Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53782 |
|
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
|
| CVE-2026-46489 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
|
| CVE-2026-46622 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a misconf...
|
| CVE-2026-47170 |
|
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HT...
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning,...
|
| CVE-2026-45178 |
|
Vulnerability in dos (CVE-2026-45178)
vulnerability in dos (CVE-2026-45178). Confidential information can be exposed externally.
|
| CVE-2026-11774 |
|
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
|
| CVE-2025-31272 |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app...
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app...
|
| CVE-2026-48546 |
|
Vulnerability in CVE-2026-48546 (CVE-2026-48546)
vulnerability in CVE-2026-48546 (CVE-2026-48546). Confidential information can be exposed externally.
|
| CVE-2026-46697 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
|
| CVE-2026-4096 |
|
Vulnerability in ibm (CVE-2026-4096)
vulnerability in ibm (CVE-2026-4096). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2026-53777 |
|
Path Traversal in path-traversal (CVE-2026-53777)
path traversal in path-traversal (CVE-2026-53777). Confidential information can be exposed externally.
|
| CVE-2026-3341 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3341)
SSRF in ssrf (CVE-2026-3341). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38581 |
|
SQL Injection in sqli (CVE-2026-38581)
SQL injection in sqli (CVE-2026-38581). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10847 |
|
Vulnerability in privilege-escalation (CVE-2026-10847)
vulnerability in privilege-escalation (CVE-2026-10847). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11816 |
|
Path Traversal in path-traversal (CVE-2026-11816)
path traversal in path-traversal (CVE-2026-11816). Confidential information can be exposed externally. Exploitable via ``AttributeError``.
|
| CVE-2026-8464 |
|
Path Traversal in path-traversal (CVE-2026-8464)
path traversal in path-traversal (CVE-2026-8464). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7250 |
|
Vulnerability in gitlab (CVE-2026-7250)
vulnerability in gitlab (CVE-2026-7250). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-1500 |
|
Vulnerability in gitlab (CVE-2026-1500)
vulnerability in gitlab (CVE-2026-1500). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-10733 |
|
Vulnerability in gitlab (CVE-2026-10733)
vulnerability in gitlab (CVE-2026-10733). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2022-47150 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-47150)
vulnerability in csrf (CVE-2022-47150). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5497 |
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
|
| CVE-2025-7064 |
|
Vulnerability in CVE-2025-7064 (CVE-2025-7064)
vulnerability in CVE-2025-7064 (CVE-2025-7064). Data can be tampered with by attackers.
|
| CVE-2022-44630 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-44630)
vulnerability in csrf (CVE-2022-44630). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-33999 |
|
Cross-Site Scripting (XSS) in CVE-2023-33999 (CVE-2023-33999)
cross-site scripting in CVE-2023-33999 (CVE-2023-33999). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-32110 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-32110)
vulnerability in csrf (CVE-2024-32110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41699 |
|
Unsafe Deserialization in deserialization (CVE-2026-41699)
vulnerability in deserialization (CVE-2026-41699). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10795 |
|
Vulnerability in wordpress (CVE-2026-10795)
vulnerability in wordpress (CVE-2026-10795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2827 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2827)
cross-site scripting in wordpress (CVE-2026-2827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50223 |
|
Code Injection in apache (CVE-2026-50223)
code injection in apache (CVE-2026-50223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47342 |
|
Vulnerability in apache (CVE-2026-47342)
vulnerability in apache (CVE-2026-47342). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42558 |
|
Cross-Site Scripting (XSS) in CVE-2026-42558 (CVE-2026-42558)
cross-site scripting in CVE-2026-42558 (CVE-2026-42558). Confidential information can be exposed externally.
|
| CVE-2026-50131 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50131)
SSRF in ssrf (CVE-2026-50131). Confidential information can be exposed externally.
|
| CVE-2026-2049 |
|
Vulnerability in CVE-2026-2049 (CVE-2026-2049)
vulnerability in CVE-2026-2049 (CVE-2026-2049). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11604 |
|
Vulnerability in dos (CVE-2026-11604)
vulnerability in dos (CVE-2026-11604). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0272 |
|
Vulnerability in privilege-escalation (CVE-2026-0272)
vulnerability in privilege-escalation (CVE-2026-0272). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0271 |
|
Vulnerability in privilege-escalation (CVE-2026-0271)
vulnerability in privilege-escalation (CVE-2026-0271). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0270 |
|
Path Traversal in path-traversal (CVE-2026-0270)
path traversal in path-traversal (CVE-2026-0270). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0266 |
|
Cross-Site Scripting (XSS) in CVE-2026-0266 (CVE-2026-0266)
cross-site scripting in CVE-2026-0266 (CVE-2026-0266). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46529 |
|
Command Injection in c (CVE-2026-46529)
command injection in c (CVE-2026-46529). Successful exploitation can lead to full system takeover. Exploitable via ``g_shell_quote``. Mitigation: upgrade to `1.6.2` or later.
|
| CVE-2026-11626 |
|
Vulnerability in privilege-escalation (CVE-2026-11626)
vulnerability in privilege-escalation (CVE-2026-11626). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10740 |
|
Vulnerability in Amazon aws (CVE-2026-10740)
vulnerability in Amazon aws (CVE-2026-10740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20251 |
|
Unsafe Deserialization in deserialization (CVE-2026-20251)
vulnerability in deserialization (CVE-2026-20251). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53693 |
|
Cross-Site Scripting (XSS) in CVE-2026-53693 (CVE-2026-53693)
cross-site scripting in CVE-2026-53693 (CVE-2026-53693). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49759 |
|
Vulnerability in c (CVE-2026-49759)
vulnerability in c (CVE-2026-49759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49760 |
|
Vulnerability in c (CVE-2026-49760)
vulnerability in c (CVE-2026-49760). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48858 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48858)
SSRF in ssrf (CVE-2026-48858). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45567 |
|
Authentication Bypass in nginx (CVE-2026-45567)
authentication bypass in nginx (CVE-2026-45567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6090 |
|
Vulnerability in CVE-2026-6090 (CVE-2026-6090)
vulnerability in CVE-2026-6090 (CVE-2026-6090). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53476 |
|
Vulnerability in path-traversal (CVE-2026-53476)
vulnerability in path-traversal (CVE-2026-53476). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53473 |
|
Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
cross-site scripting in kubev2v (CVE-2026-53473). Confidential information can be exposed externally.
|