Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48546 |
|
Vulnerability in CVE-2026-48546 (CVE-2026-48546)
vulnerability in CVE-2026-48546 (CVE-2026-48546). Confidential information can be exposed externally.
|
| CVE-2026-46698 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46698)
SSRF in wordpress (CVE-2026-46698). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49261 |
|
OS Command Injection in mariadb (CVE-2026-49261)
OS command injection in mariadb (CVE-2026-49261). Successful exploitation can lead to full system takeover. Exploitable via ``wsrep_notify_cmd``. Mitigation: upgrade to `10.6.27` or later.
|
| CVE-2026-46697 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
|
| CVE-2026-11986 |
|
Vulnerability in CVE-2026-11986 (CVE-2026-11986)
vulnerability in CVE-2026-11986 (CVE-2026-11986). Data can be tampered with by attackers.
|
| CVE-2026-49982 |
|
Vulnerability in tmp (CVE-2026-49982)
vulnerability in tmp (CVE-2026-49982). Data can be tampered with by attackers. Exploitable via ``_assertPath``. Mitigation: upgrade to `0.2.7` or later.
|
| CVE-2026-11945 |
|
SQL Injection in dalibo (CVE-2026-11945)
SQL injection in dalibo (CVE-2026-11945). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7870 |
|
Vulnerability in ibm (CVE-2026-7870)
vulnerability in ibm (CVE-2026-7870). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53777 |
|
Path Traversal in path-traversal (CVE-2026-53777)
path traversal in path-traversal (CVE-2026-53777). Confidential information can be exposed externally.
|
| CVE-2026-3341 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3341)
SSRF in ssrf (CVE-2026-3341). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11839 |
|
Unrestricted File Upload in CVE-2026-11839 (CVE-2026-11839)
vulnerability in CVE-2026-11839 (CVE-2026-11839). Successful exploitation can lead to full system takeover.
|
| CVE-2024-45636 |
|
Vulnerability in ibm (CVE-2024-45636)
vulnerability in ibm (CVE-2024-45636). Confidential information can be exposed externally.
|
| CVE-2026-50245 |
|
Vulnerability in cisa (CVE-2026-50245)
vulnerability in cisa (CVE-2026-50245). Confidential information can be exposed externally.
|
| CVE-2026-10557 |
|
Vulnerability in cisa (CVE-2026-10557)
vulnerability in cisa (CVE-2026-10557). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6338 |
|
Vulnerability in CVE-2026-6338 (CVE-2026-6338)
vulnerability in CVE-2026-6338 (CVE-2026-6338). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38581 |
|
SQL Injection in sqli (CVE-2026-38581)
SQL injection in sqli (CVE-2026-38581). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11816 |
|
Path Traversal in path-traversal (CVE-2026-11816)
path traversal in path-traversal (CVE-2026-11816). Confidential information can be exposed externally. Exploitable via ``AttributeError``.
|
| CVE-2026-10847 |
|
Vulnerability in privilege-escalation (CVE-2026-10847)
vulnerability in privilege-escalation (CVE-2026-10847). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48043 |
|
Vulnerability in io.netty:netty-codec-http2 (CVE-2026-48043)
vulnerability in io.netty:netty-codec-http2 (CVE-2026-48043). Risk of unauthorized operations or information disclosure. Exploitable via ``DelegatingDecompressorFrameListener``. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-48020 |
|
Vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020)
vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020). Confidential information can be exposed externally. Exploitable via `GET /admin`. Mitigation: upgrade to `2.11.48` or later.
|
| CVE-2026-48006 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-48006)
vulnerability in io.netty:netty-codec-redis (CVE-2026-48006). Risk of unauthorized operations or information disclosure. Exploitable via ``depths``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-7852 |
|
Unrestricted File Upload in CVE-2026-7852 (CVE-2026-7852)
vulnerability in CVE-2026-7852 (CVE-2026-7852). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11561 |
|
Vulnerability in CVE-2026-11561 (CVE-2026-11561)
vulnerability in CVE-2026-11561 (CVE-2026-11561). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53723 |
|
Vulnerability in guzzlehttp/guzzle-services (CVE-2026-53723)
vulnerability in guzzlehttp/guzzle-services (CVE-2026-53723). Risk of unauthorized operations or information disclosure. Exploitable via ``additionalParameters``. Mitigation: upgrade to `1.5.4` or later.
|
| CVE-2026-48998 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-48998)
vulnerability in guzzlehttp/psr7 (CVE-2026-48998). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `2.10.2` or later.
|
| CVE-2026-49214 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-49214)
vulnerability in guzzlehttp/psr7 (CVE-2026-49214). Risk of unauthorized operations or information disclosure. Exploitable via ``Uri``. Mitigation: upgrade to `2.10.2` or later.
|
| CVE-2026-8589 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-8589)
cross-site scripting in gitlab (CVE-2026-8589). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-7250 |
|
Vulnerability in gitlab (CVE-2026-7250)
vulnerability in gitlab (CVE-2026-7250). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6269 |
|
Authorization Flaw in gitlab (CVE-2026-6269)
vulnerability in gitlab (CVE-2026-6269). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6277 |
|
Authorization Flaw in gitlab (CVE-2026-6277)
vulnerability in gitlab (CVE-2026-6277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-9204 |
|
SSRF (Server-Side Request Forgery) in gitlab (CVE-2026-9204)
SSRF in gitlab (CVE-2026-9204). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-8464 |
|
Path Traversal in path-traversal (CVE-2026-8464)
path traversal in path-traversal (CVE-2026-8464). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1500 |
|
Vulnerability in gitlab (CVE-2026-1500)
vulnerability in gitlab (CVE-2026-1500). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2022-45813 |
|
Vulnerability in CVE-2022-45813 (CVE-2022-45813)
vulnerability in CVE-2022-45813 (CVE-2022-45813). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-25969 |
|
Vulnerability in CVE-2023-25969 (CVE-2023-25969)
vulnerability in CVE-2023-25969 (CVE-2023-25969). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-32959 |
|
Vulnerability in CVE-2023-32959 (CVE-2023-32959)
vulnerability in CVE-2023-32959 (CVE-2023-32959). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4764 |
|
Vulnerability in CVE-2026-4764 (CVE-2026-4764)
vulnerability in CVE-2026-4764 (CVE-2026-4764). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3553 |
|
Authorization Flaw in gitlab (CVE-2026-3553)
vulnerability in gitlab (CVE-2026-3553). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-53912 |
|
Information Disclosure in CVE-2026-53912 (CVE-2026-53912)
vulnerability in CVE-2026-53912 (CVE-2026-53912). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-47150 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-47150)
vulnerability in csrf (CVE-2022-47150). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10087 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-10087)
cross-site scripting in gitlab (CVE-2026-10087). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-53423 |
|
Vulnerability in membrane_mp4_plugin (CVE-2026-53423)
vulnerability in membrane_mp4_plugin (CVE-2026-53423). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.36.7` or later.
|
| CVE-2026-5497 |
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
|
| CVE-2025-7064 |
|
Vulnerability in CVE-2025-7064 (CVE-2025-7064)
vulnerability in CVE-2025-7064 (CVE-2025-7064). Data can be tampered with by attackers.
|
| CVE-2026-11850 |
|
Vulnerability in c (CVE-2026-11850)
vulnerability in c (CVE-2026-11850). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-44630 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2022-44630)
vulnerability in csrf (CVE-2022-44630). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-42479 |
|
Vulnerability in CVE-2022-42479 (CVE-2022-42479)
vulnerability in CVE-2022-42479 (CVE-2022-42479). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53901 |
|
Vulnerability in CVE-2026-53901 (CVE-2026-53901)
vulnerability in CVE-2026-53901 (CVE-2026-53901). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.37` or later.
|
| CVE-2023-33999 |
|
Cross-Site Scripting (XSS) in CVE-2023-33999 (CVE-2023-33999)
cross-site scripting in CVE-2023-33999 (CVE-2023-33999). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-32110 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2024-32110)
vulnerability in csrf (CVE-2024-32110). Risk of unauthorized operations or information disclosure.
|