Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-10063 |
|
Buffer Overflow in trendnet (CVE-2026-10063)
vulnerability in trendnet (CVE-2026-10063). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39292 |
|
Unrestricted File Upload in CVE-2026-39292 (CVE-2026-39292)
vulnerability in CVE-2026-39292 (CVE-2026-39292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48501 |
|
Authorization Flaw in github.com/cli/cli/v2 (CVE-2026-48501)
vulnerability in github.com/cli/cli/v2 (CVE-2026-48501). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `2.93.0` or later.
|
| CVE-2026-49325 |
|
Vulnerability in CVE-2026-49325 (CVE-2026-49325)
vulnerability in CVE-2026-49325 (CVE-2026-49325). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49316 |
|
Vulnerability in CVE-2026-49316 (CVE-2026-49316)
vulnerability in CVE-2026-49316 (CVE-2026-49316). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49317 |
|
Vulnerability in CVE-2026-49317 (CVE-2026-49317)
vulnerability in CVE-2026-49317 (CVE-2026-49317). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49318 |
|
Vulnerability in CVE-2026-49318 (CVE-2026-49318)
vulnerability in CVE-2026-49318 (CVE-2026-49318). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47694 |
|
Cross-Site Scripting (XSS) in WWBN/AVideo (CVE-2026-47694)
cross-site scripting in WWBN/AVideo (CVE-2026-47694). Risk of unauthorized operations or information disclosure. Exploitable via ``category_description``.
|
| CVE-2026-46376 |
|
Vulnerability in sangoma (CVE-2026-46376)
vulnerability in sangoma (CVE-2026-46376). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.45` or later.
|
| CVE-2026-45555 |
|
Code Injection in csharp (CVE-2026-45555)
code injection in csharp (CVE-2026-45555). Successful exploitation can lead to full system takeover. Exploitable via ``get_diagnostics``. Mitigation: upgrade to `1.17.0` or later.
|
| CVE-2026-45615 |
|
Vulnerability in c (CVE-2026-45615)
vulnerability in c (CVE-2026-45615). Risk of unauthorized operations or information disclosure. Exploitable via ``INTEGER_decode_oer``.
|
| CVE-2026-44698 |
|
Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
|
| CVE-2026-44239 |
|
Vulnerability in path-traversal (CVE-2026-44239)
vulnerability in path-traversal (CVE-2026-44239). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.22` or later.
|
| CVE-2026-44237 |
|
Vulnerability in sangoma (CVE-2026-44237)
vulnerability in sangoma (CVE-2026-44237). Confidential information can be exposed externally. Mitigation: upgrade to `17.0.8` or later.
|
| CVE-2026-44238 |
|
SQL Injection in sqli (CVE-2026-44238)
SQL injection in sqli (CVE-2026-44238). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.50` or later.
|
| CVE-2026-10074 |
|
Vulnerability in path-traversal (CVE-2026-10074)
vulnerability in path-traversal (CVE-2026-10074). Confidential information can be exposed externally.
|
| CVE-2026-40528 |
|
Vulnerability in c (CVE-2026-40528)
vulnerability in c (CVE-2026-40528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40510 |
|
Vulnerability in c (CVE-2026-40510)
vulnerability in c (CVE-2026-40510). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10075 |
|
Vulnerability in path-traversal (CVE-2026-10075)
vulnerability in path-traversal (CVE-2026-10075). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10072 |
|
Unrestricted File Upload in CVE-2026-10072 (CVE-2026-10072)
vulnerability in CVE-2026-10072 (CVE-2026-10072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10060 |
|
Vulnerability in trendnet (CVE-2026-10060)
vulnerability in trendnet (CVE-2026-10060). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10061 |
|
Vulnerability in trendnet (CVE-2026-10061)
vulnerability in trendnet (CVE-2026-10061). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10073 |
|
Vulnerability in path-traversal (CVE-2026-10073)
vulnerability in path-traversal (CVE-2026-10073). Confidential information can be exposed externally.
|
| CVE-2026-48527 |
|
Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-48527)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-48527). Confidential information can be exposed externally. Exploitable via `POST /system/api/saveNode`. Mitigation: upgrade to `26.0.1` or later.
|
| CVE-2026-49323 |
|
Vulnerability in CVE-2026-49323 (CVE-2026-49323)
vulnerability in CVE-2026-49323 (CVE-2026-49323). Confidential information can be exposed externally.
|
| CVE-2026-9508 |
|
Vulnerability in nginx (CVE-2026-9508)
vulnerability in nginx (CVE-2026-9508). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8326 |
|
Vulnerability in path-traversal (CVE-2026-8326)
vulnerability in path-traversal (CVE-2026-8326). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49324 |
|
Vulnerability in CVE-2026-49324 (CVE-2026-49324)
vulnerability in CVE-2026-49324 (CVE-2026-49324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45043 |
|
Privilege Escalation in privilege-escalation (CVE-2026-45043)
vulnerability in privilege-escalation (CVE-2026-45043). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /rustfs/admin/v3/import-iam`. Mitigation: upgrade to `1.0.0-beta.2` or later.
|
| CVE-2026-45551 |
|
Cross-Site Scripting (XSS) in CVE-2026-45551 (CVE-2026-45551)
cross-site scripting in CVE-2026-45551 (CVE-2026-45551). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.25` or later.
|
| CVE-2026-45312 |
|
Vulnerability in CVE-2026-45312 (CVE-2026-45312)
vulnerability in CVE-2026-45312 (CVE-2026-45312). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10071 |
|
Unrestricted File Upload in CVE-2026-10071 (CVE-2026-10071)
vulnerability in CVE-2026-10071 (CVE-2026-10071). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41273 |
|
Vulnerability in waterfall-security (CVE-2025-41273)
vulnerability in waterfall-security (CVE-2025-41273). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41280 |
|
Vulnerability in path-traversal (CVE-2025-41280)
vulnerability in path-traversal (CVE-2025-41280). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41278 |
|
Out-of-Bounds Read in waterfall-security (CVE-2025-41278)
vulnerability in waterfall-security (CVE-2025-41278). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41275 |
|
OS Command Injection in waterfall-security (CVE-2025-41275)
OS command injection in waterfall-security (CVE-2025-41275). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41274 |
|
OS Command Injection in waterfall-security (CVE-2025-41274)
OS command injection in waterfall-security (CVE-2025-41274). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41277 |
|
OS Command Injection in waterfall-security (CVE-2025-41277)
OS command injection in waterfall-security (CVE-2025-41277). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41276 |
|
OS Command Injection in waterfall-security (CVE-2025-41276)
OS command injection in waterfall-security (CVE-2025-41276). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41281 |
|
OS Command Injection in waterfall-security (CVE-2025-41281)
OS command injection in waterfall-security (CVE-2025-41281). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41279 |
|
OS Command Injection in waterfall-security (CVE-2025-41279)
OS command injection in waterfall-security (CVE-2025-41279). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41269 |
|
OS Command Injection in waterfall-security (CVE-2025-41269)
OS command injection in waterfall-security (CVE-2025-41269). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41266 |
|
OS Command Injection in waterfall-security (CVE-2025-41266)
OS command injection in waterfall-security (CVE-2025-41266). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41270 |
|
OS Command Injection in waterfall-security (CVE-2025-41270)
OS command injection in waterfall-security (CVE-2025-41270). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41265 |
|
OS Command Injection in waterfall-security (CVE-2025-41265)
OS command injection in waterfall-security (CVE-2025-41265). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41267 |
|
OS Command Injection in waterfall-security (CVE-2025-41267)
OS command injection in waterfall-security (CVE-2025-41267). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41272 |
|
OS Command Injection in waterfall-security (CVE-2025-41272)
OS command injection in waterfall-security (CVE-2025-41272). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49201 |
|
Vulnerability in acer (CVE-2026-49201)
vulnerability in acer (CVE-2026-49201). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41268 |
|
Vulnerability in path-traversal (CVE-2025-41268)
vulnerability in path-traversal (CVE-2025-41268). Data can be tampered with by attackers.
|
| CVE-2025-41271 |
|
Vulnerability in path-traversal (CVE-2025-41271)
vulnerability in path-traversal (CVE-2025-41271). Confidential information can be exposed externally.
|