Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-10116 |
|
Vulnerability in c (CVE-2026-10116)
vulnerability in c (CVE-2026-10116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10115 |
|
Vulnerability in c (CVE-2026-10115)
vulnerability in c (CVE-2026-10115). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10114 |
|
Buffer Overflow in c (CVE-2026-10114)
vulnerability in c (CVE-2026-10114). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9757 |
|
SQL Injection in wordpress (CVE-2026-9757)
SQL injection in wordpress (CVE-2026-9757). Confidential information can be exposed externally.
|
| CVE-2026-7465 |
|
Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10113 |
|
Vulnerability in c (CVE-2026-10113)
vulnerability in c (CVE-2026-10113). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10111 |
|
Vulnerability in sqli (CVE-2026-10111)
vulnerability in sqli (CVE-2026-10111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10112 |
|
Cross-Site Scripting (XSS) in CVE-2026-10112 (CVE-2026-10112)
cross-site scripting in CVE-2026-10112 (CVE-2026-10112). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5071 |
|
Out-of-Bounds Read in zephyrproject (CVE-2026-5071)
vulnerability in zephyrproject (CVE-2026-5071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10110 |
|
Vulnerability in sqli (CVE-2026-10110)
vulnerability in sqli (CVE-2026-10110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9831 |
|
Vulnerability in CVE-2026-9831 (CVE-2026-9831)
vulnerability in CVE-2026-9831 (CVE-2026-9831). Confidential information can be exposed externally.
|
| CVE-2026-47268 |
|
SSRF (Server-Side Request Forgery) in github.com/nezhahq/nezha (CVE-2026-47268)
SSRF in github.com/nezhahq/nezha (CVE-2026-47268). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/ddns`. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-47213 |
|
Vulnerability in boxlite (CVE-2026-47213)
vulnerability in boxlite (CVE-2026-47213). Risk of unauthorized operations or information disclosure. Exploitable via ``timeout_ms``.
|
| CVE-2026-47203 |
|
Vulnerability in github.com/authelia/authelia/v4 (CVE-2026-47203)
vulnerability in github.com/authelia/authelia/v4 (CVE-2026-47203). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `4.39.20` or later.
|
| CVE-2026-47201 |
|
Vulnerability in goauthentik.io (CVE-2026-47201)
vulnerability in goauthentik.io (CVE-2026-47201). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.0-20260528144335-a370d76d23c7` or later.
|
| CVE-2026-4387 |
|
Vulnerability in c (CVE-2026-4387)
vulnerability in c (CVE-2026-4387). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48811 |
|
Vulnerability in laravel (CVE-2026-48811)
vulnerability in laravel (CVE-2026-48811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
|
| CVE-2026-48810 |
|
Vulnerability in laravel (CVE-2026-48810)
vulnerability in laravel (CVE-2026-48810). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
|
| CVE-2026-46527 |
|
Vulnerability in c (CVE-2026-46527)
vulnerability in c (CVE-2026-46527). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-46599 |
|
Vulnerability in golang.org/x/image (CVE-2026-46599)
vulnerability in golang.org/x/image (CVE-2026-46599). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.41.0` or later.
|
| CVE-2026-48555 |
|
SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
|
| CVE-2026-47123 |
|
Vulnerability in laravel (CVE-2026-47123)
vulnerability in laravel (CVE-2026-47123). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.220` or later.
|
| CVE-2026-48557 |
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
| CVE-2026-45700 |
|
Out-of-Bounds Write in c (CVE-2026-45700)
out-of-bounds write in c (CVE-2026-45700). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-45352 |
|
Vulnerability in c (CVE-2026-45352)
vulnerability in c (CVE-2026-45352). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.43.4` or later.
|
| CVE-2026-45613 |
|
Out-of-Bounds Read in c (CVE-2026-45613)
vulnerability in c (CVE-2026-45613). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45372 |
|
Vulnerability in c (CVE-2026-45372)
vulnerability in c (CVE-2026-45372). Data can be tampered with by attackers. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-45294 |
|
Vulnerability in laravel (CVE-2026-45294)
vulnerability in laravel (CVE-2026-45294). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.219` or later.
|
| CVE-2026-45151 |
|
Vulnerability in c (CVE-2026-45151)
vulnerability in c (CVE-2026-45151). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45324 |
|
Vulnerability in c (CVE-2026-45324)
vulnerability in c (CVE-2026-45324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44422 |
|
Vulnerability in freerdp (CVE-2026-44422)
vulnerability in freerdp (CVE-2026-44422). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-44640 |
|
Vulnerability in CVE-2026-44640 (CVE-2026-44640)
vulnerability in CVE-2026-44640 (CVE-2026-44640). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.24.14` or later.
|
| CVE-2026-44421 |
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
|
| CVE-2026-44287 |
|
Code Injection in CVE-2026-44287 (CVE-2026-44287)
code injection in CVE-2026-44287 (CVE-2026-44287). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.15.0-beta1` or later.
|
| CVE-2026-44285 |
|
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot...
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploi...
|
| CVE-2026-44420 |
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel b...
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process...
|
| CVE-2026-34127 |
|
Cross-Site Scripting (XSS) in tp-link (CVE-2026-34127)
cross-site scripting in tp-link (CVE-2026-34127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47260 |
|
SSRF (Server-Side Request Forgery) in phanan/koel (CVE-2026-47260)
SSRF in phanan/koel (CVE-2026-47260). Confidential information can be exposed externally. Exploitable via `POST /api/podcasts`. Mitigation: upgrade to `9.3.5` or later.
|
| CVE-2026-46705 |
|
Authentication Bypass in russh (CVE-2026-46705)
authentication bypass in russh (CVE-2026-46705). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
|
| CVE-2026-46702 |
|
Vulnerability in russh (CVE-2026-46702)
vulnerability in russh (CVE-2026-46702). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.1` or later.
|
| CVE-2026-47248 |
|
Vulnerability in parse-server (CVE-2026-47248)
vulnerability in parse-server (CVE-2026-47248). Risk of unauthorized operations or information disclosure. Exploitable via ``IntrospectionControlPlugin``. Mitigation: upgrade to `8.6.78` or later.
|
| CVE-2026-9051 |
|
Vulnerability in privilege-escalation (CVE-2026-9051)
vulnerability in privilege-escalation (CVE-2026-9051). Confidential information can be exposed externally.
|
| CVE-2026-49382 |
|
Vulnerability in jetbrains (CVE-2026-49382)
vulnerability in jetbrains (CVE-2026-49382). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49383 |
|
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
|
| CVE-2026-49381 |
|
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
|
| CVE-2026-49384 |
|
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
|
| CVE-2026-49385 |
|
Vulnerability in jetbrains (CVE-2026-49385)
vulnerability in jetbrains (CVE-2026-49385). Data can be tampered with by attackers.
|
| CVE-2026-49374 |
|
Vulnerability in jetbrains (CVE-2026-49374)
vulnerability in jetbrains (CVE-2026-49374). Confidential information can be exposed externally.
|
| CVE-2026-49378 |
|
Vulnerability in jetbrains (CVE-2026-49378)
vulnerability in jetbrains (CVE-2026-49378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49376 |
|
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
|