Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-10116 Vulnerability in c (CVE-2026-10116)
vulnerability in c (CVE-2026-10116). Risk of unauthorized operations or information disclosure.
CVE-2026-10115 Vulnerability in c (CVE-2026-10115)
vulnerability in c (CVE-2026-10115). Risk of unauthorized operations or information disclosure.
CVE-2026-10114 Buffer Overflow in c (CVE-2026-10114)
vulnerability in c (CVE-2026-10114). Risk of unauthorized operations or information disclosure.
CVE-2026-9757 SQL Injection in wordpress (CVE-2026-9757)
SQL injection in wordpress (CVE-2026-9757). Confidential information can be exposed externally.
CVE-2026-7465 Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
CVE-2026-10113 Vulnerability in c (CVE-2026-10113)
vulnerability in c (CVE-2026-10113). Risk of unauthorized operations or information disclosure.
CVE-2026-10111 Vulnerability in sqli (CVE-2026-10111)
vulnerability in sqli (CVE-2026-10111). Risk of unauthorized operations or information disclosure.
CVE-2026-10112 Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
cross-site scripting in CVE-2026-10112 (CVE-2026-10112). Risk of unauthorized operations or information disclosure.
CVE-2026-5071 Out-of-Bounds Read in zephyrproject (CVE-2026-5071)
vulnerability in zephyrproject (CVE-2026-5071). Risk of unauthorized operations or information disclosure.
CVE-2026-10110 Vulnerability in sqli (CVE-2026-10110)
vulnerability in sqli (CVE-2026-10110). Risk of unauthorized operations or information disclosure.
CVE-2026-9831 Vulnerability in CVE-2026-9831 (CVE-2026-9831)
vulnerability in CVE-2026-9831 (CVE-2026-9831). Confidential information can be exposed externally.
CVE-2026-47268 SSRF (Server-Side Request Forgery) in github.com/nezhahq/nezha (CVE-2026-47268)
SSRF in github.com/nezhahq/nezha (CVE-2026-47268). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/ddns`. Mitigation: upgrade to `2.0.10` or later.
CVE-2026-47213 Vulnerability in boxlite (CVE-2026-47213)
vulnerability in boxlite (CVE-2026-47213). Risk of unauthorized operations or information disclosure. Exploitable via ``timeout_ms``.
CVE-2026-47203 Vulnerability in github.com/authelia/authelia/v4 (CVE-2026-47203)
vulnerability in github.com/authelia/authelia/v4 (CVE-2026-47203). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `4.39.20` or later.
CVE-2026-47201 Vulnerability in goauthentik.io (CVE-2026-47201)
vulnerability in goauthentik.io (CVE-2026-47201). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.0-20260528144335-a370d76d23c7` or later.
CVE-2026-4387 Vulnerability in c (CVE-2026-4387)
vulnerability in c (CVE-2026-4387). Risk of unauthorized operations or information disclosure.
CVE-2026-48811 Vulnerability in laravel (CVE-2026-48811)
vulnerability in laravel (CVE-2026-48811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
CVE-2026-48810 Vulnerability in laravel (CVE-2026-48810)
vulnerability in laravel (CVE-2026-48810). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
CVE-2026-46527 Vulnerability in c (CVE-2026-46527)
vulnerability in c (CVE-2026-46527). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-46599 Vulnerability in golang.org/x/image (CVE-2026-46599)
vulnerability in golang.org/x/image (CVE-2026-46599). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.41.0` or later.
CVE-2026-48555 SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
CVE-2026-47123 Vulnerability in laravel (CVE-2026-47123)
vulnerability in laravel (CVE-2026-47123). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.220` or later.
CVE-2026-48557 Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
CVE-2026-45700 Out-of-Bounds Write in c (CVE-2026-45700)
out-of-bounds write in c (CVE-2026-45700). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
CVE-2026-45352 Vulnerability in c (CVE-2026-45352)
vulnerability in c (CVE-2026-45352). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.43.4` or later.
CVE-2026-45613 Out-of-Bounds Read in c (CVE-2026-45613)
vulnerability in c (CVE-2026-45613). Risk of unauthorized operations or information disclosure.
CVE-2026-45372 Vulnerability in c (CVE-2026-45372)
vulnerability in c (CVE-2026-45372). Data can be tampered with by attackers. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-45294 Vulnerability in laravel (CVE-2026-45294)
vulnerability in laravel (CVE-2026-45294). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.219` or later.
CVE-2026-45151 Vulnerability in c (CVE-2026-45151)
vulnerability in c (CVE-2026-45151). Risk of unauthorized operations or information disclosure.
CVE-2026-45324 Vulnerability in c (CVE-2026-45324)
vulnerability in c (CVE-2026-45324). Risk of unauthorized operations or information disclosure.
CVE-2026-44422 Vulnerability in freerdp (CVE-2026-44422)
vulnerability in freerdp (CVE-2026-44422). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
CVE-2026-44640 Vulnerability in CVE-2026-44640 (CVE-2026-44640)
vulnerability in CVE-2026-44640 (CVE-2026-44640). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.24.14` or later.
CVE-2026-44421 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
CVE-2026-44287 Code Injection in CVE-2026-44287 (CVE-2026-44287)
code injection in CVE-2026-44287 (CVE-2026-44287). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.15.0-beta1` or later.
CVE-2026-44285 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot...
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploi...
CVE-2026-44420 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel b...
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process...
CVE-2026-34127 Cross-Site Scripting (XSS) in tp-link (CVE-2026-34127)
cross-site scripting in tp-link (CVE-2026-34127). Risk of unauthorized operations or information disclosure.
CVE-2026-47260 SSRF (Server-Side Request Forgery) in phanan/koel (CVE-2026-47260)
SSRF in phanan/koel (CVE-2026-47260). Confidential information can be exposed externally. Exploitable via `POST /api/podcasts`. Mitigation: upgrade to `9.3.5` or later.
CVE-2026-46705 Authentication Bypass in russh (CVE-2026-46705)
authentication bypass in russh (CVE-2026-46705). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
CVE-2026-46702 Vulnerability in russh (CVE-2026-46702)
vulnerability in russh (CVE-2026-46702). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.1` or later.
CVE-2026-47248 Vulnerability in parse-server (CVE-2026-47248)
vulnerability in parse-server (CVE-2026-47248). Risk of unauthorized operations or information disclosure. Exploitable via ``IntrospectionControlPlugin``. Mitigation: upgrade to `8.6.78` or later.
CVE-2026-9051 Vulnerability in privilege-escalation (CVE-2026-9051)
vulnerability in privilege-escalation (CVE-2026-9051). Confidential information can be exposed externally.
CVE-2026-49382 Vulnerability in jetbrains (CVE-2026-49382)
vulnerability in jetbrains (CVE-2026-49382). Risk of unauthorized operations or information disclosure.
CVE-2026-49383 In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-49381 In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49384 In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2026-49385 Vulnerability in jetbrains (CVE-2026-49385)
vulnerability in jetbrains (CVE-2026-49385). Data can be tampered with by attackers.
CVE-2026-49374 Vulnerability in jetbrains (CVE-2026-49374)
vulnerability in jetbrains (CVE-2026-49374). Confidential information can be exposed externally.
CVE-2026-49378 Vulnerability in jetbrains (CVE-2026-49378)
vulnerability in jetbrains (CVE-2026-49378). Risk of unauthorized operations or information disclosure.
CVE-2026-49376 In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →