Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42302 |
|
Vulnerability in openai-sdk (CVE-2026-42302)
vulnerability in openai-sdk (CVE-2026-42302). Successful exploitation can lead to full system takeover. Exploitable via ``entrypoint.sh``.
|
| CVE-2026-42339 |
|
SSRF (Server-Side Request Forgery) in github.com/QuantumNous/new-api (CVE-2026-42339)
SSRF in github.com/QuantumNous/new-api (CVE-2026-42339). Data can be tampered with by attackers. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.9.0.5` or later.
|
| CVE-2026-44843 |
|
Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
|
| CVE-2026-44328 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44328)
vulnerability in github.com/free5gc/smf (CVE-2026-44328). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /upi/v1/upNodesLinks/{upNodeRef}`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44549 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
cross-site scripting in open-webui (CVE-2026-44549). Confidential information can be exposed externally. Exploitable via ``XLSX.utils.sheet_to_html``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44831 |
|
Cross-Site Scripting (XSS) in snipe/snipe-it (CVE-2026-44831)
cross-site scripting in snipe/snipe-it (CVE-2026-44831). Risk of unauthorized operations or information disclosure. Exploitable via ``notes``. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-42287 |
|
SQL Injection in sqli (CVE-2026-42287)
SQL injection in sqli (CVE-2026-42287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42212 |
|
Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42209 |
|
Vulnerability in dos (CVE-2026-42209)
vulnerability in dos (CVE-2026-42209). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42286 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-42286)
vulnerability in csrf (CVE-2026-42286). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42205 |
|
Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
|
| CVE-2026-42192 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-42192)
cross-site scripting in react (CVE-2026-42192). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44209 |
|
Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
|
| CVE-2026-44737 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-44737)
cross-site scripting in getgrav/grav (CVE-2026-44737). Risk of unauthorized operations or information disclosure. Exploitable via `GET /admin/pages/`. Mitigation: upgrade to `1.7.49.5` or later.
|
| CVE-2026-29203 |
|
Vulnerability in privilege-escalation (CVE-2026-29203)
vulnerability in privilege-escalation (CVE-2026-29203). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44721 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44429 |
|
Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/github-at`. Mitigation: upgrade to `1.7.7` or later.
|
| CVE-2026-41889 |
|
SQL Injection in github.com/jackc/pgx/v5 (CVE-2026-41889)
SQL injection in github.com/jackc/pgx/v5 (CVE-2026-41889). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.9.2` or later.
|
| CVE-2026-42028 |
|
Path Traversal in path-traversal (CVE-2026-42028)
path traversal in path-traversal (CVE-2026-42028). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42030 |
|
Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38360 |
|
Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44671 |
|
Vulnerability in github.com/zitadel/zitadel (CVE-2026-44671)
vulnerability in github.com/zitadel/zitadel (CVE-2026-44671). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.10` or later.
|
| CVE-2026-44212 |
|
Cross-Site Scripting (XSS) in prestashop/prestashop (CVE-2026-44212)
cross-site scripting in prestashop/prestashop (CVE-2026-44212). Confidential information can be exposed externally. Mitigation: upgrade to `9.1.1` or later.
|
| CVE-2026-43967 |
|
Vulnerability in absinthe (CVE-2026-43967)
vulnerability in absinthe (CVE-2026-43967). Risk of unauthorized operations or information disclosure. Exploitable via ``input.fragments``. Mitigation: upgrade to `1.10.2` or later.
|
| CVE-2026-42793 |
|
Vulnerability in absinthe (CVE-2026-42793)
vulnerability in absinthe (CVE-2026-42793). Risk of unauthorized operations or information disclosure. Exploitable via ``node.name``. Mitigation: upgrade to `1.10.2` or later.
|
| CVE-2026-42353 |
|
Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-42794 |
|
Cross-Site Scripting (XSS) in absinthe_plug (CVE-2026-42794)
cross-site scripting in absinthe_plug (CVE-2026-42794). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41690 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41883 |
|
Vulnerability in org.omnifaces:omnifaces (CVE-2026-41883)
vulnerability in org.omnifaces:omnifaces (CVE-2026-41883). Successful exploitation can lead to full system takeover. Exploitable via ``CDNResourceHandler``. Mitigation: upgrade to `5.2.3` or later.
|
| CVE-2026-41070 |
|
Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
|
| CVE-2026-41591 |
|
Cross-Site Scripting (XSS) in marko (CVE-2026-41591)
cross-site scripting in marko (CVE-2026-41591). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape_script``. Mitigation: upgrade to `5.38.36` or later.
|
| CVE-2026-29975 |
|
Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34354 |
|
Vulnerability in privilege-escalation (CVE-2026-34354)
vulnerability in privilege-escalation (CVE-2026-34354). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29972 |
|
Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44500 |
|
Vulnerability in zebra-network (CVE-2026-44500)
vulnerability in zebra-network (CVE-2026-44500). Risk of unauthorized operations or information disclosure. Exploitable via ``headers``. Mitigation: upgrade to `6.0.0` or later.
|
| CVE-2026-43424 |
|
Vulnerability in dos (CVE-2026-43424)
vulnerability in dos (CVE-2026-43424). Risk of unauthorized operations or information disclosure. Exploitable via ``tv_nexus``.
|
| CVE-2026-41570 |
|
Vulnerability in phpunit/phpunit (CVE-2026-41570)
vulnerability in phpunit/phpunit (CVE-2026-41570). Successful exploitation can lead to full system takeover. Exploitable via ``auto_prepend_file``. Mitigation: upgrade to `13.1.6` or later.
|
| CVE-2026-41575 |
|
Cross-Site Scripting (XSS) in th30d4y (CVE-2026-41575)
cross-site scripting in th30d4y (CVE-2026-41575). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38361 |
|
Vulnerability in dash-uploader (CVE-2026-38361)
vulnerability in dash-uploader (CVE-2026-38361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0a1` or later.
|
| CVE-2026-37431 |
|
SQL Injection in sqli (CVE-2026-37431)
SQL injection in sqli (CVE-2026-37431). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67486 |
|
Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44129 |
|
Vulnerability in CVE-2026-44129 (CVE-2026-44129)
vulnerability in CVE-2026-44129 (CVE-2026-44129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44336 |
|
Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
|
| CVE-2026-44335 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
|
| CVE-2026-44128 |
|
Vulnerability in CVE-2026-44128 (CVE-2026-44128)
vulnerability in CVE-2026-44128 (CVE-2026-44128). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44127 |
|
Vulnerability in path-traversal (CVE-2026-44127)
vulnerability in path-traversal (CVE-2026-44127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41507 |
|
Code Injection in remote (CVE-2026-41507)
code injection in remote (CVE-2026-41507). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41512 |
|
Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
|
| CVE-2026-41497 |
|
Command Injection in praison (CVE-2026-41497)
command injection in praison (CVE-2026-41497). Successful exploitation can lead to full system takeover. Exploitable via ``bash``. Mitigation: upgrade to `>= 4.6.9` or later.
|
| CVE-2026-41493 |
|
Path Traversal in yard (CVE-2026-41493)
path traversal in yard (CVE-2026-41493). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.42` or later.
|