Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43633 |
|
Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42099 |
|
Vulnerability in sparxsystems (CVE-2026-42099)
vulnerability in sparxsystems (CVE-2026-42099). Successful exploitation can lead to full system takeover.
|
| CVE-2025-40903 |
|
Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40903)
cross-site scripting in nozominetworks (CVE-2025-40903). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40904 |
|
Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40904)
cross-site scripting in nozominetworks (CVE-2025-40904). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40900 |
|
Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40901 |
|
Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40901)
cross-site scripting in nozominetworks (CVE-2025-40901). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40902 |
|
Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40902)
cross-site scripting in nozominetworks (CVE-2025-40902). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8912 |
|
SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
|
| CVE-2026-4883 |
|
Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7307 |
|
Vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307)
vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.2` or later.
|
| CVE-2026-7507 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-7507)
vulnerability in org.keycloak:keycloak-services (CVE-2026-7507). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.6.2` or later.
|
| CVE-2026-43492 |
|
Vulnerability in dos (CVE-2026-43492)
vulnerability in dos (CVE-2026-43492). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46725 |
|
Unsafe Deserialization in mmc/ceselector (CVE-2026-46725)
vulnerability in mmc/ceselector (CVE-2026-46725). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.3` or later.
|
| CVE-2026-8727 |
|
Unsafe Deserialization in tomasnorre/crawler (CVE-2026-8727)
vulnerability in tomasnorre/crawler (CVE-2026-8727). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.13` or later.
|
| CVE-2026-46724 |
|
Path Traversal in tpwd/ke_search (CVE-2026-46724)
path traversal in tpwd/ke_search (CVE-2026-46724). Risk of unauthorized operations or information disclosure. Exploitable via ``ke_search``. Mitigation: upgrade to `4.6.7` or later.
|
| CVE-2026-8827 |
|
SQL Injection in friendsoftypo3/tt-address (CVE-2026-8827)
SQL injection in friendsoftypo3/tt-address (CVE-2026-8827). Risk of unauthorized operations or information disclosure. Exploitable via ``tt_address``. Mitigation: upgrade to `8.1.2` or later.
|
| CVE-2026-45434 |
|
Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31910 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
SSRF in apache (CVE-2026-31910). Confidential information can be exposed externally.
|
| CVE-2026-31379 |
|
Path Traversal in apache (CVE-2026-31379)
path traversal in apache (CVE-2026-31379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31906 |
|
Cross-Site Scripting (XSS) in apache (CVE-2026-31906)
cross-site scripting in apache (CVE-2026-31906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29220 |
|
Path Traversal in apache (CVE-2026-29220)
path traversal in apache (CVE-2026-29220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29226 |
|
SSRF (Server-Side Request Forgery) in apache (CVE-2026-29226)
SSRF in apache (CVE-2026-29226). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4885 |
|
Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8813 |
|
Vulnerability in exifreader (CVE-2026-8813)
vulnerability in exifreader (CVE-2026-8813). Risk of unauthorized operations or information disclosure. Exploitable via ``multiLocalizedUnicodeType``. Mitigation: upgrade to `4.39.0` or later.
|
| CVE-2026-47307 |
|
Vulnerability in dos (CVE-2026-47307)
vulnerability in dos (CVE-2026-47307). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33565 |
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
|
| CVE-2026-28751 |
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
|
| CVE-2026-27781 |
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
|
| CVE-2026-25781 |
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
|
| CVE-2026-25110 |
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
|
| CVE-2026-27648 |
|
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
|
| CVE-2026-24792 |
|
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
|
| CVE-2026-22069 |
|
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
|
| CVE-2026-33234 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33232 |
|
Vulnerability in dos (CVE-2026-33232)
vulnerability in dos (CVE-2026-33232). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33233 |
|
Code Injection in deserialization (CVE-2026-33233)
code injection in deserialization (CVE-2026-33233). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32323 |
|
Privilege Escalation in privilege-escalation (CVE-2026-32323)
vulnerability in privilege-escalation (CVE-2026-32323). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30950 |
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
|
| CVE-2026-27964 |
|
Cross-Site Scripting (XSS) in facturascripts/facturascripts (CVE-2026-27964)
cross-site scripting in facturascripts/facturascripts (CVE-2026-27964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27891 |
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
|
| CVE-2026-27737 |
|
Cross-Site Scripting (XSS) in CVE-2026-27737 (CVE-2026-27737)
cross-site scripting in CVE-2026-27737 (CVE-2026-27737). Data can be tampered with by attackers.
|
| CVE-2026-8851 |
|
SQL Injection in sqli (CVE-2026-8851)
SQL injection in sqli (CVE-2026-8851). Confidential information can be exposed externally.
|
| CVE-2026-47091 |
|
Path Traversal in path-traversal (CVE-2026-47091)
path traversal in path-traversal (CVE-2026-47091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26978 |
|
Unsafe Deserialization in CVE-2026-26978 (CVE-2026-26978)
vulnerability in CVE-2026-26978 (CVE-2026-26978). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45686 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45686)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45686). Risk of unauthorized operations or information disclosure. Exploitable via ``set``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45685 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45685)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45685). Risk of unauthorized operations or information disclosure. Exploitable via ``parseOpMessage``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45242 |
|
Vulnerability in @steipete/summarize (CVE-2026-45242)
vulnerability in @steipete/summarize (CVE-2026-45242). Data can be tampered with by attackers. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-45231 |
|
Cross-Site Scripting (XSS) in CVE-2026-45231 (CVE-2026-45231)
cross-site scripting in CVE-2026-45231 (CVE-2026-45231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45495 |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
| CVE-2026-29964 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
|