Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-60495 |
|
Vulnerability in c (CVE-2025-60495)
vulnerability in c (CVE-2025-60495). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60485 |
|
Vulnerability in c (CVE-2025-60485)
vulnerability in c (CVE-2025-60485). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60481 |
|
Vulnerability in c (CVE-2025-60481)
vulnerability in c (CVE-2025-60481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10264 |
|
Path Traversal in path-traversal (CVE-2026-10264)
path traversal in path-traversal (CVE-2026-10264). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10259 |
|
Buffer Overflow in CVE-2026-10259 (CVE-2026-10259)
vulnerability in CVE-2026-10259 (CVE-2026-10259). Successful exploitation can lead to full system takeover.
|
| CVE-2025-55664 |
|
Vulnerability in c (CVE-2025-55664)
vulnerability in c (CVE-2025-55664). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-12914 |
|
Cross-Site Scripting (XSS) in CVE-2024-12914 (CVE-2024-12914)
cross-site scripting in CVE-2024-12914 (CVE-2024-12914). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-40646 |
|
Path Traversal in path-traversal (CVE-2024-40646)
path traversal in path-traversal (CVE-2024-40646). Confidential information can be exposed externally.
|
| CVE-2026-48119 |
|
Vulnerability in github.com/nezhahq/nezha (CVE-2026-48119)
vulnerability in github.com/nezhahq/nezha (CVE-2026-48119). Data can be tampered with by attackers. Exploitable via ``TaskResult``. Mitigation: upgrade to `2.0.12` or later.
|
| CVE-2026-50287 |
|
Vulnerability in @agenticmail/mcp (CVE-2026-50287)
vulnerability in @agenticmail/mcp (CVE-2026-50287). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `0.9.27` or later.
|
| CVE-2026-9308 |
|
Cross-Site Scripting (XSS) in mozilla (CVE-2026-9308)
cross-site scripting in mozilla (CVE-2026-9308). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9309 |
|
Cross-Site Scripting (XSS) in mozilla (CVE-2026-9309)
cross-site scripting in mozilla (CVE-2026-9309). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34193 |
|
Vulnerability in CVE-2026-34193 (CVE-2026-34193)
vulnerability in CVE-2026-34193 (CVE-2026-34193). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10532 |
|
Unsafe Deserialization in ch.qos.logback:logback-core (CVE-2026-10532)
vulnerability in ch.qos.logback:logback-core (CVE-2026-10532). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.5.35` or later.
|
| CVE-2026-10257 |
|
Vulnerability in sqli (CVE-2026-10257)
vulnerability in sqli (CVE-2026-10257). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10258 |
|
Vulnerability in sqli (CVE-2026-10258)
vulnerability in sqli (CVE-2026-10258). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10251 |
|
Vulnerability in sqli (CVE-2026-10251)
vulnerability in sqli (CVE-2026-10251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10252 |
|
Vulnerability in sqli (CVE-2026-10252)
vulnerability in sqli (CVE-2026-10252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10253 |
|
Vulnerability in sqli (CVE-2026-10253)
vulnerability in sqli (CVE-2026-10253). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10256 |
|
Vulnerability in sqli (CVE-2026-10256)
vulnerability in sqli (CVE-2026-10256). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10254 |
|
Information Disclosure in CVE-2026-10254 (CVE-2026-10254)
vulnerability in CVE-2026-10254 (CVE-2026-10254). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10255 |
|
Vulnerability in CVE-2026-10255 (CVE-2026-10255)
vulnerability in CVE-2026-10255 (CVE-2026-10255). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49328 |
|
SSRF (Server-Side Request Forgery) in org.apache.fesod:fesod-sheet (CVE-2026-49328)
SSRF in org.apache.fesod:fesod-sheet (CVE-2026-49328). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.2-incubating` or later.
|
| CVE-2026-10249 |
|
Vulnerability in sqli (CVE-2026-10249)
vulnerability in sqli (CVE-2026-10249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10250 |
|
Vulnerability in sqli (CVE-2026-10250)
vulnerability in sqli (CVE-2026-10250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25599 |
|
Cross-Site Scripting (XSS) in CVE-2026-25599 (CVE-2026-25599)
cross-site scripting in CVE-2026-25599 (CVE-2026-25599). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10248 |
|
Vulnerability in CVE-2026-10248 (CVE-2026-10248)
vulnerability in CVE-2026-10248 (CVE-2026-10248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25600 |
|
Vulnerability in CVE-2026-25600 (CVE-2026-25600)
vulnerability in CVE-2026-25600 (CVE-2026-25600). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10244 |
|
Cross-Site Scripting (XSS) in CVE-2026-10244 (CVE-2026-10244)
cross-site scripting in CVE-2026-10244 (CVE-2026-10244). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10245 |
|
Cross-Site Scripting (XSS) in CVE-2026-10245 (CVE-2026-10245)
cross-site scripting in CVE-2026-10245 (CVE-2026-10245). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10246 |
|
Cross-Site Scripting (XSS) in CVE-2026-10246 (CVE-2026-10246)
cross-site scripting in CVE-2026-10246 (CVE-2026-10246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10247 |
|
Cross-Site Scripting (XSS) in CVE-2026-10247 (CVE-2026-10247)
cross-site scripting in CVE-2026-10247 (CVE-2026-10247). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9024 |
|
Cross-Site Scripting (XSS) in CVE-2026-9024 (CVE-2026-9024)
cross-site scripting in CVE-2026-9024 (CVE-2026-9024). Confidential information can be exposed externally.
|
| CVE-2026-8474 |
|
Cross-Site Scripting (XSS) in CVE-2026-8474 (CVE-2026-8474)
cross-site scripting in CVE-2026-8474 (CVE-2026-8474). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49157 |
|
Vulnerability in activemq (CVE-2026-49157)
vulnerability in activemq (CVE-2026-49157). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-49361 |
|
Vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361)
vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.1-incubating` or later.
|
| CVE-2026-7858 |
|
Unsafe Deserialization in deserialization (CVE-2026-7858)
vulnerability in deserialization (CVE-2026-7858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48827 |
|
Path Traversal in org.apache.sshd:sshd-git (CVE-2026-48827)
path traversal in org.apache.sshd:sshd-git (CVE-2026-48827). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M4` or later.
|
| CVE-2026-49267 |
|
Vulnerability in airflow (CVE-2026-49267)
vulnerability in airflow (CVE-2026-49267). Confidential information can be exposed externally. Exploitable via ``airflow.utils.email``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-46605 |
|
Vulnerability in activemq (CVE-2026-46605)
vulnerability in activemq (CVE-2026-46605). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-45426 |
|
Authorization Flaw in apache-airflow (CVE-2026-45426)
vulnerability in apache-airflow (CVE-2026-45426). Risk of unauthorized operations or information disclosure. Exploitable via ``sub``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-45360 |
|
Unsafe Deserialization in apache-airflow (CVE-2026-45360)
vulnerability in apache-airflow (CVE-2026-45360). Risk of unauthorized operations or information disclosure. Exploitable via ``DeadlineReference``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42359 |
|
Unsafe Deserialization in apache-airflow (CVE-2026-42359)
vulnerability in apache-airflow (CVE-2026-42359). Successful exploitation can lead to full system takeover. Exploitable via `PATCH /api/v2/xcomEntries/{key}`. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42588 |
|
Vulnerability in activemq (CVE-2026-42588)
vulnerability in activemq (CVE-2026-42588). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-45505 |
|
Vulnerability in activemq (CVE-2026-45505)
vulnerability in activemq (CVE-2026-45505). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-42253 |
|
Cross-Site Scripting (XSS) in activemq (CVE-2026-42253)
cross-site scripting in activemq (CVE-2026-42253). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-42358 |
|
Information Disclosure in airflow (CVE-2026-42358)
vulnerability in airflow (CVE-2026-42358). Confidential information can be exposed externally. Exploitable via ``password``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42360 |
|
Information Disclosure in apache-airflow (CVE-2026-42360)
vulnerability in apache-airflow (CVE-2026-42360). Confidential information can be exposed externally. Exploitable via ``password``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42252 |
|
Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-44825 |
|
Vulnerability in solr (CVE-2026-44825)
vulnerability in solr (CVE-2026-44825). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.0.0` or later.
|