Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-6417 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6417)
cross-site scripting in wordpress (CVE-2026-6417). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14869 |
|
Vulnerability in gitlab (CVE-2025-14869)
vulnerability in gitlab (CVE-2025-14869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-5361 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-5361)
cross-site scripting in wordpress (CVE-2026-5361). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46445 |
|
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
|
| CVE-2026-46446 |
|
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
|
| CVE-2026-5486 |
|
SQL Injection in wordpress (CVE-2026-5486)
SQL injection in wordpress (CVE-2026-5486). Confidential information can be exposed externally.
|
| CVE-2026-8500 |
|
OS Command Injection in CVE-2026-8500 (CVE-2026-8500)
OS command injection in CVE-2026-8500 (CVE-2026-8500). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45158 |
|
Vulnerability in opnsense (CVE-2026-45158)
vulnerability in opnsense (CVE-2026-45158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
|
| CVE-2026-44440 |
|
Path Traversal in path-traversal (CVE-2026-44440)
path traversal in path-traversal (CVE-2026-44440). Confidential information can be exposed externally. Mitigation: upgrade to `15.101.1` or later.
|
| CVE-2026-44446 |
|
SQL Injection in sqli (CVE-2026-44446)
SQL injection in sqli (CVE-2026-44446). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.104.3` or later.
|
| CVE-2026-44447 |
|
SQL Injection in sqli (CVE-2026-44447)
SQL injection in sqli (CVE-2026-44447). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.0` or later.
|
| CVE-2026-44437 |
|
Path Traversal in @angular/ssr (CVE-2026-44437)
path traversal in @angular/ssr (CVE-2026-44437). Risk of unauthorized operations or information disclosure. Exploitable via ``redirectTo``. Mitigation: upgrade to `19.2.25` or later.
|
| CVE-2026-44193 |
|
Vulnerability in opnsense (CVE-2026-44193)
vulnerability in opnsense (CVE-2026-44193). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.7` or later.
|
| CVE-2026-44194 |
|
OS Command Injection in opnsense (CVE-2026-44194)
OS command injection in opnsense (CVE-2026-44194). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
|
| CVE-2026-45228 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-45228)
cross-site scripting in vue (CVE-2026-45228). Risk of unauthorized operations or information disclosure. Exploitable via `POST /update`.
|
| CVE-2026-0243 |
|
Vulnerability in dos (CVE-2026-0243)
vulnerability in dos (CVE-2026-0243). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28383 |
|
Vulnerability in grafana (CVE-2026-28383)
vulnerability in grafana (CVE-2026-28383). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2025-27852 |
|
Cross-Site Scripting (XSS) in garmin (CVE-2025-27852)
cross-site scripting in garmin (CVE-2025-27852). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21821 |
|
Vulnerability in CVE-2026-21821 (CVE-2026-21821)
vulnerability in CVE-2026-21821 (CVE-2026-21821). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45714 |
|
Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-45053 |
|
Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44377 |
|
Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44373 |
|
Path Traversal in nitro (CVE-2026-44373)
path traversal in nitro (CVE-2026-44373). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/orders/..`. Mitigation: upgrade to `3.0.260429-beta` or later.
|
| CVE-2026-44381 |
|
SQL Injection in sqli (CVE-2026-44381)
SQL injection in sqli (CVE-2026-44381). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
|
| CVE-2026-44418 |
|
SQL Injection in sqli (CVE-2026-44418)
SQL injection in sqli (CVE-2026-44418). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44376 |
|
Cross-Site Scripting (XSS) in CVE-2026-44376 (CVE-2026-44376)
cross-site scripting in CVE-2026-44376 (CVE-2026-44376). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-42561 |
|
Vulnerability in python-multipart (CVE-2026-42561)
vulnerability in python-multipart (CVE-2026-42561). Risk of unauthorized operations or information disclosure. Exploitable via ``MultipartParser``. Mitigation: upgrade to `0.0.27` or later.
|
| CVE-2026-42602 |
|
Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602)
vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602). Data can be tampered with by attackers. Exploitable via `POST /v1/traces`.
|
| CVE-2026-42304 |
|
Vulnerability in Twisted (CVE-2026-42304)
vulnerability in Twisted (CVE-2026-42304). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.4.0rc2` or later.
|
| CVE-2026-39358 |
|
SQL Injection in sqli (CVE-2026-39358)
SQL injection in sqli (CVE-2026-39358). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.6.0` or later.
|
| CVE-2026-39428 |
|
Cross-Site Scripting (XSS) in CVE-2026-39428 (CVE-2026-39428)
cross-site scripting in CVE-2026-39428 (CVE-2026-39428). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.6.0` or later.
|
| CVE-2026-44364 |
|
Cross-Site Request Forgery (CSRF) in misp-modules (CVE-2026-44364)
vulnerability in misp-modules (CVE-2026-44364). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42552 |
|
Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42551 |
|
Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42548 |
|
Cross-Site Scripting (XSS) in flightphp/core (CVE-2026-42548)
cross-site scripting in flightphp/core (CVE-2026-42548). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-22599 |
|
SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
|
| CVE-2026-8466 |
|
Vulnerability in cowboy (CVE-2026-8466)
vulnerability in cowboy (CVE-2026-8466). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.15.0` or later.
|
| CVE-2026-8496 |
|
Vulnerability in CVE-2026-8496 (CVE-2026-8496)
vulnerability in CVE-2026-8496 (CVE-2026-8496). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43970 |
|
Vulnerability in cowlib (CVE-2026-43970)
vulnerability in cowlib (CVE-2026-43970). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.16.1` or later.
|
| CVE-2026-42587 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42587)
vulnerability in io.netty:netty-codec-http (CVE-2026-42587). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpContentDecompressor``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-41255 |
|
Cross-Site Request Forgery (CSRF) in ckan (CVE-2026-41255)
vulnerability in ckan (CVE-2026-41255). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.11.5` or later.
|
| CVE-2026-22677 |
|
Path Traversal in path-traversal (CVE-2026-22677)
path traversal in path-traversal (CVE-2026-22677). Confidential information can be exposed externally.
|
| CVE-2026-0262 |
|
Vulnerability in dos (CVE-2026-0262)
vulnerability in dos (CVE-2026-0262). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0257 KEV |
|
[KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-0258 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-0258)
SSRF in ssrf (CVE-2026-0258). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0256 |
|
Cross-Site Scripting (XSS) in CVE-2026-0256 (CVE-2026-0256)
cross-site scripting in CVE-2026-0256 (CVE-2026-0256). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0251 |
|
Vulnerability in privilege-escalation (CVE-2026-0251)
vulnerability in privilege-escalation (CVE-2026-0251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0242 |
|
SQL Injection in sqli (CVE-2026-0242)
SQL injection in sqli (CVE-2026-0242). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0263 |
|
Out-of-Bounds Write in dos (CVE-2026-0263)
out-of-bounds write in dos (CVE-2026-0263). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0264 |
|
Vulnerability in dos (CVE-2026-0264)
vulnerability in dos (CVE-2026-0264). Risk of unauthorized operations or information disclosure.
|