Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48597 |
|
Vulnerability in tesla (CVE-2026-48597)
vulnerability in tesla (CVE-2026-48597). Risk of unauthorized operations or information disclosure. Exploitable via ``Mint``. Mitigation: upgrade to `1.18.3` or later.
|
| CVE-2026-48595 |
|
Vulnerability in tesla (CVE-2026-48595)
vulnerability in tesla (CVE-2026-48595). Risk of unauthorized operations or information disclosure. Exploitable via ``Tesla.Middleware.FollowRedirects``. Mitigation: upgrade to `1.18.3` or later.
|
| CVE-2026-48598 |
|
Vulnerability in tesla (CVE-2026-48598)
vulnerability in tesla (CVE-2026-48598). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `1.18.3` or later.
|
| CVE-2026-48682 |
|
Out-of-Bounds Read in cpp (CVE-2026-48682)
vulnerability in cpp (CVE-2026-48682). Confidential information can be exposed externally.
|
| CVE-2026-42342 |
|
Vulnerability in react-router (CVE-2026-42342)
vulnerability in react-router (CVE-2026-42342). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.15.0` or later.
|
| CVE-2026-42211 |
|
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
|
| CVE-2026-35049 |
|
Vulnerability in CVE-2026-35049 (CVE-2026-35049)
vulnerability in CVE-2026-35049 (CVE-2026-35049). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40181 |
|
Open Redirect in react-router (CVE-2026-40181)
vulnerability in react-router (CVE-2026-40181). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect``. Mitigation: upgrade to `6.30.4` or later.
|
| CVE-2026-34077 |
|
Vulnerability in react-router (CVE-2026-34077)
vulnerability in react-router (CVE-2026-34077). Risk of unauthorized operations or information disclosure. Exploitable via ``createBrowserRouter``. Mitigation: upgrade to `7.14.0` or later.
|
| CVE-2026-34993 |
|
Unsafe Deserialization in aiohttp (CVE-2026-34993)
vulnerability in aiohttp (CVE-2026-34993). Data can be tampered with by attackers. Mitigation: upgrade to `3.14.0` or later.
|
| CVE-2026-30586 |
|
Cross-Site Scripting (XSS) in CVE-2026-30586 (CVE-2026-30586)
cross-site scripting in CVE-2026-30586 (CVE-2026-30586). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33245 |
|
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
|
| CVE-2026-33553 |
|
Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS.
|
| CVE-2026-10702 |
|
Vulnerability in mozilla (CVE-2026-10702)
vulnerability in mozilla (CVE-2026-10702). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1829 |
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
| CVE-2026-28299 |
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
|
| CVE-2026-10701 |
|
Buffer Overflow in mozilla (CVE-2026-10701)
vulnerability in mozilla (CVE-2026-10701). Confidential information can be exposed externally.
|
| CVE-2026-10616 |
|
Vulnerability in CVE-2026-10616 (CVE-2026-10616)
vulnerability in CVE-2026-10616 (CVE-2026-10616). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10617 |
|
Authentication Bypass in CVE-2026-10617 (CVE-2026-10617)
authentication bypass in CVE-2026-10617 (CVE-2026-10617). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10607 |
|
Vulnerability in sqli (CVE-2026-10607)
vulnerability in sqli (CVE-2026-10607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10608 |
|
Vulnerability in sqli (CVE-2026-10608)
vulnerability in sqli (CVE-2026-10608). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64390 |
|
Vulnerability in privilege-escalation (CVE-2025-64390)
vulnerability in privilege-escalation (CVE-2025-64390). Successful exploitation can lead to full system takeover.
|
| CVE-2021-4478 |
|
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of...
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of...
|
| CVE-2019-25721 |
|
Vulnerability in dos (CVE-2019-25721)
vulnerability in dos (CVE-2019-25721). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25724 |
|
Vulnerability in dos (CVE-2019-25724)
vulnerability in dos (CVE-2019-25724). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25722 |
|
Vulnerability in CVE-2019-25722 (CVE-2019-25722)
vulnerability in CVE-2019-25722 (CVE-2019-25722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49943 |
|
Vulnerability in c (CVE-2026-49943)
vulnerability in c (CVE-2026-49943). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40713 |
|
Vulnerability in dell (CVE-2026-40713)
vulnerability in dell (CVE-2026-40713). Confidential information can be exposed externally.
|
| CVE-2026-40715 |
|
Vulnerability in privilege-escalation (CVE-2026-40715)
vulnerability in privilege-escalation (CVE-2026-40715). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24221 |
|
Unsafe Deserialization in deserialization (CVE-2026-24221)
vulnerability in deserialization (CVE-2026-24221). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24237 |
|
Unsafe Deserialization in deserialization (CVE-2026-24237)
vulnerability in deserialization (CVE-2026-24237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0611 |
|
Vulnerability in csharp (CVE-2026-0611)
vulnerability in csharp (CVE-2026-0611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1871 |
|
Vulnerability in dos (CVE-2026-1871)
vulnerability in dos (CVE-2026-1871). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`.
|
| CVE-2026-10606 |
|
Vulnerability in sqli (CVE-2026-10606)
vulnerability in sqli (CVE-2026-10606). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40571 |
|
Vulnerability in CVE-2026-40571 (CVE-2026-40571)
vulnerability in CVE-2026-40571 (CVE-2026-40571). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35443 |
|
Vulnerability in CVE-2026-35443 (CVE-2026-35443)
vulnerability in CVE-2026-35443 (CVE-2026-35443). Risk of unauthorized operations or information disclosure. Exploitable via ``view_other_topics``.
|
| CVE-2026-40314 |
|
Vulnerability in CVE-2026-40314 (CVE-2026-40314)
vulnerability in CVE-2026-40314 (CVE-2026-40314). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33244 |
|
Cross-Site Scripting (XSS) in react-router (CVE-2026-33244)
cross-site scripting in react-router (CVE-2026-33244). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `7.13.2` or later.
|
| CVE-2026-10591 |
|
Vulnerability in Amazon aws (CVE-2026-10591)
vulnerability in Amazon aws (CVE-2026-10591). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9522 |
|
Vulnerability in devolutions (CVE-2026-9522)
vulnerability in devolutions (CVE-2026-9522). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9590 |
|
Vulnerability in devolutions (CVE-2026-9590)
vulnerability in devolutions (CVE-2026-9590). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7299 |
|
Cross-Site Scripting (XSS) in appsmith (CVE-2026-7299)
cross-site scripting in appsmith (CVE-2026-7299). Confidential information can be exposed externally. Mitigation: upgrade to `1.99.0` or later.
|
| CVE-2026-48861 |
|
Vulnerability in mint (CVE-2026-48861)
vulnerability in mint (CVE-2026-48861). Risk of unauthorized operations or information disclosure. Exploitable via ``method``. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-49753 |
|
Vulnerability in mint (CVE-2026-49753)
vulnerability in mint (CVE-2026-49753). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-48862 |
|
Vulnerability in mint (CVE-2026-48862)
vulnerability in mint (CVE-2026-48862). Risk of unauthorized operations or information disclosure. Exploitable via ``PUSH_PROMISE``. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-49754 |
|
Vulnerability in mint (CVE-2026-49754)
vulnerability in mint (CVE-2026-49754). Risk of unauthorized operations or information disclosure. Exploitable via ``CONTINUATION``. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-47117 |
|
Code Injection in openmed (CVE-2026-47117)
code injection in openmed (CVE-2026-47117). Successful exploitation can lead to full system takeover. Exploitable via ``model_name``. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-45080 |
|
Information Disclosure in apache (CVE-2026-45080)
vulnerability in apache (CVE-2026-45080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44367 |
|
Vulnerability in apache (CVE-2026-44367)
vulnerability in apache (CVE-2026-44367). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42654 |
|
Vulnerability in CVE-2026-42654 (CVE-2026-42654)
vulnerability in CVE-2026-42654 (CVE-2026-42654). Data can be tampered with by attackers.
|