Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-42302 Vulnerability in openai-sdk (CVE-2026-42302)
vulnerability in openai-sdk (CVE-2026-42302). Successful exploitation can lead to full system takeover. Exploitable via ``entrypoint.sh``.
CVE-2026-42339 SSRF (Server-Side Request Forgery) in github.com/QuantumNous/new-api (CVE-2026-42339)
SSRF in github.com/QuantumNous/new-api (CVE-2026-42339). Data can be tampered with by attackers. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.9.0.5` or later.
CVE-2026-44843 Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
CVE-2026-44328 Vulnerability in github.com/free5gc/smf (CVE-2026-44328)
vulnerability in github.com/free5gc/smf (CVE-2026-44328). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /upi/v1/upNodesLinks/{upNodeRef}`. Mitigation: upgrade to `1.4.3` or later.
CVE-2026-44549 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
cross-site scripting in open-webui (CVE-2026-44549). Confidential information can be exposed externally. Exploitable via ``XLSX.utils.sheet_to_html``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-44831 Cross-Site Scripting (XSS) in snipe/snipe-it (CVE-2026-44831)
cross-site scripting in snipe/snipe-it (CVE-2026-44831). Risk of unauthorized operations or information disclosure. Exploitable via ``notes``. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-42287 SQL Injection in sqli (CVE-2026-42287)
SQL injection in sqli (CVE-2026-42287). Risk of unauthorized operations or information disclosure.
CVE-2026-42212 Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
CVE-2026-42209 Vulnerability in dos (CVE-2026-42209)
vulnerability in dos (CVE-2026-42209). Risk of unauthorized operations or information disclosure.
CVE-2026-42286 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-42286)
vulnerability in csrf (CVE-2026-42286). Risk of unauthorized operations or information disclosure.
CVE-2026-42205 Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
CVE-2026-42192 Cross-Site Scripting (XSS) in react (CVE-2026-42192)
cross-site scripting in react (CVE-2026-42192). Risk of unauthorized operations or information disclosure.
CVE-2026-44209 Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
CVE-2026-44737 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-44737)
cross-site scripting in getgrav/grav (CVE-2026-44737). Risk of unauthorized operations or information disclosure. Exploitable via `GET /admin/pages/`. Mitigation: upgrade to `1.7.49.5` or later.
CVE-2026-29203 Vulnerability in privilege-escalation (CVE-2026-29203)
vulnerability in privilege-escalation (CVE-2026-29203). Successful exploitation can lead to full system takeover.
CVE-2026-44721 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44429 Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/github-at`. Mitigation: upgrade to `1.7.7` or later.
CVE-2026-41889 SQL Injection in github.com/jackc/pgx/v5 (CVE-2026-41889)
SQL injection in github.com/jackc/pgx/v5 (CVE-2026-41889). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.9.2` or later.
CVE-2026-42028 Path Traversal in path-traversal (CVE-2026-42028)
path traversal in path-traversal (CVE-2026-42028). Risk of unauthorized operations or information disclosure.
CVE-2026-42030 Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
CVE-2026-38360 Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
CVE-2026-44671 Vulnerability in github.com/zitadel/zitadel (CVE-2026-44671)
vulnerability in github.com/zitadel/zitadel (CVE-2026-44671). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.10` or later.
CVE-2026-44212 Cross-Site Scripting (XSS) in prestashop/prestashop (CVE-2026-44212)
cross-site scripting in prestashop/prestashop (CVE-2026-44212). Confidential information can be exposed externally. Mitigation: upgrade to `9.1.1` or later.
CVE-2026-43967 Vulnerability in absinthe (CVE-2026-43967)
vulnerability in absinthe (CVE-2026-43967). Risk of unauthorized operations or information disclosure. Exploitable via ``input.fragments``. Mitigation: upgrade to `1.10.2` or later.
CVE-2026-42793 Vulnerability in absinthe (CVE-2026-42793)
vulnerability in absinthe (CVE-2026-42793). Risk of unauthorized operations or information disclosure. Exploitable via ``node.name``. Mitigation: upgrade to `1.10.2` or later.
CVE-2026-42353 Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-42794 Cross-Site Scripting (XSS) in absinthe_plug (CVE-2026-42794)
cross-site scripting in absinthe_plug (CVE-2026-42794). Risk of unauthorized operations or information disclosure.
CVE-2026-41690 Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41883 Vulnerability in org.omnifaces:omnifaces (CVE-2026-41883)
vulnerability in org.omnifaces:omnifaces (CVE-2026-41883). Successful exploitation can lead to full system takeover. Exploitable via ``CDNResourceHandler``. Mitigation: upgrade to `5.2.3` or later.
CVE-2026-41070 Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
CVE-2026-41591 Cross-Site Scripting (XSS) in marko (CVE-2026-41591)
cross-site scripting in marko (CVE-2026-41591). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape_script``. Mitigation: upgrade to `5.38.36` or later.
CVE-2026-29975 Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
CVE-2026-34354 Vulnerability in privilege-escalation (CVE-2026-34354)
vulnerability in privilege-escalation (CVE-2026-34354). Successful exploitation can lead to full system takeover.
CVE-2026-29972 Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
CVE-2026-44500 Vulnerability in zebra-network (CVE-2026-44500)
vulnerability in zebra-network (CVE-2026-44500). Risk of unauthorized operations or information disclosure. Exploitable via ``headers``. Mitigation: upgrade to `6.0.0` or later.
CVE-2026-43424 Vulnerability in dos (CVE-2026-43424)
vulnerability in dos (CVE-2026-43424). Risk of unauthorized operations or information disclosure. Exploitable via ``tv_nexus``.
CVE-2026-41570 Vulnerability in phpunit/phpunit (CVE-2026-41570)
vulnerability in phpunit/phpunit (CVE-2026-41570). Successful exploitation can lead to full system takeover. Exploitable via ``auto_prepend_file``. Mitigation: upgrade to `13.1.6` or later.
CVE-2026-41575 Cross-Site Scripting (XSS) in th30d4y (CVE-2026-41575)
cross-site scripting in th30d4y (CVE-2026-41575). Risk of unauthorized operations or information disclosure.
CVE-2026-38361 Vulnerability in dash-uploader (CVE-2026-38361)
vulnerability in dash-uploader (CVE-2026-38361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0a1` or later.
CVE-2026-37431 SQL Injection in sqli (CVE-2026-37431)
SQL injection in sqli (CVE-2026-37431). Successful exploitation can lead to full system takeover.
CVE-2025-67486 Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
CVE-2026-44129 Vulnerability in CVE-2026-44129 (CVE-2026-44129)
vulnerability in CVE-2026-44129 (CVE-2026-44129). Risk of unauthorized operations or information disclosure.
CVE-2026-44336 Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
CVE-2026-44335 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
CVE-2026-44128 Vulnerability in CVE-2026-44128 (CVE-2026-44128)
vulnerability in CVE-2026-44128 (CVE-2026-44128). Risk of unauthorized operations or information disclosure.
CVE-2026-44127 Vulnerability in path-traversal (CVE-2026-44127)
vulnerability in path-traversal (CVE-2026-44127). Risk of unauthorized operations or information disclosure.
CVE-2026-41507 Code Injection in remote (CVE-2026-41507)
code injection in remote (CVE-2026-41507). Successful exploitation can lead to full system takeover.
CVE-2026-41512 Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
CVE-2026-41497 Command Injection in praison (CVE-2026-41497)
command injection in praison (CVE-2026-41497). Successful exploitation can lead to full system takeover. Exploitable via ``bash``. Mitigation: upgrade to `>= 4.6.9` or later.
CVE-2026-41493 Path Traversal in yard (CVE-2026-41493)
path traversal in yard (CVE-2026-41493). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.42` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →