Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2018-25426 Vulnerability in dos (CVE-2018-25426)
vulnerability in dos (CVE-2018-25426). Risk of unauthorized operations or information disclosure.
CVE-2018-25420 SQL Injection in sqli (CVE-2018-25420)
SQL injection in sqli (CVE-2018-25420). Confidential information can be exposed externally.
CVE-2018-25422 SQL Injection in sqli (CVE-2018-25422)
SQL injection in sqli (CVE-2018-25422). Confidential information can be exposed externally.
CVE-2018-25424 SQL Injection in sqli (CVE-2018-25424)
SQL injection in sqli (CVE-2018-25424). Confidential information can be exposed externally.
CVE-2018-25425 SQL Injection in c (CVE-2018-25425)
SQL injection in c (CVE-2018-25425). Confidential information can be exposed externally.
CVE-2018-25421 Path Traversal in path-traversal (CVE-2018-25421)
path traversal in path-traversal (CVE-2018-25421). Confidential information can be exposed externally.
CVE-2018-25413 SQL Injection in sqli (CVE-2018-25413)
SQL injection in sqli (CVE-2018-25413). Confidential information can be exposed externally.
CVE-2018-25414 SQL Injection in sqli (CVE-2018-25414)
SQL injection in sqli (CVE-2018-25414). Confidential information can be exposed externally.
CVE-2018-25415 SQL Injection in sqli (CVE-2018-25415)
SQL injection in sqli (CVE-2018-25415). Confidential information can be exposed externally.
CVE-2018-25416 SQL Injection in sqli (CVE-2018-25416)
SQL injection in sqli (CVE-2018-25416). Confidential information can be exposed externally.
CVE-2018-25417 SQL Injection in sqli (CVE-2018-25417)
SQL injection in sqli (CVE-2018-25417). Confidential information can be exposed externally.
CVE-2018-25418 SQL Injection in sqli (CVE-2018-25418)
SQL injection in sqli (CVE-2018-25418). Confidential information can be exposed externally.
CVE-2018-25419 SQL Injection in sqli (CVE-2018-25419)
SQL injection in sqli (CVE-2018-25419). Confidential information can be exposed externally.
CVE-2018-25407 SQL Injection in sqli (CVE-2018-25407)
SQL injection in sqli (CVE-2018-25407). Confidential information can be exposed externally.
CVE-2018-25410 SQL Injection in sqli (CVE-2018-25410)
SQL injection in sqli (CVE-2018-25410). Confidential information can be exposed externally.
CVE-2018-25411 SQL Injection in sqli (CVE-2018-25411)
SQL injection in sqli (CVE-2018-25411). Confidential information can be exposed externally.
CVE-2018-25408 Path Traversal in path-traversal (CVE-2018-25408)
path traversal in path-traversal (CVE-2018-25408). Confidential information can be exposed externally.
CVE-2018-25412 Vulnerability in deltasql-project (CVE-2018-25412)
vulnerability in deltasql-project (CVE-2018-25412). Successful exploitation can lead to full system takeover.
CVE-2018-25406 SQL Injection in sqli (CVE-2018-25406)
SQL injection in sqli (CVE-2018-25406). Confidential information can be exposed externally.
CVE-2018-25405 SQL Injection in sqli (CVE-2018-25405)
SQL injection in sqli (CVE-2018-25405). Confidential information can be exposed externally.
CVE-2026-10117 Vulnerability in c (CVE-2026-10117)
vulnerability in c (CVE-2026-10117). Risk of unauthorized operations or information disclosure.
CVE-2026-10116 Vulnerability in c (CVE-2026-10116)
vulnerability in c (CVE-2026-10116). Risk of unauthorized operations or information disclosure.
CVE-2026-10115 Vulnerability in c (CVE-2026-10115)
vulnerability in c (CVE-2026-10115). Risk of unauthorized operations or information disclosure.
CVE-2026-9757 SQL Injection in wordpress (CVE-2026-9757)
SQL injection in wordpress (CVE-2026-9757). Confidential information can be exposed externally.
CVE-2026-7465 Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
CVE-2026-10113 Vulnerability in c (CVE-2026-10113)
vulnerability in c (CVE-2026-10113). Risk of unauthorized operations or information disclosure.
CVE-2026-10111 Vulnerability in sqli (CVE-2026-10111)
vulnerability in sqli (CVE-2026-10111). Risk of unauthorized operations or information disclosure.
CVE-2026-10112 Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
cross-site scripting in CVE-2026-10112 (CVE-2026-10112). Risk of unauthorized operations or information disclosure.
CVE-2026-10110 Vulnerability in sqli (CVE-2026-10110)
vulnerability in sqli (CVE-2026-10110). Risk of unauthorized operations or information disclosure.
CVE-2026-47268 SSRF (Server-Side Request Forgery) in github.com/nezhahq/nezha (CVE-2026-47268)
SSRF in github.com/nezhahq/nezha (CVE-2026-47268). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/ddns`. Mitigation: upgrade to `2.0.10` or later.
CVE-2026-46527 Vulnerability in c (CVE-2026-46527)
vulnerability in c (CVE-2026-46527). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-44420 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel b...
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process...
CVE-2026-44285 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot...
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploi...
CVE-2026-44421 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
CVE-2026-34127 Cross-Site Scripting (XSS) in tp-link (CVE-2026-34127)
cross-site scripting in tp-link (CVE-2026-34127). Risk of unauthorized operations or information disclosure.
CVE-2026-47260 SSRF (Server-Side Request Forgery) in phanan/koel (CVE-2026-47260)
SSRF in phanan/koel (CVE-2026-47260). Confidential information can be exposed externally. Exploitable via `POST /api/podcasts`. Mitigation: upgrade to `9.3.5` or later.
CVE-2026-49384 In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2026-49381 In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-9051 Vulnerability in privilege-escalation (CVE-2026-9051)
vulnerability in privilege-escalation (CVE-2026-9051). Confidential information can be exposed externally.
CVE-2026-49372 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49375 Cross-Site Scripting (XSS) in jetbrains (CVE-2026-49375)
cross-site scripting in jetbrains (CVE-2026-49375). Risk of unauthorized operations or information disclosure.
CVE-2026-49373 Vulnerability in jetbrains (CVE-2026-49373)
vulnerability in jetbrains (CVE-2026-49373). Confidential information can be exposed externally.
CVE-2026-49371 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-49368 In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CVE-2026-49367 In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVE-2026-49366 In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVE-2026-46344 Out-of-Bounds Read in c (CVE-2026-46344)
vulnerability in c (CVE-2026-46344). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.16.0` or later.
CVE-2026-44518 Vulnerability in c (CVE-2026-44518)
vulnerability in c (CVE-2026-44518). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.16.0` or later.
CVE-2026-10108 Path Traversal in xiaomusic (CVE-2026-10108)
path traversal in xiaomusic (CVE-2026-10108). Confidential information can be exposed externally. Exploitable via `GET /music/{file_path`. Mitigation: upgrade to `0.5.8` or later.
CVE-2026-10105 SQL Injection in agno (CVE-2026-10105)
SQL injection in agno (CVE-2026-10105). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →