Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41311 |
|
Vulnerability in dos (CVE-2026-41311)
vulnerability in dos (CVE-2026-41311). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42205 |
|
Vulnerability in rails (CVE-2026-42205)
vulnerability in rails (CVE-2026-42205). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29203 |
|
Vulnerability in privilege-escalation (CVE-2026-29203)
vulnerability in privilege-escalation (CVE-2026-29203). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42353 |
|
Path Traversal in express (CVE-2026-42353)
path traversal in express (CVE-2026-42353). Confidential information can be exposed externally.
|
| CVE-2026-41883 |
|
Vulnerability in CVE-2026-41883 (CVE-2026-41883)
vulnerability in CVE-2026-41883 (CVE-2026-41883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41690 |
|
Path Traversal in express (CVE-2026-41690)
path traversal in express (CVE-2026-41690). Data can be tampered with by attackers.
|
| CVE-2026-29975 |
|
Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34354 |
|
Vulnerability in privilege-escalation (CVE-2026-34354)
vulnerability in privilege-escalation (CVE-2026-34354). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29972 |
|
Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41570 |
|
Vulnerability in phpunit-project (CVE-2026-41570)
vulnerability in phpunit-project (CVE-2026-41570). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41491 |
|
Path Traversal in path-traversal (CVE-2026-41491)
path traversal in path-traversal (CVE-2026-41491). Confidential information can be exposed externally.
|
| CVE-2022-50994 |
|
OS Command Injection in CVE-2022-50994 (CVE-2022-50994)
OS command injection in CVE-2022-50994 (CVE-2022-50994). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7330 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5127 |
|
Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4935 |
|
SQL Injection in wordpress (CVE-2026-4935)
SQL injection in wordpress (CVE-2026-4935). Confidential information can be exposed externally.
|
| CVE-2024-53326 |
|
Unsafe Deserialization in deserialization (CVE-2024-53326)
vulnerability in deserialization (CVE-2024-53326). Successful exploitation can lead to full system takeover.
|
| CVE-2024-27686 |
|
Vulnerability in dos (CVE-2024-27686)
vulnerability in dos (CVE-2024-27686). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-33288 |
|
SQL Injection in sqli (CVE-2024-33288)
SQL injection in sqli (CVE-2024-33288). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26522 |
|
Vulnerability in dos (CVE-2022-26522)
vulnerability in dos (CVE-2022-26522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8133 |
|
Vulnerability in sqli (CVE-2026-8133)
vulnerability in sqli (CVE-2026-8133). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8132 |
|
Vulnerability in sqli (CVE-2026-8132)
vulnerability in sqli (CVE-2026-8132). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8129 |
|
Vulnerability in sqli (CVE-2026-8129)
vulnerability in sqli (CVE-2026-8129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8130 |
|
Vulnerability in sqli (CVE-2026-8130)
vulnerability in sqli (CVE-2026-8130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8131 |
|
Vulnerability in sqli (CVE-2026-8131)
vulnerability in sqli (CVE-2026-8131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43943 |
|
OS Command Injection in electerm (CVE-2026-43943)
OS command injection in electerm (CVE-2026-43943). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.9` or later.
|
| CVE-2026-43940 |
|
Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
|
| CVE-2026-42275 |
|
Path Traversal in path-traversal (CVE-2026-42275)
path traversal in path-traversal (CVE-2026-42275). Confidential information can be exposed externally.
|
| CVE-2026-42261 |
|
Vulnerability in ssrf (CVE-2026-42261)
vulnerability in ssrf (CVE-2026-42261). Confidential information can be exposed externally. Exploitable via `POST /api/skills/fetch-remote`.
|
| CVE-2026-41900 |
|
OS Command Injection in CVE-2026-41900 (CVE-2026-41900)
OS command injection in CVE-2026-41900 (CVE-2026-41900). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8126 |
|
Vulnerability in sqli (CVE-2026-8126)
vulnerability in sqli (CVE-2026-8126). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8128 |
|
Vulnerability in sqli (CVE-2026-8128)
vulnerability in sqli (CVE-2026-8128). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41105 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41105)
SSRF in ssrf (CVE-2026-41105). Confidential information can be exposed externally.
|
| CVE-2026-32207 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)
cross-site scripting in microsoft (CVE-2026-32207). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42449 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42449)
SSRF in ssrf (CVE-2026-42449). Confidential information can be exposed externally.
|
| CVE-2026-42499 |
|
Vulnerability in dos (CVE-2026-42499)
vulnerability in dos (CVE-2026-42499). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-43206 |
|
Vulnerability in privilege-escalation (CVE-2026-43206)
vulnerability in privilege-escalation (CVE-2026-43206). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0300 KEV |
|
[KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-39383 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383). Confidential information can be exposed externally. Exploitable via ``FilterDeadline``. Mitigation: upgrade to `8.31.0` or later.
|
| CVE-2026-35397 |
|
Path Traversal in jupyter-server (CVE-2026-35397)
path traversal in jupyter-server (CVE-2026-35397). Confidential information can be exposed externally. Exploitable via ``root_dir``. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-33190 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-33190)
authentication bypass in github.com/coredns/coredns (CVE-2026-33190). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33324 |
|
SQL Injection in fit2cloud (CVE-2026-33324)
SQL injection in fit2cloud (CVE-2026-33324). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32936 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32936)
vulnerability in github.com/coredns/coredns (CVE-2026-32936). Risk of unauthorized operations or information disclosure. Exploitable via ``dns``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-32934 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32934)
vulnerability in github.com/coredns/coredns (CVE-2026-32934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-31431 KEV |
|
[KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41940 KEV |
|
[KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-1708 KEV |
|
[KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-29635 KEV |
|
[KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57726 KEV |
|
[KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57728 KEV |
|
[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|