Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-31221 |
|
Unsafe Deserialization in pytorch-lightning (CVE-2026-31221)
vulnerability in pytorch-lightning (CVE-2026-31221). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31222 |
|
Unsafe Deserialization in snorkel (CVE-2026-31222)
vulnerability in snorkel (CVE-2026-31222). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31223 |
|
Unsafe Deserialization in snorkel (CVE-2026-31223)
vulnerability in snorkel (CVE-2026-31223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31224 |
|
Unsafe Deserialization in snorkel (CVE-2026-31224)
vulnerability in snorkel (CVE-2026-31224). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31214 |
|
Unsafe Deserialization in deserialization (CVE-2026-31214)
vulnerability in deserialization (CVE-2026-31214). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31218 |
|
Unsafe Deserialization in deserialization (CVE-2026-31218)
vulnerability in deserialization (CVE-2026-31218). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31219 |
|
Unsafe Deserialization in deserialization (CVE-2026-31219)
vulnerability in deserialization (CVE-2026-31219). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31220 |
|
Code Injection in syft (CVE-2026-31220)
code injection in syft (CVE-2026-31220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31216 |
|
Vulnerability in dos (CVE-2026-31216)
vulnerability in dos (CVE-2026-31216). Data can be tampered with by attackers. Exploitable via `DELETE /storage/{object_name`.
|
| CVE-2026-31215 |
|
Vulnerability in dos (CVE-2026-31215)
vulnerability in dos (CVE-2026-31215). Data can be tampered with by attackers. Exploitable via `DELETE /{index_name}/documents`.
|
| CVE-2026-30810 |
|
SSRF (Server-Side Request Forgery) in privilege-escalation (CVE-2026-30810)
SSRF in privilege-escalation (CVE-2026-30810). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30805 |
|
Vulnerability in artica (CVE-2026-30805)
vulnerability in artica (CVE-2026-30805). Confidential information can be exposed externally.
|
| CVE-2026-42073 |
|
Cross-Site Request Forgery (CSRF) in @gitlawb/openclaude (CVE-2026-42073)
vulnerability in @gitlawb/openclaude (CVE-2026-42073). Risk of unauthorized operations or information disclosure. Exploitable via ``error``. Mitigation: upgrade to `0.5.1` or later.
|
| CVE-2026-8111 |
|
SQL Injection in sqli (CVE-2026-8111)
SQL injection in sqli (CVE-2026-8111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8051 |
|
OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42260 |
|
SSRF (Server-Side Request Forgery) in open-websearch (CVE-2026-42260)
SSRF in open-websearch (CVE-2026-42260). Confidential information can be exposed externally. Exploitable via `GET /internal`. Mitigation: upgrade to `2.1.7` or later.
|
| CVE-2026-32687 |
|
SQL Injection in postgrex (CVE-2026-32687)
SQL injection in postgrex (CVE-2026-32687). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.2` or later.
|
| CVE-2025-70842 |
|
Cross-Site Scripting (XSS) in CVE-2025-70842 (CVE-2025-70842)
cross-site scripting in CVE-2025-70842 (CVE-2025-70842). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45090 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090). Risk of unauthorized operations or information disclosure. Exploitable via ``ParameterAnalysis``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45089 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089). Data can be tampered with by attackers. Exploitable via ``output``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45088 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088). Confidential information can be exposed externally. Exploitable via ``model.Options``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45087 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087). Successful exploitation can lead to full system takeover. Exploitable via `POST /scan`. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-6865 |
|
Path Traversal in path-traversal (CVE-2026-6865)
path traversal in path-traversal (CVE-2026-6865). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45218 |
|
SQL Injection in wordpress (CVE-2026-45218)
SQL injection in wordpress (CVE-2026-45218). Confidential information can be exposed externally.
|
| CVE-2026-42741 |
|
SQL Injection in sqli (CVE-2026-42741)
SQL injection in sqli (CVE-2026-42741). Confidential information can be exposed externally.
|
| CVE-2026-42742 |
|
SQL Injection in sqli (CVE-2026-42742)
SQL injection in sqli (CVE-2026-42742). Confidential information can be exposed externally.
|
| CVE-2026-45211 |
|
SQL Injection in sqli (CVE-2026-45211)
SQL injection in sqli (CVE-2026-45211). Confidential information can be exposed externally.
|
| CVE-2026-45213 |
|
SQL Injection in sqli (CVE-2026-45213)
SQL injection in sqli (CVE-2026-45213). Confidential information can be exposed externally.
|
| CVE-2026-45214 |
|
SQL Injection in sqli (CVE-2026-45214)
SQL injection in sqli (CVE-2026-45214). Confidential information can be exposed externally.
|
| CVE-2026-2465 |
|
Authorization Flaw in privilege-escalation (CVE-2026-2465)
vulnerability in privilege-escalation (CVE-2026-2465). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8162 |
|
Vulnerability in multiparty (CVE-2026-8162)
vulnerability in multiparty (CVE-2026-8162). Risk of unauthorized operations or information disclosure. Exploitable via ``decodeURI``. Mitigation: upgrade to `4.3.0` or later.
|
| CVE-2026-8161 |
|
Vulnerability in multiparty (CVE-2026-8161)
vulnerability in multiparty (CVE-2026-8161). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `4.3.0` or later.
|
| CVE-2026-8159 |
|
Vulnerability in multiparty (CVE-2026-8159)
vulnerability in multiparty (CVE-2026-8159). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.0` or later.
|
| CVE-2026-8072 |
|
Vulnerability in privilege-escalation (CVE-2026-8072)
vulnerability in privilege-escalation (CVE-2026-8072). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6800 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6800)
cross-site scripting in wordpress (CVE-2026-6800). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6813 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6813)
cross-site scripting in wordpress (CVE-2026-6813). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5029 |
|
Vulnerability in CVE-2026-5029 (CVE-2026-5029)
vulnerability in CVE-2026-5029 (CVE-2026-5029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41125 |
|
SQL Injection in sqli (CVE-2026-41125)
SQL injection in sqli (CVE-2026-41125). Data can be tampered with by attackers.
|
| CVE-2026-41551 |
|
Vulnerability in path-traversal (CVE-2026-41551)
vulnerability in path-traversal (CVE-2026-41551). Confidential information can be exposed externally.
|
| CVE-2025-40947 |
|
OS Command Injection in siemens (CVE-2025-40947)
OS command injection in siemens (CVE-2025-40947). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6577 |
|
SQL Injection in sqli (CVE-2025-6577)
SQL injection in sqli (CVE-2025-6577). Successful exploitation can lead to full system takeover.
|
| CVE-2025-40833 |
|
Vulnerability in dos (CVE-2025-40833)
vulnerability in dos (CVE-2025-40833). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7661 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7661)
cross-site scripting in wordpress (CVE-2026-7661). Risk of unauthorized operations or information disclosure. Exploitable via ``box``.
|
| CVE-2026-6256 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6256)
cross-site scripting in wordpress (CVE-2026-6256). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6690 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6690)
cross-site scripting in wordpress (CVE-2026-6690). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_ajax_nopriv_lp_update_mds``.
|
| CVE-2026-7437 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7437)
cross-site scripting in wordpress (CVE-2026-7437). Risk of unauthorized operations or information disclosure. Exploitable via ``editpos_hidden``.
|
| CVE-2026-6808 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6808)
cross-site scripting in wordpress (CVE-2026-6808). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7464 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7464)
cross-site scripting in wordpress (CVE-2026-7464). Risk of unauthorized operations or information disclosure. Exploitable via ``page``.
|
| CVE-2026-7659 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7659)
cross-site scripting in wordpress (CVE-2026-7659). Risk of unauthorized operations or information disclosure. Exploitable via ``social``.
|
| CVE-2026-6913 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6913)
cross-site scripting in wordpress (CVE-2026-6913). Risk of unauthorized operations or information disclosure.
|