Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-47179 Path Traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179)
path traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179). Confidential information can be exposed externally. Exploitable via `GET /api/environments/{id}/projects/{projectId}/file`. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-42305 Path Traversal in dulwich (CVE-2026-42305)
path traversal in dulwich (CVE-2026-42305). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.2.5` or later.
CVE-2026-39929 Out-of-Bounds Read in dos (CVE-2026-39929)
vulnerability in dos (CVE-2026-39929). Risk of unauthorized operations or information disclosure.
CVE-2026-10044 Vulnerability in path-traversal (CVE-2026-10044)
vulnerability in path-traversal (CVE-2026-10044). Confidential information can be exposed externally. Exploitable via `GET /api/prompts/{filename}`.
CVE-2026-46835 Vulnerability in c (CVE-2026-46835)
vulnerability in c (CVE-2026-46835). Risk of unauthorized operations or information disclosure.
CVE-2026-46834 Vulnerability in c (CVE-2026-46834)
vulnerability in c (CVE-2026-46834). Risk of unauthorized operations or information disclosure.
CVE-2026-46829 Vulnerability in c (CVE-2026-46829)
vulnerability in c (CVE-2026-46829). Risk of unauthorized operations or information disclosure.
CVE-2026-35266 Vulnerability in c (CVE-2026-35266)
vulnerability in c (CVE-2026-35266). Confidential information can be exposed externally.
CVE-2026-49128 Path Traversal in path-traversal (CVE-2026-49128)
path traversal in path-traversal (CVE-2026-49128). Confidential information can be exposed externally.
CVE-2026-32847 Path Traversal in path-traversal (CVE-2026-32847)
path traversal in path-traversal (CVE-2026-32847). Confidential information can be exposed externally. Exploitable via `GET /{full_path`.
CVE-2026-4944 Path Traversal in CVE-2026-4944 (CVE-2026-4944)
path traversal in CVE-2026-4944 (CVE-2026-4944). Successful exploitation can lead to full system takeover.
CVE-2026-44465 OS Command Injection in zed (CVE-2026-44465)
OS command injection in zed (CVE-2026-44465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.227.1` or later.
CVE-2026-6824 Cross-Site Scripting (XSS) in cisa (CVE-2026-6824)
cross-site scripting in cisa (CVE-2026-6824). Successful exploitation can lead to full system takeover.
CVE-2026-47759 Cross-Site Scripting (XSS) in tinymce (CVE-2026-47759)
cross-site scripting in tinymce (CVE-2026-47759). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-47760 Cross-Site Scripting (XSS) in tinymce (CVE-2026-47760)
cross-site scripting in tinymce (CVE-2026-47760). Confidential information can be exposed externally. Mitigation: upgrade to `7.1.0` or later.
CVE-2026-47761 Cross-Site Scripting (XSS) in tinymce (CVE-2026-47761)
cross-site scripting in tinymce (CVE-2026-47761). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-47762 Cross-Site Scripting (XSS) in tinymce (CVE-2026-47762)
cross-site scripting in tinymce (CVE-2026-47762). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
CVE-2026-49237 Vulnerability in privilege-escalation (CVE-2026-49237)
vulnerability in privilege-escalation (CVE-2026-49237). Successful exploitation can lead to full system takeover.
CVE-2026-49238 Path Traversal in cpp (CVE-2026-49238)
path traversal in cpp (CVE-2026-49238). Confidential information can be exposed externally.
CVE-2026-9804 Vulnerability in kubevirt.io/kubevirt (CVE-2026-9804)
vulnerability in kubevirt.io/kubevirt (CVE-2026-9804). Confidential information can be exposed externally.
CVE-2026-6226 Privilege Escalation in wordpress (CVE-2026-6226)
vulnerability in wordpress (CVE-2026-6226). Successful exploitation can lead to full system takeover.
CVE-2026-7797 SQL Injection in wordpress (CVE-2026-7797)
SQL injection in wordpress (CVE-2026-7797). Confidential information can be exposed externally.
CVE-2026-9227 Unrestricted File Upload in wordpress (CVE-2026-9227)
vulnerability in wordpress (CVE-2026-9227). Successful exploitation can lead to full system takeover.
CVE-2026-6455 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
CVE-2026-7634 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7634)
cross-site scripting in wordpress (CVE-2026-7634). Risk of unauthorized operations or information disclosure.
CVE-2026-7052 Cross-Site Scripting (XSS) in wordpress (CVE-2026-7052)
cross-site scripting in wordpress (CVE-2026-7052). Risk of unauthorized operations or information disclosure.
CVE-2026-9009 Unrestricted File Upload in wordpress (CVE-2026-9009)
vulnerability in wordpress (CVE-2026-9009). Successful exploitation can lead to full system takeover.
CVE-2026-9795 Vulnerability in org.keycloak:keycloak-services (CVE-2026-9795)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9795). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.4` or later.
CVE-2026-2374 Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
CVE-2026-46402 Path Traversal in path-traversal (CVE-2026-46402)
path traversal in path-traversal (CVE-2026-46402). Data can be tampered with by attackers.
CVE-2026-8361 Vulnerability in path-traversal (CVE-2026-8361)
vulnerability in path-traversal (CVE-2026-8361). Confidential information can be exposed externally.
CVE-2026-44712 OS Command Injection in CVE-2026-44712 (CVE-2026-44712)
OS command injection in CVE-2026-44712 (CVE-2026-44712). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-44711 Vulnerability in CVE-2026-44711 (CVE-2026-44711)
vulnerability in CVE-2026-44711 (CVE-2026-44711). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-45108 Authorization Flaw in CVE-2026-45108 (CVE-2026-45108)
vulnerability in CVE-2026-45108 (CVE-2026-45108). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.5` or later.
CVE-2026-42197 Cross-Site Scripting (XSS) in django (CVE-2026-42197)
cross-site scripting in django (CVE-2026-42197). Confidential information can be exposed externally. Exploitable via ``ParticipationAdmin``.
CVE-2026-48149 Cross-Site Scripting (XSS) in CVE-2026-48149 (CVE-2026-48149)
cross-site scripting in CVE-2026-48149 (CVE-2026-48149). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48146 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48146)
SSRF in @budibase/server (CVE-2026-48146). Confidential information can be exposed externally. Exploitable via ``fetchWithBlacklist``. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-44378 Vulnerability in c (CVE-2026-44378)
vulnerability in c (CVE-2026-44378). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-45357 Vulnerability in liquidjs (CVE-2026-45357)
vulnerability in liquidjs (CVE-2026-45357). Risk of unauthorized operations or information disclosure. Exploitable via ``date``.
CVE-2026-42083 Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
CVE-2026-36540 Command Injection in CVE-2026-36540 (CVE-2026-36540)
command injection in CVE-2026-36540 (CVE-2026-36540). Risk of unauthorized operations or information disclosure.
CVE-2026-1718 Vulnerability in dos (CVE-2026-1718)
vulnerability in dos (CVE-2026-1718). Risk of unauthorized operations or information disclosure.
CVE-2026-49046 SQL Injection in sqli (CVE-2026-49046)
SQL injection in sqli (CVE-2026-49046). Confidential information can be exposed externally.
CVE-2026-48922 Path Traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922)
path traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `725.ve52b` or later.
CVE-2026-48544 Path Traversal in taipy (CVE-2026-48544)
path traversal in taipy (CVE-2026-48544). Confidential information can be exposed externally.
CVE-2026-8180 Vulnerability in dos (CVE-2026-8180)
vulnerability in dos (CVE-2026-8180). Risk of unauthorized operations or information disclosure.
CVE-2026-7528 Vulnerability in dos (CVE-2026-7528)
vulnerability in dos (CVE-2026-7528). Risk of unauthorized operations or information disclosure.
CVE-2026-42762 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
CVE-2026-42759 Cross-Site Scripting (XSS) in CVE-2026-42759 (CVE-2026-42759)
cross-site scripting in CVE-2026-42759 (CVE-2026-42759). Risk of unauthorized operations or information disclosure.
CVE-2026-42760 Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →