Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-37526 Vulnerability in c (CVE-2026-37526)
vulnerability in c (CVE-2026-37526). Successful exploitation can lead to full system takeover.
CVE-2026-37530 Vulnerability in c (CVE-2026-37530)
vulnerability in c (CVE-2026-37530). Risk of unauthorized operations or information disclosure.
CVE-2026-37525 Privilege Escalation in c (CVE-2026-37525)
vulnerability in c (CVE-2026-37525). Successful exploitation can lead to full system takeover.
CVE-2026-37531 Path Traversal in c (CVE-2026-37531)
path traversal in c (CVE-2026-37531). Successful exploitation can lead to full system takeover.
CVE-2026-42480 Out-of-Bounds Read in dos (CVE-2026-42480)
vulnerability in dos (CVE-2026-42480). Risk of unauthorized operations or information disclosure.
CVE-2026-42481 Out-of-Bounds Read in dos (CVE-2026-42481)
vulnerability in dos (CVE-2026-42481). Risk of unauthorized operations or information disclosure.
CVE-2026-42475 SQL Injection in sqli (CVE-2026-42475)
SQL injection in sqli (CVE-2026-42475). Risk of unauthorized operations or information disclosure.
CVE-2026-37505 SQL Injection in sqli (CVE-2026-37505)
SQL injection in sqli (CVE-2026-37505). Confidential information can be exposed externally.
CVE-2026-37503 Cross-Site Scripting (XSS) in v2board (CVE-2026-37503)
cross-site scripting in v2board (CVE-2026-37503). Confidential information can be exposed externally.
CVE-2026-37552 Unsafe Deserialization in deserialization (CVE-2026-37552)
vulnerability in deserialization (CVE-2026-37552). Successful exploitation can lead to full system takeover.
CVE-2026-43038 Vulnerability in linux (CVE-2026-43038)
vulnerability in linux (CVE-2026-43038). Successful exploitation can lead to full system takeover.
CVE-2026-42477 Vulnerability in dos (CVE-2026-42477)
vulnerability in dos (CVE-2026-42477). Confidential information can be exposed externally.
CVE-2026-31780 In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix u8...
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix u8...
CVE-2026-31772 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix...
CVE-2026-31773 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently lab...
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently labels the stored STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH. That reflects wh...
CVE-2026-5656 Path Traversal in path-traversal (CVE-2026-5656)
path traversal in path-traversal (CVE-2026-5656). Successful exploitation can lead to full system takeover.
CVE-2026-5405 Vulnerability in dos (CVE-2026-5405)
vulnerability in dos (CVE-2026-5405). Successful exploitation can lead to full system takeover.
CVE-2026-5403 Vulnerability in dos (CVE-2026-5403)
vulnerability in dos (CVE-2026-5403). Successful exploitation can lead to full system takeover.
CVE-2026-31431 KEV [KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-1577 Vulnerability in dos (CVE-2026-1577)
vulnerability in dos (CVE-2026-1577). Risk of unauthorized operations or information disclosure.
CVE-2026-40912 Vulnerability in traefik (CVE-2026-40912)
vulnerability in traefik (CVE-2026-40912). Confidential information can be exposed externally.
CVE-2026-39858 Vulnerability in traefik (CVE-2026-39858)
vulnerability in traefik (CVE-2026-39858). Confidential information can be exposed externally.
CVE-2026-35051 Vulnerability in traefik (CVE-2026-35051)
vulnerability in traefik (CVE-2026-35051). Confidential information can be exposed externally.
CVE-2026-3340 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3340)
SSRF in ssrf (CVE-2026-3340). Risk of unauthorized operations or information disclosure.
CVE-2026-3346 SQL Injection in langflow (CVE-2026-3346)
SQL injection in langflow (CVE-2026-3346). Risk of unauthorized operations or information disclosure.
CVE-2026-33845 A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero...
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero...
CVE-2026-36960 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36960)
vulnerability in csrf (CVE-2026-36960). Successful exploitation can lead to full system takeover.
CVE-2025-14576 Vulnerability in dos (CVE-2025-14576)
vulnerability in dos (CVE-2025-14576). Successful exploitation can lead to full system takeover.
CVE-2026-36957 Vulnerability in dos (CVE-2026-36957)
vulnerability in dos (CVE-2026-36957). Risk of unauthorized operations or information disclosure.
CVE-2026-36956 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36956)
vulnerability in csrf (CVE-2026-36956). Successful exploitation can lead to full system takeover.
CVE-2026-5402 Vulnerability in dos (CVE-2026-5402)
vulnerability in dos (CVE-2026-5402). Successful exploitation can lead to full system takeover.
CVE-2026-41940 KEV [KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-44015 SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
CVE-2018-25311 Path Traversal in path-traversal (CVE-2018-25311)
path traversal in path-traversal (CVE-2018-25311). Confidential information can be exposed externally.
CVE-2026-37555 Vulnerability in dos (CVE-2026-37555)
vulnerability in dos (CVE-2026-37555). Risk of unauthorized operations or information disclosure.
CVE-2026-6849 Improper neutralization of special elements used in an OS command ('OS command injection')...
Improper neutralization of special elements used in an OS command ('OS command injection')...
CVE-2026-5166 Path Traversal in path-traversal (CVE-2026-5166)
path traversal in path-traversal (CVE-2026-5166). Successful exploitation can lead to full system takeover.
CVE-2026-42198 Vulnerability in dos (CVE-2026-42198)
vulnerability in dos (CVE-2026-42198). Risk of unauthorized operations or information disclosure.
CVE-2026-38993 Path Traversal in path-traversal (CVE-2026-38993)
path traversal in path-traversal (CVE-2026-38993). Data can be tampered with by attackers.
CVE-2026-5141 Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
CVE-2026-41952 Vulnerability in privilege-escalation (CVE-2026-41952)
vulnerability in privilege-escalation (CVE-2026-41952). Successful exploitation can lead to full system takeover.
CVE-2026-41220 Out-of-Bounds Write in privilege-escalation (CVE-2026-41220)
out-of-bounds write in privilege-escalation (CVE-2026-41220). Successful exploitation can lead to full system takeover.
CVE-2026-25852 Vulnerability in privilege-escalation (CVE-2026-25852)
vulnerability in privilege-escalation (CVE-2026-25852). Successful exploitation can lead to full system takeover.
CVE-2026-5140 Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
CVE-2026-42249 Path Traversal in path-traversal (CVE-2026-42249)
path traversal in path-traversal (CVE-2026-42249). Successful exploitation can lead to full system takeover.
CVE-2026-3325 SQL Injection in sqli (CVE-2026-3325)
SQL injection in sqli (CVE-2026-3325). Risk of unauthorized operations or information disclosure.
CVE-2026-40296 Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-40296)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-40296). Risk of unauthorized operations or information disclosure. Exploitable via ``General``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-42432 Vulnerability in openclaw (CVE-2026-42432)
vulnerability in openclaw (CVE-2026-42432). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.8` or later.
CVE-2026-42429 Privilege Escalation in openclaw (CVE-2026-42429)
vulnerability in openclaw (CVE-2026-42429). Data can be tampered with by attackers. Exploitable via ``operator.read``. Mitigation: upgrade to `2026.4.8` or later.
CVE-2026-38949 Cross-Site Scripting (XSS) in CVE-2026-38949 (CVE-2026-38949)
cross-site scripting in CVE-2026-38949 (CVE-2026-38949). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →