Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-39850 |
|
Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.
|
| CVE-2026-34463 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-34463)
cross-site scripting in mantisbt/mantisbt (CVE-2026-34463). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-34390 |
|
Vulnerability in mantisbt/mantisbt (CVE-2026-34390)
vulnerability in mantisbt/mantisbt (CVE-2026-34390). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /project/{id}/users`. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-7790 |
|
Vulnerability in cowlib (CVE-2026-7790)
vulnerability in cowlib (CVE-2026-7790). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.16.1` or later.
|
| CVE-2026-45223 |
|
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
|
| CVE-2026-45224 |
|
Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution
Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution
|
| CVE-2026-43968 |
|
Vulnerability in cowlib (CVE-2026-43968)
vulnerability in cowlib (CVE-2026-43968). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.16.1` or later.
|
| CVE-2026-4891 |
|
Out-of-Bounds Read in dos (CVE-2026-4891)
vulnerability in dos (CVE-2026-4891). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4890 |
|
Vulnerability in dos (CVE-2026-4890)
vulnerability in dos (CVE-2026-4890). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45001 |
|
Vulnerability in ssrf (CVE-2026-45001)
vulnerability in ssrf (CVE-2026-45001). Data can be tampered with by attackers.
|
| CVE-2026-45000 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45000)
SSRF in ssrf (CVE-2026-45000). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44994 |
|
Vulnerability in openclaw (CVE-2026-44994)
vulnerability in openclaw (CVE-2026-44994). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36962 |
|
SQL Injection in sqli (CVE-2026-36962)
SQL injection in sqli (CVE-2026-36962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2291 |
|
Vulnerability in dos (CVE-2026-2291)
vulnerability in dos (CVE-2026-2291). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3609 |
|
Vulnerability in privilege-escalation (CVE-2026-3609)
vulnerability in privilege-escalation (CVE-2026-3609). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38568 |
|
Vulnerability in privilege-escalation (CVE-2026-38568)
vulnerability in privilege-escalation (CVE-2026-38568). Confidential information can be exposed externally.
|
| CVE-2026-38567 |
|
SQL Injection in sqli (CVE-2026-38567)
SQL injection in sqli (CVE-2026-38567). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38566 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-38566)
vulnerability in csrf (CVE-2026-38566). Confidential information can be exposed externally.
|
| CVE-2026-2393 |
|
SSRF (Server-Side Request Forgery) in mlflow (CVE-2026-2393)
SSRF in mlflow (CVE-2026-2393). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `3.9.0` or later.
|
| CVE-2026-36906 |
|
Cross-Site Scripting (XSS) in CVE-2026-36906 (CVE-2026-36906)
cross-site scripting in CVE-2026-36906 (CVE-2026-36906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38569 |
|
Cross-Site Scripting (XSS) in CVE-2026-38569 (CVE-2026-38569)
cross-site scripting in CVE-2026-38569 (CVE-2026-38569). Risk of unauthorized operations or information disclosure. Exploitable via `POST /candidates/add`.
|
| CVE-2026-31248 |
|
Vulnerability in docling (CVE-2026-31248)
vulnerability in docling (CVE-2026-31248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31252 |
|
Code Injection in deserialization (CVE-2026-31252)
code injection in deserialization (CVE-2026-31252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31249 |
|
Unsafe Deserialization in deserialization (CVE-2026-31249)
vulnerability in deserialization (CVE-2026-31249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31250 |
|
Unsafe Deserialization in deserialization (CVE-2026-31250)
vulnerability in deserialization (CVE-2026-31250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31251 |
|
Vulnerability in deserialization (CVE-2026-31251)
vulnerability in deserialization (CVE-2026-31251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31253 |
|
Code Injection in flash_attn (CVE-2026-31253)
code injection in flash_attn (CVE-2026-31253). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42859 |
|
Vulnerability in c (CVE-2026-42859)
vulnerability in c (CVE-2026-42859). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-41250 |
|
Cross-Site Scripting (XSS) in CVE-2026-41250 (CVE-2026-41250)
cross-site scripting in CVE-2026-41250 (CVE-2026-41250). Confidential information can be exposed externally. Mitigation: upgrade to `6.9.1` or later.
|
| CVE-2026-25244 |
|
OS Command Injection in @wdio/browserstack-service (CVE-2026-25244)
OS command injection in @wdio/browserstack-service (CVE-2026-25244). Successful exploitation can lead to full system takeover. Exploitable via ``source``. Mitigation: upgrade to `9.24.0` or later.
|
| CVE-2026-42843 |
|
Authorization Flaw in getgrav/grav-plugin-api (CVE-2026-42843)
vulnerability in getgrav/grav-plugin-api (CVE-2026-42843). Successful exploitation can lead to full system takeover. Exploitable via ``api.access``. Mitigation: upgrade to `1.0.0-beta.15` or later.
|
| CVE-2026-42603 |
|
Code Injection in CVE-2026-42603 (CVE-2026-42603)
code injection in CVE-2026-42603 (CVE-2026-42603). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.2` or later.
|
| CVE-2026-42842 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42842)
cross-site scripting in getgrav/grav (CVE-2026-42842). Risk of unauthorized operations or information disclosure. Exploitable via ``on_events``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-45061 |
|
SSRF (Server-Side Request Forgery) in budibase (CVE-2026-45061)
SSRF in budibase (CVE-2026-45061). Confidential information can be exposed externally. Exploitable via `POST /api/plugin`. Mitigation: upgrade to `3.35.10` or later.
|
| CVE-2026-8292 |
|
Vulnerability in c (CVE-2026-8292)
vulnerability in c (CVE-2026-8292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8291 |
|
Vulnerability in c (CVE-2026-8291)
vulnerability in c (CVE-2026-8291). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7819 |
|
Vulnerability in pgadmin4 (CVE-2026-7819)
vulnerability in pgadmin4 (CVE-2026-7819). Data can be tampered with by attackers. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7818 |
|
Unsafe Deserialization in pgadmin4 (CVE-2026-7818)
vulnerability in pgadmin4 (CVE-2026-7818). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7817 |
|
Vulnerability in pgadmin4 (CVE-2026-7817)
vulnerability in pgadmin4 (CVE-2026-7817). Confidential information can be exposed externally. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7813 |
|
Vulnerability in pgadmin4 (CVE-2026-7813)
vulnerability in pgadmin4 (CVE-2026-7813). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7815 |
|
SQL Injection in pgadmin4 (CVE-2026-7815)
SQL injection in pgadmin4 (CVE-2026-7815). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-6815 |
|
Path Traversal in github.com/casdoor/casdoor (CVE-2026-6815)
path traversal in github.com/casdoor/casdoor (CVE-2026-6815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7814 |
|
Cross-Site Scripting (XSS) in pgadmin4 (CVE-2026-7814)
cross-site scripting in pgadmin4 (CVE-2026-7814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-6093 |
|
SQL Injection in sqli (CVE-2026-6093)
SQL injection in sqli (CVE-2026-6093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42611 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42611)
cross-site scripting in getgrav/grav (CVE-2026-42611). Confidential information can be exposed externally. Exploitable via `POST /grav-log`. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42612 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42612)
cross-site scripting in getgrav/grav (CVE-2026-42612). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42609 |
|
Privilege Escalation in getgrav/grav (CVE-2026-42609)
vulnerability in getgrav/grav (CVE-2026-42609). Data can be tampered with by attackers. Exploitable via ``d904efc33``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42608 |
|
Path Traversal in getgrav/grav (CVE-2026-42608)
path traversal in getgrav/grav (CVE-2026-42608). Confidential information can be exposed externally. Exploitable via `POST /contact`. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42607 |
|
Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-3320 |
|
Cross-Site Scripting (XSS) in CVE-2026-3320 (CVE-2026-3320)
cross-site scripting in CVE-2026-3320 (CVE-2026-3320). Risk of unauthorized operations or information disclosure.
|