Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48681 |
|
Vulnerability in path-traversal (CVE-2026-48681)
vulnerability in path-traversal (CVE-2026-48681). Confidential information can be exposed externally.
|
| CVE-2026-41283 |
|
Authorization Flaw in CVE-2026-41283 (CVE-2026-41283)
vulnerability in CVE-2026-41283 (CVE-2026-41283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8653 |
|
SQL Injection in wordpress (CVE-2026-8653)
SQL injection in wordpress (CVE-2026-8653). Confidential information can be exposed externally.
|
| CVE-2026-7764 |
|
Out-of-Bounds Read in dos (CVE-2026-7764)
vulnerability in dos (CVE-2026-7764). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10775 |
|
Vulnerability in dos (CVE-2026-10775)
vulnerability in dos (CVE-2026-10775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10777 |
|
A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
|
| CVE-2026-10771 |
|
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
|
| CVE-2026-44022 |
|
Path Traversal in docling (CVE-2026-44022)
path traversal in docling (CVE-2026-44022). Confidential information can be exposed externally. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-44020 |
|
Vulnerability in docling (CVE-2026-44020)
vulnerability in docling (CVE-2026-44020). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.74.0` or later.
|
| CVE-2026-44016 |
|
Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-40898 |
|
Vulnerability in github.com/quic-go/quic-go (CVE-2026-40898)
vulnerability in github.com/quic-go/quic-go (CVE-2026-40898). Risk of unauthorized operations or information disclosure. Exploitable via ``http.Header``. Mitigation: upgrade to `0.59.1` or later.
|
| CVE-2026-50033 |
|
Vulnerability in privilege-escalation (CVE-2026-50033)
vulnerability in privilege-escalation (CVE-2026-50033). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44682 |
|
Vulnerability in privilege-escalation (CVE-2026-44682)
vulnerability in privilege-escalation (CVE-2026-44682). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44609 |
|
Vulnerability in privilege-escalation (CVE-2026-44609)
vulnerability in privilege-escalation (CVE-2026-44609). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37700 |
|
Cross-Site Scripting (XSS) in CVE-2026-37700 (CVE-2026-37700)
cross-site scripting in CVE-2026-37700 (CVE-2026-37700). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42061 |
|
Vulnerability in privilege-escalation (CVE-2026-42061)
vulnerability in privilege-escalation (CVE-2026-42061). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44017 |
|
Path Traversal in docling (CVE-2026-44017)
path traversal in docling (CVE-2026-44017). Successful exploitation can lead to full system takeover. Exploitable via ``SecurityError``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-8888 |
|
Vulnerability in dos (CVE-2026-8888)
vulnerability in dos (CVE-2026-8888). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26379 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-26379)
SSRF in ssrf (CVE-2026-26379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26378 |
|
Cross-Site Scripting (XSS) in koha (CVE-2026-26378)
cross-site scripting in koha (CVE-2026-26378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39107 |
|
Cross-Site Scripting (XSS) in CVE-2026-39107 (CVE-2026-39107)
cross-site scripting in CVE-2026-39107 (CVE-2026-39107). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36460 |
|
Cross-Site Scripting (XSS) in CVE-2026-36460 (CVE-2026-36460)
cross-site scripting in CVE-2026-36460 (CVE-2026-36460). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36605 |
|
Vulnerability in dos (CVE-2026-36605)
vulnerability in dos (CVE-2026-36605). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20230 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Cisco ssrf (CVE-2026-20230)
SSRF in Cisco ssrf (CVE-2026-20230). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20233 |
|
Cross-Site Scripting (XSS) in Cisco webex-meetings (CVE-2026-20233)
cross-site scripting in Cisco webex-meetings (CVE-2026-20233). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42321 |
|
Cross-Site Scripting (XSS) in CVE-2026-42321 (CVE-2026-42321)
cross-site scripting in CVE-2026-42321 (CVE-2026-42321). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36748 |
|
Cross-Site Scripting (XSS) in CVE-2026-36748 (CVE-2026-36748)
cross-site scripting in CVE-2026-36748 (CVE-2026-36748). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37462 |
|
Vulnerability in dos (CVE-2026-37462)
vulnerability in dos (CVE-2026-37462). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-31114 |
|
Cross-Site Scripting (XSS) in backpack/crud (CVE-2022-31114)
cross-site scripting in backpack/crud (CVE-2022-31114). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.63` or later.
|
| CVE-2026-5241 |
|
Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
|
| CVE-2026-47324 |
|
Cross-Site Scripting (XSS) in CVE-2026-47324 (CVE-2026-47324)
cross-site scripting in CVE-2026-47324 (CVE-2026-47324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44545 |
|
Vulnerability in dos (CVE-2026-44545)
vulnerability in dos (CVE-2026-44545). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37460 |
|
Vulnerability in c (CVE-2026-37460)
vulnerability in c (CVE-2026-37460). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10729 |
|
Vulnerability in CVE-2026-10729 (CVE-2026-10729)
vulnerability in CVE-2026-10729 (CVE-2026-10729). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60477 |
|
Vulnerability in c (CVE-2025-60477)
vulnerability in c (CVE-2025-60477). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70100 |
|
Vulnerability in c (CVE-2025-70100)
vulnerability in c (CVE-2025-70100). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70101 |
|
Out-of-Bounds Read in c (CVE-2025-70101)
vulnerability in c (CVE-2025-70101). Confidential information can be exposed externally.
|
| CVE-2024-47273 |
|
Path Traversal in path-traversal (CVE-2024-47273)
path traversal in path-traversal (CVE-2024-47273). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-47263 |
|
Path Traversal in path-traversal (CVE-2024-47263)
path traversal in path-traversal (CVE-2024-47263). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15655 |
|
SQL Injection in sqli (CVE-2025-15655)
SQL injection in sqli (CVE-2025-15655). Confidential information can be exposed externally.
|
| CVE-2025-15656 |
|
Vulnerability in privilege-escalation (CVE-2025-15656)
vulnerability in privilege-escalation (CVE-2025-15656). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14773 |
|
Cross-Site Scripting (XSS) in abb (CVE-2025-14773)
cross-site scripting in abb (CVE-2025-14773). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15654 |
|
Cross-Site Scripting (XSS) in CVE-2025-15654 (CVE-2025-15654)
cross-site scripting in CVE-2025-15654 (CVE-2025-15654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50052 |
|
Vulnerability in CVE-2026-50052 (CVE-2026-50052)
vulnerability in CVE-2026-50052 (CVE-2026-50052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10704 |
|
Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9516 |
|
Vulnerability in dos (CVE-2026-9516)
vulnerability in dos (CVE-2026-9516). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7421 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7421)
cross-site scripting in wordpress (CVE-2026-7421). Risk of unauthorized operations or information disclosure. Exploitable via ``shop_name``.
|
| CVE-2026-40108 |
|
Cross-Site Scripting (XSS) in CVE-2026-40108 (CVE-2026-40108)
cross-site scripting in CVE-2026-40108 (CVE-2026-40108). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35212 |
|
Cross-Site Scripting (XSS) in pycti (CVE-2026-35212)
cross-site scripting in pycti (CVE-2026-35212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.260227.0` or later.
|
| CVE-2021-4481 |
|
Vulnerability in privilege-escalation (CVE-2021-4481)
vulnerability in privilege-escalation (CVE-2021-4481). Data can be tampered with by attackers.
|