Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-27960 Authentication Bypass in pycti (CVE-2026-27960)
authentication bypass in pycti (CVE-2026-27960). Successful exploitation can lead to full system takeover. Exploitable via ``APP__ADMIN__EXTERNALLY_MANAGED``. Mitigation: upgrade to `6.9.13` or later.
CVE-2026-31835 Vulnerability in dos (CVE-2026-31835)
vulnerability in dos (CVE-2026-31835). Risk of unauthorized operations or information disclosure. Exploitable via ``authenticatorData``.
CVE-2026-34002 Vulnerability in dos (CVE-2026-34002)
vulnerability in dos (CVE-2026-34002). Confidential information can be exposed externally.
CVE-2026-38431 Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
CVE-2026-38432 Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
CVE-2026-23631 Use-After-Free in redis (CVE-2026-23631)
vulnerability in redis (CVE-2026-23631). Data can be tampered with by attackers.
CVE-2026-25243 Vulnerability in redis (CVE-2026-25243)
vulnerability in redis (CVE-2026-25243). Successful exploitation can lead to full system takeover.
CVE-2026-23479 Use-After-Free in redis (CVE-2026-23479)
vulnerability in redis (CVE-2026-23479). Successful exploitation can lead to full system takeover. Exploitable via ``processCommandAndResetClient``.
CVE-2026-43067 Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
CVE-2026-39103 Vulnerability in c (CVE-2026-39103)
vulnerability in c (CVE-2026-39103). Risk of unauthorized operations or information disclosure.
CVE-2026-34000 Out-of-Bounds Read in dos (CVE-2026-34000)
vulnerability in dos (CVE-2026-34000). Confidential information can be exposed externally. Exploitable via ``XkbAddGeomKeyAlias``.
CVE-2025-52206 ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
CVE-2026-42437 Vulnerability in openclaw (CVE-2026-42437)
vulnerability in openclaw (CVE-2026-42437). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.10` or later.
CVE-2026-41922 OS Command Injection in CVE-2026-41922 (CVE-2026-41922)
OS command injection in CVE-2026-41922 (CVE-2026-41922). Risk of unauthorized operations or information disclosure.
CVE-2026-42440 Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2026-42027 Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2026-29004 Vulnerability in c (CVE-2026-29004)
vulnerability in c (CVE-2026-29004). Data can be tampered with by attackers.
CVE-2026-37459 Vulnerability in dos (CVE-2026-37459)
vulnerability in dos (CVE-2026-37459). Risk of unauthorized operations or information disclosure.
CVE-2026-37461 Out-of-Bounds Read in github.com/osrg/gobgp/v4 (CVE-2026-37461)
vulnerability in github.com/osrg/gobgp/v4 (CVE-2026-37461). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.4.0` or later.
CVE-2025-70071 Vulnerability in cpp (CVE-2025-70071)
vulnerability in cpp (CVE-2025-70071). Risk of unauthorized operations or information disclosure.
CVE-2026-42796 Vulnerability in workiva (CVE-2026-42796)
vulnerability in workiva (CVE-2026-42796). Successful exploitation can lead to full system takeover.
CVE-2026-43616 Vulnerability in path-traversal (CVE-2026-43616)
vulnerability in path-traversal (CVE-2026-43616). Data can be tampered with by attackers.
CVE-2026-42091 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-42091)
vulnerability in csrf (CVE-2026-42091). Data can be tampered with by attackers.
CVE-2026-42138 Cross-Site Scripting (XSS) in langgenius (CVE-2026-42138)
cross-site scripting in langgenius (CVE-2026-42138). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/files/upload`.
CVE-2026-42087 SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.
CVE-2026-42085 Vulnerability in openc3 (CVE-2026-42085)
vulnerability in openc3 (CVE-2026-42085). Risk of unauthorized operations or information disclosure. Exploitable via ``OPENC3_LOCAL_MODE_PATH``. Mitigation: upgrade to `7.0.0-rc3` or later.
CVE-2026-42086 Cross-Site Scripting (XSS) in openc3 (CVE-2026-42086)
cross-site scripting in openc3 (CVE-2026-42086). Risk of unauthorized operations or information disclosure. Exploitable via ``convertToValue``. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-32834 Vulnerability in wordpress (CVE-2026-32834)
vulnerability in wordpress (CVE-2026-32834). Confidential information can be exposed externally.
CVE-2026-40076 Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40076)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40076). Successful exploitation can lead to full system takeover. Exploitable via `POST /openmrs/ws/rest/v1/module`.
CVE-2026-40075 Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40075)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40075). Confidential information can be exposed externally. Exploitable via ``ModuleResourcesServlet``. Mitigation: upgrade to `2.8.6` or later.
CVE-2026-42090 Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
cross-site scripting in streetwriters (CVE-2026-42090). Successful exploitation can lead to full system takeover.
CVE-2026-29514 Vulnerability in CVE-2026-29514 (CVE-2026-29514)
vulnerability in CVE-2026-29514 (CVE-2026-29514). Successful exploitation can lead to full system takeover.
CVE-2026-26956 Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
CVE-2026-24781 Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
CVE-2026-24120 Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
CVE-2026-24118 Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
CVE-2026-35527 SSRF (Server-Side Request Forgery) in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527)
SSRF in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527). Risk of unauthorized operations or information disclosure. Exploitable via ``restricted.images.servers``. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-37458 Vulnerability in dos (CVE-2026-37458)
vulnerability in dos (CVE-2026-37458). Risk of unauthorized operations or information disclosure.
CVE-2025-70069 Vulnerability in cpp (CVE-2025-70069)
vulnerability in cpp (CVE-2025-70069). Risk of unauthorized operations or information disclosure.
CVE-2025-70070 Vulnerability in cpp (CVE-2025-70070)
vulnerability in cpp (CVE-2025-70070). Risk of unauthorized operations or information disclosure.
CVE-2025-70072 Out-of-Bounds Read in cpp (CVE-2025-70072)
vulnerability in cpp (CVE-2025-70072). Risk of unauthorized operations or information disclosure.
CVE-2025-58074 Vulnerability in privilege-escalation (CVE-2025-58074)
vulnerability in privilege-escalation (CVE-2025-58074). Successful exploitation can lead to full system takeover.
CVE-2025-14320 Cross-Site Scripting (XSS) in CVE-2025-14320 (CVE-2025-14320)
cross-site scripting in CVE-2025-14320 (CVE-2025-14320). Successful exploitation can lead to full system takeover.
CVE-2026-42367 Vulnerability in c (CVE-2026-42367)
vulnerability in c (CVE-2026-42367). Confidential information can be exposed externally.
CVE-2026-42368 Vulnerability in privilege-escalation (CVE-2026-42368)
vulnerability in privilege-escalation (CVE-2026-42368). Successful exploitation can lead to full system takeover.
CVE-2026-7489 SQL Injection in sqli (CVE-2026-7489)
SQL injection in sqli (CVE-2026-7489). Successful exploitation can lead to full system takeover.
CVE-2026-37457 Out-of-Bounds Write in c (CVE-2026-37457)
out-of-bounds write in c (CVE-2026-37457). Risk of unauthorized operations or information disclosure.
CVE-2026-42468 Vulnerability in cpp (CVE-2026-42468)
vulnerability in cpp (CVE-2026-42468). Successful exploitation can lead to full system takeover.
CVE-2026-42469 Vulnerability in cpp (CVE-2026-42469)
vulnerability in cpp (CVE-2026-42469). Risk of unauthorized operations or information disclosure.
CVE-2026-37541 Vulnerability in cpp (CVE-2026-37541)
vulnerability in cpp (CVE-2026-37541). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →