Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-49385 Vulnerability in jetbrains (CVE-2026-49385)
vulnerability in jetbrains (CVE-2026-49385). Data can be tampered with by attackers.
CVE-2026-49374 Vulnerability in jetbrains (CVE-2026-49374)
vulnerability in jetbrains (CVE-2026-49374). Confidential information can be exposed externally.
CVE-2026-49378 Vulnerability in jetbrains (CVE-2026-49378)
vulnerability in jetbrains (CVE-2026-49378). Risk of unauthorized operations or information disclosure.
CVE-2026-49376 In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
CVE-2026-49372 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49380 In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
CVE-2026-49379 In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
CVE-2026-49375 Cross-Site Scripting (XSS) in jetbrains (CVE-2026-49375)
cross-site scripting in jetbrains (CVE-2026-49375). Risk of unauthorized operations or information disclosure.
CVE-2026-49373 Vulnerability in jetbrains (CVE-2026-49373)
vulnerability in jetbrains (CVE-2026-49373). Confidential information can be exposed externally.
CVE-2026-49368 In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CVE-2026-49371 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-49366 In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVE-2026-47745 Vulnerability in shopper/framework (CVE-2026-47745)
vulnerability in shopper/framework (CVE-2026-47745). Data can be tampered with by attackers. Exploitable via ``PaymentMethods``. Mitigation: upgrade to `2.8.0` or later.
CVE-2026-49367 In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVE-2026-49369 Authorization Flaw in jetbrains (CVE-2026-49369)
vulnerability in jetbrains (CVE-2026-49369). Risk of unauthorized operations or information disclosure.
CVE-2026-47744 Privilege Escalation in shopper/framework (CVE-2026-47744)
vulnerability in shopper/framework (CVE-2026-47744). Successful exploitation can lead to full system takeover. Exploitable via ``view_users``. Mitigation: upgrade to `2.8.0` or later.
CVE-2026-47741 Vulnerability in shopper/cart (CVE-2026-47741)
vulnerability in shopper/cart (CVE-2026-47741). Data can be tampered with by attackers. Exploitable via ``Order``. Mitigation: upgrade to `2.8.0` or later.
CVE-2026-47740 shopper/framework: Authorization bypass in multiple Livewire admin components
shopper/framework: Authorization bypass in multiple Livewire admin components
CVE-2026-47742 Vulnerability in shopper/framework (CVE-2026-47742)
vulnerability in shopper/framework (CVE-2026-47742). Data can be tampered with by attackers. Exploitable via ``Edit``. Mitigation: upgrade to `2.8.0` or later.
CVE-2026-46344 Out-of-Bounds Read in c (CVE-2026-46344)
vulnerability in c (CVE-2026-46344). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.16.0` or later.
CVE-2026-44518 Vulnerability in c (CVE-2026-44518)
vulnerability in c (CVE-2026-44518). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.16.0` or later.
CVE-2026-42951 Vulnerability in macgregor (CVE-2026-42951)
vulnerability in macgregor (CVE-2026-42951). Confidential information can be exposed externally.
CVE-2026-42929 Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
CVE-2026-40425 Vulnerability in macgregor (CVE-2026-40425)
vulnerability in macgregor (CVE-2026-40425). Confidential information can be exposed externally.
CVE-2026-46690 Out-of-Bounds Read in unbounded-spsc (CVE-2026-46690)
vulnerability in unbounded-spsc (CVE-2026-46690). Risk of unauthorized operations or information disclosure. Exploitable via ``unsafe``.
CVE-2026-10107 SSRF (Server-Side Request Forgery) in CVE-2026-10107 (CVE-2026-10107)
SSRF in CVE-2026-10107 (CVE-2026-10107). Confidential information can be exposed externally.
CVE-2026-10108 Path Traversal in xiaomusic (CVE-2026-10108)
path traversal in xiaomusic (CVE-2026-10108). Confidential information can be exposed externally. Exploitable via `GET /music/{file_path`. Mitigation: upgrade to `0.5.8` or later.
CVE-2026-5768 Vulnerability in CVE-2026-5768 (CVE-2026-5768)
vulnerability in CVE-2026-5768 (CVE-2026-5768). Successful exploitation can lead to full system takeover.
CVE-2026-10105 SQL Injection in agno (CVE-2026-10105)
SQL injection in agno (CVE-2026-10105). Confidential information can be exposed externally.
CVE-2026-10070 Vulnerability in CVE-2026-10070 (CVE-2026-10070)
vulnerability in CVE-2026-10070 (CVE-2026-10070). Risk of unauthorized operations or information disclosure.
CVE-2026-47190 Vulnerability in github.com/metal3-io/ip-address-manager (CVE-2026-47190)
vulnerability in github.com/metal3-io/ip-address-manager (CVE-2026-47190). Confidential information can be exposed externally. Mitigation: upgrade to `1.12.4` or later.
CVE-2026-47141 Vulnerability in vm2 (CVE-2026-47141)
vulnerability in vm2 (CVE-2026-47141). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-45631 Vulnerability in CVE-2026-45631 (CVE-2026-45631)
vulnerability in CVE-2026-45631 (CVE-2026-45631). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.29.3` or later.
CVE-2026-45661 Path Traversal in path-traversal (CVE-2026-45661)
path traversal in path-traversal (CVE-2026-45661). Successful exploitation can lead to full system takeover.
CVE-2026-45668 Path Traversal in path-traversal (CVE-2026-45668)
path traversal in path-traversal (CVE-2026-45668). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.102.2` or later.
CVE-2026-45630 OS Command Injection in CVE-2026-45630 (CVE-2026-45630)
OS command injection in CVE-2026-45630 (CVE-2026-45630). Confidential information can be exposed externally.
CVE-2026-45632 OS Command Injection in CVE-2026-45632 (CVE-2026-45632)
OS command injection in CVE-2026-45632 (CVE-2026-45632). Successful exploitation can lead to full system takeover.
CVE-2026-45633 OS Command Injection in CVE-2026-45633 (CVE-2026-45633)
OS command injection in CVE-2026-45633 (CVE-2026-45633). Successful exploitation can lead to full system takeover.
CVE-2026-45628 Vulnerability in c (CVE-2026-45628)
vulnerability in c (CVE-2026-45628). Confidential information can be exposed externally.
CVE-2026-45629 OS Command Injection in CVE-2026-45629 (CVE-2026-45629)
OS command injection in CVE-2026-45629 (CVE-2026-45629). Confidential information can be exposed externally.
CVE-2026-47139 Vulnerability in vm2 (CVE-2026-47139)
vulnerability in vm2 (CVE-2026-47139). Confidential information can be exposed externally. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47140 Vulnerability in vm2 (CVE-2026-47140)
vulnerability in vm2 (CVE-2026-47140). Successful exploitation can lead to full system takeover. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47210 Vulnerability in vm2 (CVE-2026-47210)
vulnerability in vm2 (CVE-2026-47210). Successful exploitation can lead to full system takeover. Exploitable via ``vm2``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47137 Vulnerability in vm2 (CVE-2026-47137)
vulnerability in vm2 (CVE-2026-47137). Successful exploitation can lead to full system takeover. Exploitable via ``nodevm.js``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47209 Vulnerability in vm2 (CVE-2026-47209)
vulnerability in vm2 (CVE-2026-47209). Data can be tampered with by attackers. Exploitable via ``BaseHandler.set``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47135 Vulnerability in vm2 (CVE-2026-47135)
vulnerability in vm2 (CVE-2026-47135). Confidential information can be exposed externally. Exploitable via ``Symbol.for``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47208 Vulnerability in vm2 (CVE-2026-47208)
vulnerability in vm2 (CVE-2026-47208). Successful exploitation can lead to full system takeover. Exploitable via ``localPromise``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47131 Vulnerability in vm2 (CVE-2026-47131)
vulnerability in vm2 (CVE-2026-47131). Successful exploitation can lead to full system takeover. Exploitable via ``ERR_INVALID_ARG_TYPE``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47200 Vulnerability in nuxt (CVE-2026-47200)
vulnerability in nuxt (CVE-2026-47200). Risk of unauthorized operations or information disclosure. Exploitable via ``experimental.componentIslands``. Mitigation: upgrade to `4.4.6` or later.
CVE-2026-45663 Command Injection in CVE-2026-45663 (CVE-2026-45663)
command injection in CVE-2026-45663 (CVE-2026-45663). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →