) in CVE-2026-11942 (CVE-2026-11942)
cross-site scripting in CVE-2026-11942 (CVE-2026-11942). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11943 |
|
Cross-Site Scripting (XSS) in CVE-2026-11943 (CVE-2026-11943)
cross-site scripting in CVE-2026-11943 (CVE-2026-11943). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12479 |
|
Path Traversal in path-traversal (CVE-2026-12479)
path traversal in path-traversal (CVE-2026-12479). Risk of unauthorized operations or information disclosure. Exploitable via ``DiskIOStore.make``.
|
| CVE-2026-11372 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2026-11372)
cross-site scripting in ibm (CVE-2026-11372). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51454 |
|
Vulnerability in ibm (CVE-2024-51454)
vulnerability in ibm (CVE-2024-51454). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2026-9029 |
|
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
|
| CVE-2026-7165 |
|
Vulnerability in dos (CVE-2026-7165)
vulnerability in dos (CVE-2026-7165). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56425 |
|
Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
|
| CVE-2026-56448 |
|
Path Traversal in path-traversal (CVE-2026-56448)
path traversal in path-traversal (CVE-2026-56448). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56446 |
|
Code Injection in misp-project (CVE-2026-56446)
code injection in misp-project (CVE-2026-56446). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54099 |
|
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
|
| CVE-2026-42129 |
|
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
|
| CVE-2026-10601 |
|
Path Traversal in path-traversal (CVE-2026-10601)
path traversal in path-traversal (CVE-2026-10601). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10561 |
|
Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
|
| CVE-2025-33128 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2025-33128)
cross-site scripting in ibm (CVE-2025-33128). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-54178 |
|
Vulnerability in dos (CVE-2024-54178)
vulnerability in dos (CVE-2024-54178). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12580 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2026-12580)
cross-site scripting in csharp (CVE-2026-12580). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-45796 |
|
Cross-Site Scripting (XSS) in CVE-2023-45796 (CVE-2023-45796)
cross-site scripting in CVE-2023-45796 (CVE-2023-45796). Data can be tampered with by attackers.
|
| CVE-2025-4994 |
|
Vulnerability in CVE-2025-4994 (CVE-2025-4994)
vulnerability in CVE-2025-4994 (CVE-2025-4994). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-45795 |
|
Cross-Site Scripting (XSS) in CVE-2023-45795 (CVE-2023-45795)
cross-site scripting in CVE-2023-45795 (CVE-2023-45795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4110 |
|
Vulnerability in wordpress (CVE-2026-4110)
vulnerability in wordpress (CVE-2026-4110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6858 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6858)
cross-site scripting in wordpress (CVE-2026-6858). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4259 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-4259)
cross-site scripting in wordpress (CVE-2026-4259). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62198 |
|
Vulnerability in apache (CVE-2025-62198)
vulnerability in apache (CVE-2025-62198). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7859 |
|
Vulnerability in wordpress (CVE-2026-7859)
vulnerability in wordpress (CVE-2026-7859). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66336 |
|
SQL Injection in apache (CVE-2025-66336)
SQL injection in apache (CVE-2025-66336). Confidential information can be exposed externally.
|
| CVE-2026-12821 |
|
Path Traversal in path-traversal (CVE-2026-12821)
path traversal in path-traversal (CVE-2026-12821). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12811 |
|
Cross-Site Scripting (XSS) in CVE-2026-12811 (CVE-2026-12811)
cross-site scripting in CVE-2026-12811 (CVE-2026-12811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.39` or later.
|