Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54274 |
|
Vulnerability in aiohttp (CVE-2026-54274)
vulnerability in aiohttp (CVE-2026-54274). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54280 |
|
Vulnerability in aiohttp (CVE-2026-54280)
vulnerability in aiohttp (CVE-2026-54280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54273 |
|
Vulnerability in aiohttp (CVE-2026-54273)
vulnerability in aiohttp (CVE-2026-54273). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54277 |
|
Vulnerability in aiohttp (CVE-2026-54277)
vulnerability in aiohttp (CVE-2026-54277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54276 |
|
Information Disclosure in aiohttp (CVE-2026-54276)
vulnerability in aiohttp (CVE-2026-54276). Risk of unauthorized operations or information disclosure. Exploitable via ``DigestAuthMiddleware``. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54279 |
|
Vulnerability in aiohttp (CVE-2026-54279)
vulnerability in aiohttp (CVE-2026-54279). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-50269 |
|
Vulnerability in aiohttp (CVE-2026-50269)
vulnerability in aiohttp (CVE-2026-50269). Risk of unauthorized operations or information disclosure. Exploitable via ``Payload.headers``. Mitigation: upgrade to `3.14.0` or later.
|
| CVE-2026-53663 |
|
Cross-Site Request Forgery (CSRF) in react-router (CVE-2026-53663)
vulnerability in react-router (CVE-2026-53663). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.1` or later.
|
| CVE-2026-11931 |
|
Vulnerability in Amazon aws (CVE-2026-11931)
vulnerability in Amazon aws (CVE-2026-11931). Confidential information can be exposed externally.
|
| CVE-2026-6045 |
|
Vulnerability in CVE-2026-6045 (CVE-2026-6045)
vulnerability in CVE-2026-6045 (CVE-2026-6045). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6047 |
|
Out-of-Bounds Write in CVE-2026-6047 (CVE-2026-6047)
out-of-bounds write in CVE-2026-6047 (CVE-2026-6047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8356 |
|
Vulnerability in CVE-2026-8356 (CVE-2026-8356)
vulnerability in CVE-2026-8356 (CVE-2026-8356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8357 |
|
Vulnerability in CVE-2026-8357 (CVE-2026-8357)
vulnerability in CVE-2026-8357 (CVE-2026-8357). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8358 |
|
Out-of-Bounds Write in CVE-2026-8358 (CVE-2026-8358)
out-of-bounds write in CVE-2026-8358 (CVE-2026-8358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6039 |
|
Vulnerability in CVE-2026-6039 (CVE-2026-6039)
vulnerability in CVE-2026-6039 (CVE-2026-6039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6040 |
|
Use-After-Free in CVE-2026-6040 (CVE-2026-6040)
vulnerability in CVE-2026-6040 (CVE-2026-6040). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49294 |
|
Cross-Site Scripting (XSS) in CVE-2026-49294 (CVE-2026-49294)
cross-site scripting in CVE-2026-49294 (CVE-2026-49294). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47777 |
|
Vulnerability in CVE-2026-47777 (CVE-2026-47777)
vulnerability in CVE-2026-47777 (CVE-2026-47777). Data can be tampered with by attackers.
|
| CVE-2026-54269 |
|
Vulnerability in protobufjs (CVE-2026-54269)
vulnerability in protobufjs (CVE-2026-54269). Risk of unauthorized operations or information disclosure. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `8.6.0` or later.
|
| CVE-2026-54264 |
|
Information Disclosure in @angular/service-worker (CVE-2026-54264)
vulnerability in @angular/service-worker (CVE-2026-54264). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``.
|
| CVE-2026-54268 |
|
Vulnerability in @angular/common (CVE-2026-54268)
vulnerability in @angular/common (CVE-2026-54268). Risk of unauthorized operations or information disclosure. Exploitable via ``formatDate``.
|
| CVE-2026-54265 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-54265)
cross-site scripting in @angular/compiler (CVE-2026-54265). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``.
|
| CVE-2026-50557 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-50557)
cross-site scripting in @angular/core (CVE-2026-50557). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50556 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50556)
cross-site scripting in @angular/platform-server (CVE-2026-50556). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-50555 |
|
Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
|
| CVE-2026-53655 |
|
Vulnerability in tar (CVE-2026-53655)
vulnerability in tar (CVE-2026-53655). Data can be tampered with by attackers. Exploitable via ``tar``. Mitigation: upgrade to `7.5.16` or later.
|
| CVE-2026-53632 |
|
Vulnerability in launch-editor (CVE-2026-53632)
vulnerability in launch-editor (CVE-2026-53632). Risk of unauthorized operations or information disclosure. Exploitable via ``smbserver.py``. Mitigation: upgrade to `2.14.1` or later.
|
| CVE-2026-53571 |
|
Path Traversal in vite (CVE-2026-53571)
path traversal in vite (CVE-2026-53571). Confidential information can be exposed externally. Exploitable via ``server.fs.deny``. Mitigation: upgrade to `6.4.3` or later.
|
| CVE-2026-49356 |
|
Path Traversal in @babel/core (CVE-2026-49356)
path traversal in @babel/core (CVE-2026-49356). Risk of unauthorized operations or information disclosure. Exploitable via ``inputSourceMap``. Mitigation: upgrade to `7.29.6` or later.
|
| CVE-2026-50184 |
|
Information Disclosure in @angular/service-worker (CVE-2026-50184)
vulnerability in @angular/service-worker (CVE-2026-50184). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
|
| CVE-2026-20262 KEV |
|
[KEV] Path Traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262)
path traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
|
| CVE-2026-50171 |
|
Vulnerability in @angular/common (CVE-2026-50171)
vulnerability in @angular/common (CVE-2026-50171). Risk of unauthorized operations or information disclosure. Exploitable via ``formatNumber``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-50170 |
|
Vulnerability in @angular/common (CVE-2026-50170)
vulnerability in @angular/common (CVE-2026-50170). Confidential information can be exposed externally. Exploitable via ``HttpTransferCache``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-52725 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-52725)
cross-site scripting in @angular/core (CVE-2026-52725). Risk of unauthorized operations or information disclosure. Exploitable via ``createComponent``. Mitigation: upgrade to `20.3.22` or later.
|
| CVE-2026-50169 |
|
Information Disclosure in @angular/service-worker (CVE-2026-50169)
vulnerability in @angular/service-worker (CVE-2026-50169). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-50168 |
|
Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-48779 |
|
Vulnerability in ws (CVE-2026-48779)
vulnerability in ws (CVE-2026-48779). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayload``. Mitigation: upgrade to `8.21.0` or later.
|
| CVE-2026-9595 |
|
Vulnerability in webpack-dev-server (CVE-2026-9595)
vulnerability in webpack-dev-server (CVE-2026-9595). Risk of unauthorized operations or information disclosure. Exploitable via ``Origin``. Mitigation: upgrade to `5.2.5` or later.
|
| CVE-2026-9863 |
|
OS Command Injection in forta (CVE-2026-9863)
OS command injection in forta (CVE-2026-9863). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9862 |
|
OS Command Injection in forta (CVE-2026-9862)
OS command injection in forta (CVE-2026-9862). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8683 |
|
Vulnerability in mattermost (CVE-2026-8683)
vulnerability in mattermost (CVE-2026-8683). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5038 |
|
Vulnerability in multer (CVE-2026-5038)
vulnerability in multer (CVE-2026-5038). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha.2` or later.
|
| CVE-2026-10634 |
|
Use-After-Free in c (CVE-2026-10634)
vulnerability in c (CVE-2026-10634). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15659 |
|
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
Contributor Cross Site Scripting (XSS) in Elizaibots <= 1.0.2 versions.
|
| CVE-2025-15658 |
|
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
Administrator Cross Site Scripting (XSS) in WP Emmet <= 0.3.4 versions.
|
| CVE-2026-54267 |
|
Cross-Site Scripting (XSS) in @angular/core (CVE-2026-54267)
cross-site scripting in @angular/core (CVE-2026-54267). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpClient``.
|
| CVE-2026-6517 |
|
Vulnerability in mattermost (CVE-2026-6517)
vulnerability in mattermost (CVE-2026-6517). Confidential information can be exposed externally.
|
| CVE-2026-5230 |
|
Vulnerability in CVE-2026-5230 (CVE-2026-5230)
vulnerability in CVE-2026-5230 (CVE-2026-5230). Confidential information can be exposed externally.
|
| CVE-2026-5079 |
|
Vulnerability in multer (CVE-2026-5079)
vulnerability in multer (CVE-2026-5079). Risk of unauthorized operations or information disclosure. Exploitable via ``limits.fieldNestingDepth``. Mitigation: upgrade to `3.0.0-alpha.2` or later.
|
| CVE-2026-52704 |
|
Code Injection in CVE-2026-52704 (CVE-2026-52704)
code injection in CVE-2026-52704 (CVE-2026-52704). Successful exploitation can lead to full system takeover.
|