Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-29965 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45230 |
|
Path Traversal in path-traversal (CVE-2026-45230)
path traversal in path-traversal (CVE-2026-45230). Data can be tampered with by attackers. Exploitable via `POST /api/delete-file`.
|
| CVE-2026-29963 |
|
Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
|
| CVE-2026-29962 |
|
Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
|
| CVE-2026-42306 |
|
Vulnerability in github.com/docker/docker (CVE-2026-42306)
vulnerability in github.com/docker/docker (CVE-2026-42306). Data can be tampered with by attackers. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
|
| CVE-2026-45727 |
|
Path Traversal in cloakbrowser (CVE-2026-45727)
path traversal in cloakbrowser (CVE-2026-45727). Risk of unauthorized operations or information disclosure. Exploitable via ``cloakserve``. Mitigation: upgrade to `0.3.28` or later.
|
| CVE-2026-45716 |
|
Privilege Escalation in @budibase/worker (CVE-2026-45716)
vulnerability in @budibase/worker (CVE-2026-45716). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/global/users/onboard`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-45327 |
|
Vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327)
vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327). Data can be tampered with by attackers. Exploitable via `POST /webrtc/source-offer`. Mitigation: upgrade to `2.5.0` or later.
|
| CVE-2026-41085 |
|
Privilege Escalation in privilege-escalation (CVE-2026-41085)
vulnerability in privilege-escalation (CVE-2026-41085). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56352 |
|
Vulnerability in dos (CVE-2025-56352)
vulnerability in dos (CVE-2025-56352). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41948 |
|
Vulnerability in path-traversal (CVE-2026-41948)
vulnerability in path-traversal (CVE-2026-41948). Confidential information can be exposed externally.
|
| CVE-2026-26462 |
|
Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45609 |
|
SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
SSRF in org.springaicommunity:mcp-client-security (CVE-2026-45609). Risk of unauthorized operations or information disclosure. Exploitable via ``McpOAuth2ClientManager``. Mitigation: upgrade to `0.1.9` or later.
|
| CVE-2026-42009 |
|
Vulnerability in dos (CVE-2026-42009)
vulnerability in dos (CVE-2026-42009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7304 |
|
Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7301 |
|
Unsafe Deserialization in sglang (CVE-2026-7301)
vulnerability in sglang (CVE-2026-7301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7302 |
|
Vulnerability in sglang (CVE-2026-7302)
vulnerability in sglang (CVE-2026-7302). Data can be tampered with by attackers.
|
| CVE-2026-4320 |
|
Vulnerability in privilege-escalation (CVE-2026-4320)
vulnerability in privilege-escalation (CVE-2026-4320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8802 |
|
Path Traversal in path-traversal (CVE-2026-8802)
path traversal in path-traversal (CVE-2026-8802). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4643 |
|
Vulnerability in dos (CVE-2026-4643)
vulnerability in dos (CVE-2026-4643). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7498 |
|
Cross-Site Scripting (XSS) in CVE-2026-7498 (CVE-2026-7498)
cross-site scripting in CVE-2026-7498 (CVE-2026-7498). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6902 |
|
Code Injection in CVE-2026-6902 (CVE-2026-6902)
code injection in CVE-2026-6902 (CVE-2026-6902). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6340 |
|
Vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-6340)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-6340). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.0-20260325191733-fb11968f8798` or later.
|
| CVE-2026-2325 |
|
Vulnerability in github.com/mattermost/mattermost-server (CVE-2026-2325)
vulnerability in github.com/mattermost/mattermost-server (CVE-2026-2325). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.4.4` or later.
|
| CVE-2026-3220 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3220)
cross-site scripting in wordpress (CVE-2026-3220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6495 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6495)
cross-site scripting in wordpress (CVE-2026-6495). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6379 |
|
SQL Injection in wordpress (CVE-2026-6379)
SQL injection in wordpress (CVE-2026-6379). Confidential information can be exposed externally.
|
| CVE-2026-8785 |
|
Vulnerability in sqli (CVE-2026-8785)
vulnerability in sqli (CVE-2026-8785). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8770 |
|
Path Traversal in path-traversal (CVE-2026-8770)
path traversal in path-traversal (CVE-2026-8770). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8771 |
|
Vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771)
vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8772 |
|
Vulnerability in sqli (CVE-2026-8772)
vulnerability in sqli (CVE-2026-8772). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8765 |
|
Path Traversal in path-traversal (CVE-2026-8765)
path traversal in path-traversal (CVE-2026-8765). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8507 |
|
Out-of-Bounds Write in CVE-2026-8507 (CVE-2026-8507)
out-of-bounds write in CVE-2026-8507 (CVE-2026-8507). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8757 |
|
Path Traversal in path-traversal (CVE-2026-8757)
path traversal in path-traversal (CVE-2026-8757). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8756 |
|
Path Traversal in path-traversal (CVE-2026-8756)
path traversal in path-traversal (CVE-2026-8756). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8755 |
|
Path Traversal in path-traversal (CVE-2026-8755)
path traversal in path-traversal (CVE-2026-8755). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8754 |
|
Path Traversal in AstrBot (CVE-2026-8754)
path traversal in AstrBot (CVE-2026-8754). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.23.6` or later.
|
| CVE-2018-25334 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2018-25334)
vulnerability in csrf (CVE-2018-25334). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25338 |
|
SQL Injection in sqli (CVE-2018-25338)
SQL injection in sqli (CVE-2018-25338). Confidential information can be exposed externally.
|
| CVE-2018-25339 |
|
SQL Injection in sqli (CVE-2018-25339)
SQL injection in sqli (CVE-2018-25339). Confidential information can be exposed externally.
|
| CVE-2018-25331 |
|
Cross-Site Scripting (XSS) in CVE-2018-25331 (CVE-2018-25331)
cross-site scripting in CVE-2018-25331 (CVE-2018-25331). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25332 |
|
Vulnerability in gitbucket (CVE-2018-25332)
vulnerability in gitbucket (CVE-2018-25332). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25326 |
|
Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
|
| CVE-2018-25330 |
|
SQL Injection in sqli (CVE-2018-25330)
SQL injection in sqli (CVE-2018-25330). Confidential information can be exposed externally.
|
| CVE-2018-25333 |
|
SQL Injection in sqli (CVE-2018-25333)
SQL injection in sqli (CVE-2018-25333). Confidential information can be exposed externally.
|
| CVE-2018-25324 |
|
Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
|
| CVE-2018-25325 |
|
Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
|
| CVE-2018-25319 |
|
SQL Injection in sqli (CVE-2018-25319)
SQL injection in sqli (CVE-2018-25319). Confidential information can be exposed externally.
|
| CVE-2026-8751 |
|
Vulnerability in deserialization (CVE-2026-8751)
vulnerability in deserialization (CVE-2026-8751). Risk of unauthorized operations or information disclosure.
|