Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-8225 Vulnerability in c (CVE-2026-8225)
vulnerability in c (CVE-2026-8225). Risk of unauthorized operations or information disclosure.
CVE-2026-6722 Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-7262 Vulnerability in libphp (CVE-2026-7262)
vulnerability in libphp (CVE-2026-7262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-7259 Vulnerability in libphp (CVE-2026-7259)
vulnerability in libphp (CVE-2026-7259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-7258 Out-of-Bounds Read in libphp (CVE-2026-7258)
vulnerability in libphp (CVE-2026-7258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-6735 Cross-Site Scripting (XSS) in libphp (CVE-2026-6735)
cross-site scripting in libphp (CVE-2026-6735). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2025-14179 SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-8223 Vulnerability in dos (CVE-2026-8223)
vulnerability in dos (CVE-2026-8223). Risk of unauthorized operations or information disclosure.
CVE-2026-8222 Vulnerability in c (CVE-2026-8222)
vulnerability in c (CVE-2026-8222). Risk of unauthorized operations or information disclosure.
CVE-2026-8224 Vulnerability in c (CVE-2026-8224)
vulnerability in c (CVE-2026-8224). Risk of unauthorized operations or information disclosure.
CVE-2026-8219 Cross-Site Scripting (XSS) in CVE-2026-8219 (CVE-2026-8219)
cross-site scripting in CVE-2026-8219 (CVE-2026-8219). Risk of unauthorized operations or information disclosure.
CVE-2026-8218 Cross-Site Scripting (XSS) in CVE-2026-8218 (CVE-2026-8218)
cross-site scripting in CVE-2026-8218 (CVE-2026-8218). Risk of unauthorized operations or information disclosure.
CVE-2026-8221 Cross-Site Scripting (XSS) in CVE-2026-8221 (CVE-2026-8221)
cross-site scripting in CVE-2026-8221 (CVE-2026-8221). Risk of unauthorized operations or information disclosure.
CVE-2026-8220 Cross-Site Scripting (XSS) in CVE-2026-8220 (CVE-2026-8220)
cross-site scripting in CVE-2026-8220 (CVE-2026-8220). Risk of unauthorized operations or information disclosure.
CVE-2026-8215 Path Traversal in path-traversal (CVE-2026-8215)
path traversal in path-traversal (CVE-2026-8215). Risk of unauthorized operations or information disclosure.
CVE-2026-8195 Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)
cross-site scripting in CVE-2026-8195 (CVE-2026-8195). Risk of unauthorized operations or information disclosure.
CVE-2026-42605 Path Traversal in azuracast/azuracast (CVE-2026-42605)
path traversal in azuracast/azuracast (CVE-2026-42605). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/station/{station_id}/files/upload`. Mitigation: upgrade to `0.23.6` or later.
CVE-2026-42601 Vulnerability in archivebox (CVE-2026-42601)
vulnerability in archivebox (CVE-2026-42601). Successful exploitation can lead to full system takeover.
CVE-2026-42571 Authorization Flaw in github.com/pelicanplatform/pelican (CVE-2026-42571)
vulnerability in github.com/pelicanplatform/pelican (CVE-2026-42571). Risk of unauthorized operations or information disclosure. Exploitable via ``Issuer.GroupSource``. Mitigation: upgrade to `0.0.0-20260408120501-7f73b9c3e677` or later.
CVE-2026-42245 Vulnerability in net-imap (CVE-2026-42245)
vulnerability in net-imap (CVE-2026-42245). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseReader``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-20108 Cross-Site Scripting (XSS) in Cisco catalyst-sd-wan-manager (CVE-2026-20108)
cross-site scripting in Cisco catalyst-sd-wan-manager (CVE-2026-20108). Risk of unauthorized operations or information disclosure.
CVE-2026-20180 Path Traversal in Cisco dos (CVE-2026-20180)
path traversal in Cisco dos (CVE-2026-20180). Successful exploitation can lead to full system takeover.
CVE-2026-20147 Command Injection in Cisco dos (CVE-2026-20147)
command injection in Cisco dos (CVE-2026-20147). Successful exploitation can lead to full system takeover.
CVE-2026-20188 Vulnerability in Cisco dos (CVE-2026-20188)
vulnerability in Cisco dos (CVE-2026-20188). Risk of unauthorized operations or information disclosure.
CVE-2026-20132 Cross-Site Scripting (XSS) in Cisco identity-services-engine (CVE-2026-20132)
cross-site scripting in Cisco identity-services-engine (CVE-2026-20132). Risk of unauthorized operations or information disclosure.
CVE-2026-20170 Vulnerability in Cisco webex-contact-center (CVE-2026-20170)
vulnerability in Cisco webex-contact-center (CVE-2026-20170). Risk of unauthorized operations or information disclosure.
CVE-2026-20167 Vulnerability in Cisco dos (CVE-2026-20167)
vulnerability in Cisco dos (CVE-2026-20167). Risk of unauthorized operations or information disclosure.
CVE-2025-65856 Vulnerability in cisa (CVE-2025-65856)
vulnerability in cisa (CVE-2025-65856). Successful exploitation can lead to full system takeover.
CVE-2025-13777 Vulnerability in cisa (CVE-2025-13777)
vulnerability in cisa (CVE-2025-13777). Confidential information can be exposed externally.
CVE-2026-6074 Vulnerability in cisa (CVE-2026-6074)
vulnerability in cisa (CVE-2026-6074). Successful exploitation can lead to full system takeover.
CVE-2026-20074 Vulnerability in Cisco dos (CVE-2026-20074)
vulnerability in Cisco dos (CVE-2026-20074). Risk of unauthorized operations or information disclosure.
CVE-2026-8198 Information Disclosure in wordpress (CVE-2026-8198)
vulnerability in wordpress (CVE-2026-8198). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
CVE-2026-8209 Vulnerability in path-traversal (CVE-2026-8209)
vulnerability in path-traversal (CVE-2026-8209). Risk of unauthorized operations or information disclosure.
CVE-2026-8208 Vulnerability in CVE-2026-8208 (CVE-2026-8208)
vulnerability in CVE-2026-8208 (CVE-2026-8208). Risk of unauthorized operations or information disclosure.
CVE-2026-42294 Vulnerability in argo-workflows (CVE-2026-42294)
vulnerability in argo-workflows (CVE-2026-42294). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/events/some-namespace`. Mitigation: upgrade to `3.7.14, 4.0.5` or later.
CVE-2026-42183 Vulnerability in argo-workflows (CVE-2026-42183)
vulnerability in argo-workflows (CVE-2026-42183). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/workflows/target-ns`. Mitigation: upgrade to `4.0.5` or later.
CVE-2026-41311 Vulnerability in liquidjs (CVE-2026-41311)
vulnerability in liquidjs (CVE-2026-41311). Risk of unauthorized operations or information disclosure. Exploitable via ``getBlockRender``. Mitigation: upgrade to `10.25.7` or later.
CVE-2026-8207 SQL Injection in sqli (CVE-2026-8207)
SQL injection in sqli (CVE-2026-8207). Risk of unauthorized operations or information disclosure.
CVE-2026-44966 Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-44788 Path Traversal in SharpCompress (CVE-2026-44788)
path traversal in SharpCompress (CVE-2026-44788). Data can be tampered with by attackers. Exploitable via ``WriteToDirectoryInternal``.
CVE-2026-44896 Cross-Site Scripting (XSS) in mistune (CVE-2026-44896)
cross-site scripting in mistune (CVE-2026-44896). Risk of unauthorized operations or information disclosure. Exploitable via ``figclass``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-42454 OS Command Injection in docker (CVE-2026-42454)
OS command injection in docker (CVE-2026-42454). Successful exploitation can lead to full system takeover. Exploitable via `GET /docker/containers/`.
CVE-2026-44286 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44286)
SSRF in ssrf (CVE-2026-44286). Risk of unauthorized operations or information disclosure.
CVE-2026-44284 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44284)
SSRF in ssrf (CVE-2026-44284). Risk of unauthorized operations or information disclosure.
CVE-2026-42354 Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
CVE-2026-42451 Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
CVE-2026-42343 Vulnerability in dos (CVE-2026-42343)
vulnerability in dos (CVE-2026-42343). Risk of unauthorized operations or information disclosure.
CVE-2026-42346 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42346)
SSRF in ssrf (CVE-2026-42346). Confidential information can be exposed externally.
CVE-2026-42298 Code Injection in docker (CVE-2026-42298)
code injection in docker (CVE-2026-42298). Successful exploitation can lead to full system takeover. Exploitable via ``GITHUB_TOKEN``. Mitigation: upgrade to `>= 0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →