Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-47179 |
|
Path Traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179)
path traversal in github.com/getarcaneapp/arcane/backend (CVE-2026-47179). Confidential information can be exposed externally. Exploitable via `GET /api/environments/{id}/projects/{projectId}/file`. Mitigation: upgrade to `1.19.4` or later.
|
| CVE-2026-42305 |
|
Path Traversal in dulwich (CVE-2026-42305)
path traversal in dulwich (CVE-2026-42305). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-39929 |
|
Out-of-Bounds Read in dos (CVE-2026-39929)
vulnerability in dos (CVE-2026-39929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10044 |
|
Vulnerability in path-traversal (CVE-2026-10044)
vulnerability in path-traversal (CVE-2026-10044). Confidential information can be exposed externally. Exploitable via `GET /api/prompts/{filename}`.
|
| CVE-2026-46835 |
|
Vulnerability in c (CVE-2026-46835)
vulnerability in c (CVE-2026-46835). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46834 |
|
Vulnerability in c (CVE-2026-46834)
vulnerability in c (CVE-2026-46834). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46829 |
|
Vulnerability in c (CVE-2026-46829)
vulnerability in c (CVE-2026-46829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35266 |
|
Vulnerability in c (CVE-2026-35266)
vulnerability in c (CVE-2026-35266). Confidential information can be exposed externally.
|
| CVE-2026-49128 |
|
Path Traversal in path-traversal (CVE-2026-49128)
path traversal in path-traversal (CVE-2026-49128). Confidential information can be exposed externally.
|
| CVE-2026-32847 |
|
Path Traversal in path-traversal (CVE-2026-32847)
path traversal in path-traversal (CVE-2026-32847). Confidential information can be exposed externally. Exploitable via `GET /{full_path`.
|
| CVE-2026-4944 |
|
Path Traversal in CVE-2026-4944 (CVE-2026-4944)
path traversal in CVE-2026-4944 (CVE-2026-4944). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44465 |
|
OS Command Injection in zed (CVE-2026-44465)
OS command injection in zed (CVE-2026-44465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.227.1` or later.
|
| CVE-2026-6824 |
|
Cross-Site Scripting (XSS) in cisa (CVE-2026-6824)
cross-site scripting in cisa (CVE-2026-6824). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47759 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47759)
cross-site scripting in tinymce (CVE-2026-47759). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-47760 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47760)
cross-site scripting in tinymce (CVE-2026-47760). Confidential information can be exposed externally. Mitigation: upgrade to `7.1.0` or later.
|
| CVE-2026-47761 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47761)
cross-site scripting in tinymce (CVE-2026-47761). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-47762 |
|
Cross-Site Scripting (XSS) in tinymce (CVE-2026-47762)
cross-site scripting in tinymce (CVE-2026-47762). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-49237 |
|
Vulnerability in privilege-escalation (CVE-2026-49237)
vulnerability in privilege-escalation (CVE-2026-49237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49238 |
|
Path Traversal in cpp (CVE-2026-49238)
path traversal in cpp (CVE-2026-49238). Confidential information can be exposed externally.
|
| CVE-2026-9804 |
|
Vulnerability in kubevirt.io/kubevirt (CVE-2026-9804)
vulnerability in kubevirt.io/kubevirt (CVE-2026-9804). Confidential information can be exposed externally.
|
| CVE-2026-6226 |
|
Privilege Escalation in wordpress (CVE-2026-6226)
vulnerability in wordpress (CVE-2026-6226). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7797 |
|
SQL Injection in wordpress (CVE-2026-7797)
SQL injection in wordpress (CVE-2026-7797). Confidential information can be exposed externally.
|
| CVE-2026-9227 |
|
Unrestricted File Upload in wordpress (CVE-2026-9227)
vulnerability in wordpress (CVE-2026-9227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6455 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
|
| CVE-2026-7634 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7634)
cross-site scripting in wordpress (CVE-2026-7634). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7052 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7052)
cross-site scripting in wordpress (CVE-2026-7052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9009 |
|
Unrestricted File Upload in wordpress (CVE-2026-9009)
vulnerability in wordpress (CVE-2026-9009). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9795 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9795)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9795). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.4` or later.
|
| CVE-2026-2374 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
|
| CVE-2026-46402 |
|
Path Traversal in path-traversal (CVE-2026-46402)
path traversal in path-traversal (CVE-2026-46402). Data can be tampered with by attackers.
|
| CVE-2026-8361 |
|
Vulnerability in path-traversal (CVE-2026-8361)
vulnerability in path-traversal (CVE-2026-8361). Confidential information can be exposed externally.
|
| CVE-2026-44712 |
|
OS Command Injection in CVE-2026-44712 (CVE-2026-44712)
OS command injection in CVE-2026-44712 (CVE-2026-44712). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-44711 |
|
Vulnerability in CVE-2026-44711 (CVE-2026-44711)
vulnerability in CVE-2026-44711 (CVE-2026-44711). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-45108 |
|
Authorization Flaw in CVE-2026-45108 (CVE-2026-45108)
vulnerability in CVE-2026-45108 (CVE-2026-45108). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.5` or later.
|
| CVE-2026-42197 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-42197)
cross-site scripting in django (CVE-2026-42197). Confidential information can be exposed externally. Exploitable via ``ParticipationAdmin``.
|
| CVE-2026-48149 |
|
Cross-Site Scripting (XSS) in CVE-2026-48149 (CVE-2026-48149)
cross-site scripting in CVE-2026-48149 (CVE-2026-48149). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-48146 |
|
SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48146)
SSRF in @budibase/server (CVE-2026-48146). Confidential information can be exposed externally. Exploitable via ``fetchWithBlacklist``. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-44378 |
|
Vulnerability in c (CVE-2026-44378)
vulnerability in c (CVE-2026-44378). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45357 |
|
Vulnerability in liquidjs (CVE-2026-45357)
vulnerability in liquidjs (CVE-2026-45357). Risk of unauthorized operations or information disclosure. Exploitable via ``date``.
|
| CVE-2026-42083 |
|
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
|
| CVE-2026-36540 |
|
Command Injection in CVE-2026-36540 (CVE-2026-36540)
command injection in CVE-2026-36540 (CVE-2026-36540). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1718 |
|
Vulnerability in dos (CVE-2026-1718)
vulnerability in dos (CVE-2026-1718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49046 |
|
SQL Injection in sqli (CVE-2026-49046)
SQL injection in sqli (CVE-2026-49046). Confidential information can be exposed externally.
|
| CVE-2026-48922 |
|
Path Traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922)
path traversal in org.jenkins-ci.plugins:credentials-binding (CVE-2026-48922). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `725.ve52b` or later.
|
| CVE-2026-48544 |
|
Path Traversal in taipy (CVE-2026-48544)
path traversal in taipy (CVE-2026-48544). Confidential information can be exposed externally.
|
| CVE-2026-8180 |
|
Vulnerability in dos (CVE-2026-8180)
vulnerability in dos (CVE-2026-8180). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7528 |
|
Vulnerability in dos (CVE-2026-7528)
vulnerability in dos (CVE-2026-7528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42762 |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
| CVE-2026-42759 |
|
Cross-Site Scripting (XSS) in CVE-2026-42759 (CVE-2026-42759)
cross-site scripting in CVE-2026-42759 (CVE-2026-42759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42760 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
|