Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40961 |
|
Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40548 |
|
Unrestricted File Upload in path-traversal (CVE-2026-40548)
vulnerability in path-traversal (CVE-2026-40548). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40861 |
|
Vulnerability in apache-airflow (CVE-2026-40861)
vulnerability in apache-airflow (CVE-2026-40861). Confidential information can be exposed externally. Exploitable via ``airflow.cfg``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40549 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-40549)
vulnerability in csrf (CVE-2026-40549). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40543 |
|
Vulnerability in CVE-2026-40543 (CVE-2026-40543)
vulnerability in CVE-2026-40543 (CVE-2026-40543). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41014 |
|
Vulnerability in apache-airflow (CVE-2026-41014)
vulnerability in apache-airflow (CVE-2026-41014). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40547 |
|
Path Traversal in path-traversal (CVE-2026-40547)
path traversal in path-traversal (CVE-2026-40547). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40963 |
|
Vulnerability in airflow (CVE-2026-40963)
vulnerability in airflow (CVE-2026-40963). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40546 |
|
SQL Injection in sqli (CVE-2026-40546)
SQL injection in sqli (CVE-2026-40546). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40544 |
|
Cross-Site Scripting (XSS) in CVE-2026-40544 (CVE-2026-40544)
cross-site scripting in CVE-2026-40544 (CVE-2026-40544). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40545 |
|
Cross-Site Scripting (XSS) in CVE-2026-40545 (CVE-2026-40545)
cross-site scripting in CVE-2026-40545 (CVE-2026-40545). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10237 |
|
Vulnerability in sqli (CVE-2026-10237)
vulnerability in sqli (CVE-2026-10237). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10242 |
|
Vulnerability in sqli (CVE-2026-10242)
vulnerability in sqli (CVE-2026-10242). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10239 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10239 (CVE-2026-10239)
SSRF in CVE-2026-10239 (CVE-2026-10239). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10240 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10240 (CVE-2026-10240)
SSRF in CVE-2026-10240 (CVE-2026-10240). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10517 |
|
SSRF (Server-Side Request Forgery) in github.com/quay/claircore (CVE-2026-10517)
SSRF in github.com/quay/claircore (CVE-2026-10517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10241 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-10241 (CVE-2026-10241)
SSRF in CVE-2026-10241 (CVE-2026-10241). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10243 |
|
Authentication Bypass in CVE-2026-10243 (CVE-2026-10243)
authentication bypass in CVE-2026-10243 (CVE-2026-10243). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10236 |
|
Vulnerability in CVE-2026-10236 (CVE-2026-10236)
vulnerability in CVE-2026-10236 (CVE-2026-10236). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27788 |
|
Vulnerability in jvn (CVE-2026-27788)
vulnerability in jvn (CVE-2026-27788). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45192 |
|
Information Disclosure in apache-airflow (CVE-2026-45192)
vulnerability in apache-airflow (CVE-2026-45192). Confidential information can be exposed externally. Exploitable via ``extra``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-10235 |
|
Vulnerability in sqli (CVE-2026-10235)
vulnerability in sqli (CVE-2026-10235). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10234 |
|
Cross-Site Scripting (XSS) in CVE-2026-10234 (CVE-2026-10234)
cross-site scripting in CVE-2026-10234 (CVE-2026-10234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10233 |
|
Buffer Overflow in cpp (CVE-2026-10233)
vulnerability in cpp (CVE-2026-10233). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10232 |
|
Buffer Overflow in cpp (CVE-2026-10232)
vulnerability in cpp (CVE-2026-10232). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10229 |
|
Buffer Overflow in cpp (CVE-2026-10229)
vulnerability in cpp (CVE-2026-10229). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10230 |
|
Buffer Overflow in cpp (CVE-2026-10230)
vulnerability in cpp (CVE-2026-10230). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10231 |
|
Buffer Overflow in cpp (CVE-2026-10231)
vulnerability in cpp (CVE-2026-10231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10228 |
|
Cross-Site Scripting (XSS) in CVE-2026-10228 (CVE-2026-10228)
cross-site scripting in CVE-2026-10228 (CVE-2026-10228). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10227 |
|
Vulnerability in sqli (CVE-2026-10227)
vulnerability in sqli (CVE-2026-10227). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10225 |
|
Vulnerability in sqli (CVE-2026-10225)
vulnerability in sqli (CVE-2026-10225). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10226 |
|
Vulnerability in sqli (CVE-2026-10226)
vulnerability in sqli (CVE-2026-10226). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10224 |
|
Vulnerability in CVE-2026-10224 (CVE-2026-10224)
vulnerability in CVE-2026-10224 (CVE-2026-10224). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10223 |
|
Vulnerability in CVE-2026-10223 (CVE-2026-10223)
vulnerability in CVE-2026-10223 (CVE-2026-10223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10222 |
|
Vulnerability in hermes-agent (CVE-2026-10222)
vulnerability in hermes-agent (CVE-2026-10222). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.18.0` or later.
|
| CVE-2026-48209 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-48209)
cross-site scripting in c (CVE-2026-48209). Data can be tampered with by attackers.
|
| CVE-2026-48208 |
|
Vulnerability in dos (CVE-2026-48208)
vulnerability in dos (CVE-2026-48208). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20455 |
|
Out-of-Bounds Write in mediatek (CVE-2026-20455)
out-of-bounds write in mediatek (CVE-2026-20455). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20456 |
|
Out-of-Bounds Write in dos (CVE-2026-20456)
out-of-bounds write in dos (CVE-2026-20456). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48187 |
|
Vulnerability in otrs (CVE-2026-48187)
vulnerability in otrs (CVE-2026-48187). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48189 |
|
Information Disclosure in otrs (CVE-2026-48189)
vulnerability in otrs (CVE-2026-48189). Confidential information can be exposed externally.
|
| CVE-2026-20454 |
|
Vulnerability in mediatek (CVE-2026-20454)
vulnerability in mediatek (CVE-2026-20454). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48188 |
|
Vulnerability in sqli (CVE-2026-48188)
vulnerability in sqli (CVE-2026-48188). Confidential information can be exposed externally.
|
| CVE-2026-48190 |
|
Vulnerability in otrs (CVE-2026-48190)
vulnerability in otrs (CVE-2026-48190). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48191 |
|
Vulnerability in otrs (CVE-2026-48191)
vulnerability in otrs (CVE-2026-48191). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10219 |
|
Command Injection in github.com/nextlevelbuilder/goclaw (CVE-2026-10219)
command injection in github.com/nextlevelbuilder/goclaw (CVE-2026-10219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20453 |
|
Out-of-Bounds Write in mediatek (CVE-2026-20453)
out-of-bounds write in mediatek (CVE-2026-20453). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20452 |
|
Vulnerability in mediatek (CVE-2026-20452)
vulnerability in mediatek (CVE-2026-20452). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10220 |
|
Vulnerability in CVE-2026-10220 (CVE-2026-10220)
vulnerability in CVE-2026-10220 (CVE-2026-10220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10221 |
|
Vulnerability in CVE-2026-10221 (CVE-2026-10221)
vulnerability in CVE-2026-10221 (CVE-2026-10221). Risk of unauthorized operations or information disclosure.
|