Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-42502 Vulnerability in golang.org/x/net (CVE-2026-42502)
vulnerability in golang.org/x/net (CVE-2026-42502). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-25681 Vulnerability in golang.org/x/net (CVE-2026-25681)
vulnerability in golang.org/x/net (CVE-2026-25681). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-27136 Vulnerability in golang.org/x/net (CVE-2026-27136)
vulnerability in golang.org/x/net (CVE-2026-27136). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-42506 Cross-Site Scripting (XSS) in golang.org/x/net (CVE-2026-42506)
cross-site scripting in golang.org/x/net (CVE-2026-42506). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-39821 Vulnerability in golang.org/x/net (CVE-2026-39821)
vulnerability in golang.org/x/net (CVE-2026-39821). Confidential information can be exposed externally. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-25680 Vulnerability in golang.org/x/net (CVE-2026-25680)
vulnerability in golang.org/x/net (CVE-2026-25680). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-9264 Vulnerability in CVE-2026-9264 (CVE-2026-9264)
vulnerability in CVE-2026-9264 (CVE-2026-9264). Risk of unauthorized operations or information disclosure.
CVE-2026-34911 Path Traversal in path-traversal (CVE-2026-34911)
path traversal in path-traversal (CVE-2026-34911). Confidential information can be exposed externally.
CVE-2026-34909 KEV [KEV] Path Traversal in Ubiquiti path-traversal (CVE-2026-34909)
path traversal in Ubiquiti path-traversal (CVE-2026-34909). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-8435 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8435)
vulnerability in concrete5/concrete5 (CVE-2026-8435). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8434 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8434)
vulnerability in concrete5/concrete5 (CVE-2026-8434). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8433 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8433)
vulnerability in concrete5/concrete5 (CVE-2026-8433). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8432 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8432)
vulnerability in concrete5/concrete5 (CVE-2026-8432). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8427 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8427)
vulnerability in concrete5/concrete5 (CVE-2026-8427). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8416 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8416)
vulnerability in concrete5/concrete5 (CVE-2026-8416). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8415 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8414 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8414)
vulnerability in concrete5/concrete5 (CVE-2026-8414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8413 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8413)
vulnerability in concrete5/concrete5 (CVE-2026-8413). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8245 Vulnerability in concrete5/concrete5 (CVE-2026-8245)
vulnerability in concrete5/concrete5 (CVE-2026-8245). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8412 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8412)
vulnerability in concrete5/concrete5 (CVE-2026-8412). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8411 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8411)
vulnerability in concrete5/concrete5 (CVE-2026-8411). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8410 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8410)
vulnerability in concrete5/concrete5 (CVE-2026-8410). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8409 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8409)
vulnerability in concrete5/concrete5 (CVE-2026-8409). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8139 Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8139)
cross-site scripting in concrete5/concrete5 (CVE-2026-8139). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-7882 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-7882)
vulnerability in concrete5/concrete5 (CVE-2026-7882). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-4093 Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
CVE-2026-4929 Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
CVE-2026-6960 Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
CVE-2026-22678 Cross-Site Scripting (XSS) in CVE-2026-22678 (CVE-2026-22678)
cross-site scripting in CVE-2026-22678 (CVE-2026-22678). Risk of unauthorized operations or information disclosure.
CVE-2026-8203 Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8203)
cross-site scripting in concrete5/concrete5 (CVE-2026-8203). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8350 Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8421 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8426 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8428 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8417 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8197 Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8134 Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8135 Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8140 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-47101 Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
CVE-2026-46551 Vulnerability in nocodb (CVE-2026-46551)
vulnerability in nocodb (CVE-2026-46551). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/db/storage/upload-by-url`.
CVE-2026-46550 Vulnerability in nocodb (CVE-2026-46550)
vulnerability in nocodb (CVE-2026-46550). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/auth/token/refresh`.
CVE-2026-46548 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-46548)
SSRF in nocodb (CVE-2026-46548). Risk of unauthorized operations or information disclosure. Exploitable via ``httpAgent``.
CVE-2026-46547 Cross-Site Scripting (XSS) in nocodb (CVE-2026-46547)
cross-site scripting in nocodb (CVE-2026-46547). Risk of unauthorized operations or information disclosure. Exploitable via ``ncRedirectUrl``.
CVE-2026-46683 SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
CVE-2026-46517 Code Injection in lmdeploy (CVE-2026-46517)
code injection in lmdeploy (CVE-2026-46517). Successful exploitation can lead to full system takeover. Exploitable via ``get_model_arch``.
CVE-2026-46497 SSRF (Server-Side Request Forgery) in crawlee (CVE-2026-46497)
SSRF in crawlee (CVE-2026-46497). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `1.7.0` or later.
CVE-2026-48235 SQL Injection in sqli (CVE-2026-48235)
SQL injection in sqli (CVE-2026-48235). Confidential information can be exposed externally.
CVE-2026-48237 SQL Injection in sqli (CVE-2026-48237)
SQL injection in sqli (CVE-2026-48237). Confidential information can be exposed externally.
CVE-2026-48236 SQL Injection in sqli (CVE-2026-48236)
SQL injection in sqli (CVE-2026-48236). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →