Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-37531 |
|
Path Traversal in c (CVE-2026-37531)
path traversal in c (CVE-2026-37531). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42480 |
|
Out-of-Bounds Read in dos (CVE-2026-42480)
vulnerability in dos (CVE-2026-42480). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42481 |
|
Out-of-Bounds Read in dos (CVE-2026-42481)
vulnerability in dos (CVE-2026-42481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42475 |
|
SQL Injection in sqli (CVE-2026-42475)
SQL injection in sqli (CVE-2026-42475). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37505 |
|
SQL Injection in sqli (CVE-2026-37505)
SQL injection in sqli (CVE-2026-37505). Confidential information can be exposed externally.
|
| CVE-2026-37503 |
|
Cross-Site Scripting (XSS) in v2board (CVE-2026-37503)
cross-site scripting in v2board (CVE-2026-37503). Confidential information can be exposed externally.
|
| CVE-2026-37552 |
|
Unsafe Deserialization in deserialization (CVE-2026-37552)
vulnerability in deserialization (CVE-2026-37552). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43038 |
|
Vulnerability in linux (CVE-2026-43038)
vulnerability in linux (CVE-2026-43038). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42477 |
|
Vulnerability in dos (CVE-2026-42477)
vulnerability in dos (CVE-2026-42477). Confidential information can be exposed externally.
|
| CVE-2026-31780 |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix u8...
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix u8...
|
| CVE-2026-31772 |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: fix...
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_sync: fix...
|
| CVE-2026-31773 |
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SMP: derive legacy responder STK authentication from MITM state
The legacy responder path in smp_random() currently lab...
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: SMP: derive legacy responder STK authentication from MITM state
The legacy responder path in smp_random() currently labels the stored
STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH.
That reflects wh...
|
| CVE-2026-5656 |
|
Path Traversal in path-traversal (CVE-2026-5656)
path traversal in path-traversal (CVE-2026-5656). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5405 |
|
Vulnerability in dos (CVE-2026-5405)
vulnerability in dos (CVE-2026-5405). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5403 |
|
Vulnerability in dos (CVE-2026-5403)
vulnerability in dos (CVE-2026-5403). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31431 KEV |
|
[KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1577 |
|
Vulnerability in dos (CVE-2026-1577)
vulnerability in dos (CVE-2026-1577). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40912 |
|
Vulnerability in traefik (CVE-2026-40912)
vulnerability in traefik (CVE-2026-40912). Confidential information can be exposed externally.
|
| CVE-2026-39858 |
|
Vulnerability in traefik (CVE-2026-39858)
vulnerability in traefik (CVE-2026-39858). Confidential information can be exposed externally.
|
| CVE-2026-35051 |
|
Vulnerability in traefik (CVE-2026-35051)
vulnerability in traefik (CVE-2026-35051). Confidential information can be exposed externally.
|
| CVE-2026-3340 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3340)
SSRF in ssrf (CVE-2026-3340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3346 |
|
SQL Injection in langflow (CVE-2026-3346)
SQL injection in langflow (CVE-2026-3346). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33845 |
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero...
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero...
|
| CVE-2026-36960 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36960)
vulnerability in csrf (CVE-2026-36960). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14576 |
|
Vulnerability in dos (CVE-2025-14576)
vulnerability in dos (CVE-2025-14576). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36957 |
|
Vulnerability in dos (CVE-2026-36957)
vulnerability in dos (CVE-2026-36957). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36956 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36956)
vulnerability in csrf (CVE-2026-36956). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5402 |
|
Vulnerability in dos (CVE-2026-5402)
vulnerability in dos (CVE-2026-5402). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41940 KEV |
|
[KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-44015 |
|
SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
|
| CVE-2018-25311 |
|
Path Traversal in path-traversal (CVE-2018-25311)
path traversal in path-traversal (CVE-2018-25311). Confidential information can be exposed externally.
|
| CVE-2026-37555 |
|
Vulnerability in dos (CVE-2026-37555)
vulnerability in dos (CVE-2026-37555). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6849 |
|
Improper neutralization of special elements used in an OS command ('OS command injection')...
Improper neutralization of special elements used in an OS command ('OS command injection')...
|
| CVE-2026-5166 |
|
Path Traversal in path-traversal (CVE-2026-5166)
path traversal in path-traversal (CVE-2026-5166). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42198 |
|
Vulnerability in dos (CVE-2026-42198)
vulnerability in dos (CVE-2026-42198). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38993 |
|
Path Traversal in path-traversal (CVE-2026-38993)
path traversal in path-traversal (CVE-2026-38993). Data can be tampered with by attackers.
|
| CVE-2026-5141 |
|
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
|
| CVE-2026-41952 |
|
Vulnerability in privilege-escalation (CVE-2026-41952)
vulnerability in privilege-escalation (CVE-2026-41952). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41220 |
|
Out-of-Bounds Write in privilege-escalation (CVE-2026-41220)
out-of-bounds write in privilege-escalation (CVE-2026-41220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25852 |
|
Vulnerability in privilege-escalation (CVE-2026-25852)
vulnerability in privilege-escalation (CVE-2026-25852). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5140 |
|
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
|
| CVE-2026-42249 |
|
Path Traversal in path-traversal (CVE-2026-42249)
path traversal in path-traversal (CVE-2026-42249). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3325 |
|
SQL Injection in sqli (CVE-2026-3325)
SQL injection in sqli (CVE-2026-3325). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40296 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-40296)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-40296). Risk of unauthorized operations or information disclosure. Exploitable via ``General``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-42432 |
|
Vulnerability in openclaw (CVE-2026-42432)
vulnerability in openclaw (CVE-2026-42432). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.8` or later.
|
| CVE-2026-42429 |
|
Privilege Escalation in openclaw (CVE-2026-42429)
vulnerability in openclaw (CVE-2026-42429). Data can be tampered with by attackers. Exploitable via ``operator.read``. Mitigation: upgrade to `2026.4.8` or later.
|
| CVE-2026-38949 |
|
Cross-Site Scripting (XSS) in CVE-2026-38949 (CVE-2026-38949)
cross-site scripting in CVE-2026-38949 (CVE-2026-38949). Confidential information can be exposed externally.
|
| CVE-2026-38651 |
|
Vulnerability in netmaker (CVE-2026-38651)
vulnerability in netmaker (CVE-2026-38651). Confidential information can be exposed externally.
|
| CVE-2025-60889 |
|
Unsafe Deserialization in deserialization (CVE-2025-60889)
vulnerability in deserialization (CVE-2025-60889). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60887 |
|
Unsafe Deserialization in deserialization (CVE-2025-60887)
vulnerability in deserialization (CVE-2025-60887). Risk of unauthorized operations or information disclosure.
|