Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-8716 Vulnerability in gitlab (CVE-2026-8716)
vulnerability in gitlab (CVE-2026-8716). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-5296 Vulnerability in gitlab (CVE-2026-5296)
vulnerability in gitlab (CVE-2026-5296). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-6713 Authorization Flaw in gitlab (CVE-2026-6713)
vulnerability in gitlab (CVE-2026-6713). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-42878 Information Disclosure in facturascripts/facturascripts (CVE-2026-42878)
vulnerability in facturascripts/facturascripts (CVE-2026-42878). Risk of unauthorized operations or information disclosure.
CVE-2026-2601 Vulnerability in gitlab (CVE-2026-2601)
vulnerability in gitlab (CVE-2026-2601). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-1402 Vulnerability in gitlab (CVE-2026-1402)
vulnerability in gitlab (CVE-2026-1402). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
CVE-2026-4391 Buffer Overflow in CVE-2026-4391 (CVE-2026-4391)
vulnerability in CVE-2026-4391 (CVE-2026-4391). Risk of unauthorized operations or information disclosure.
CVE-2026-5509 Vulnerability in tp-link (CVE-2026-5509)
vulnerability in tp-link (CVE-2026-5509). Successful exploitation can lead to full system takeover.
CVE-2026-4390 Buffer Overflow in CVE-2026-4390 (CVE-2026-4390)
vulnerability in CVE-2026-4390 (CVE-2026-4390). Risk of unauthorized operations or information disclosure.
CVE-2026-38808 SQL Injection in sqli (CVE-2026-38808)
SQL injection in sqli (CVE-2026-38808). Risk of unauthorized operations or information disclosure.
CVE-2025-69600 Command Injection in CVE-2025-69600 (CVE-2025-69600)
command injection in CVE-2025-69600 (CVE-2025-69600). Successful exploitation can lead to full system takeover.
CVE-2025-67903 Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.
Northern.tech Mender Client 5 before 5.0.4 allows a Cryptographic signature verification bypass.
CVE-2026-48147 Vulnerability in @budibase/backend-core (CVE-2026-48147)
vulnerability in @budibase/backend-core (CVE-2026-48147). Data can be tampered with by attackers. Exploitable via `POST /api/global/users/invite`. Mitigation: upgrade to `3.35.4` or later.
CVE-2026-48151 Vulnerability in @budibase/server (CVE-2026-48151)
vulnerability in @budibase/server (CVE-2026-48151). Data can be tampered with by attackers. Exploitable via `POST /api/webhooks/schema/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48152 Authorization Flaw in @budibase/server (CVE-2026-48152)
vulnerability in @budibase/server (CVE-2026-48152). Confidential information can be exposed externally. Exploitable via `GET /api/datasources/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48148 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48148)
SSRF in @budibase/server (CVE-2026-48148). Risk of unauthorized operations or information disclosure. Exploitable via ``metadata.google.internal``. Mitigation: upgrade to `3.35.3` or later.
CVE-2026-48153 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48153)
SSRF in @budibase/server (CVE-2026-48153). Confidential information can be exposed externally. Exploitable via ``fetchToken``. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48149 Cross-Site Scripting (XSS) in CVE-2026-48149 (CVE-2026-48149)
cross-site scripting in CVE-2026-48149 (CVE-2026-48149). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-46427 Information Disclosure in CVE-2026-46427 (CVE-2026-46427)
vulnerability in CVE-2026-46427 (CVE-2026-46427). Confidential information can be exposed externally. Exploitable via `GET /api/datasources/`. Mitigation: upgrade to `3.38.3` or later.
CVE-2026-46425 Vulnerability in CVE-2026-46425 (CVE-2026-46425)
vulnerability in CVE-2026-46425 (CVE-2026-46425). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.38.2` or later.
CVE-2026-48128 SSRF (Server-Side Request Forgery) in budibase (CVE-2026-48128)
SSRF in budibase (CVE-2026-48128). Risk of unauthorized operations or information disclosure. Exploitable via ``inputs.query``. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48146 SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48146)
SSRF in @budibase/server (CVE-2026-48146). Confidential information can be exposed externally. Exploitable via ``fetchWithBlacklist``. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-45081 Authorization Flaw in CVE-2026-45081 (CVE-2026-45081)
vulnerability in CVE-2026-45081 (CVE-2026-45081). Confidential information can be exposed externally. Mitigation: upgrade to `16.5.0` or later.
CVE-2026-44460 Information Disclosure in CVE-2026-44460 (CVE-2026-44460)
vulnerability in CVE-2026-44460 (CVE-2026-44460). Confidential information can be exposed externally. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-42553 Vulnerability in cinny (CVE-2026-42553)
vulnerability in cinny (CVE-2026-42553). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `4.10.3` or later.
CVE-2026-45357 Vulnerability in liquidjs (CVE-2026-45357)
vulnerability in liquidjs (CVE-2026-45357). Risk of unauthorized operations or information disclosure. Exploitable via ``date``.
CVE-2026-49054 Vulnerability in CVE-2026-49054 (CVE-2026-49054)
vulnerability in CVE-2026-49054 (CVE-2026-49054). Risk of unauthorized operations or information disclosure.
CVE-2026-45335 Open Redirect in CVE-2026-45335 (CVE-2026-45335)
vulnerability in CVE-2026-45335 (CVE-2026-45335). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-42790 Vulnerability in erlang (CVE-2026-42790)
vulnerability in erlang (CVE-2026-42790). Confidential information can be exposed externally.
CVE-2026-42083 Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
CVE-2026-42459 Vulnerability in github.com/free5gc/udm (CVE-2026-42459)
vulnerability in github.com/free5gc/udm (CVE-2026-42459). Confidential information can be exposed externally. Exploitable via ``supi``.
CVE-2026-42082 Vulnerability in github.com/free5gc/amf (CVE-2026-42082)
vulnerability in github.com/free5gc/amf (CVE-2026-42082). Risk of unauthorized operations or information disclosure. Exploitable via ``OnGoing``.
CVE-2026-42081 Vulnerability in github.com/free5gc/amf (CVE-2026-42081)
vulnerability in github.com/free5gc/amf (CVE-2026-42081). Risk of unauthorized operations or information disclosure. Exploitable via ``handlePathSwitchRequestMain``.
CVE-2026-38945 Command Injection in CVE-2026-38945 (CVE-2026-38945)
command injection in CVE-2026-38945 (CVE-2026-38945). Successful exploitation can lead to full system takeover.
CVE-2026-38931 Cross-Site Scripting (XSS) in CVE-2026-38931 (CVE-2026-38931)
cross-site scripting in CVE-2026-38931 (CVE-2026-38931). Risk of unauthorized operations or information disclosure.
CVE-2026-38930 SQL Injection in CVE-2026-38930 (CVE-2026-38930)
SQL injection in CVE-2026-38930 (CVE-2026-38930). Risk of unauthorized operations or information disclosure.
CVE-2025-70116 Vulnerability in CVE-2025-70116 (CVE-2025-70116)
vulnerability in CVE-2025-70116 (CVE-2025-70116). Risk of unauthorized operations or information disclosure.
CVE-2025-68712 Vulnerability in c (CVE-2025-68712)
vulnerability in c (CVE-2025-68712). Confidential information can be exposed externally.
CVE-2022-41656 Vulnerability in CVE-2022-41656 (CVE-2022-41656)
vulnerability in CVE-2022-41656 (CVE-2022-41656). Risk of unauthorized operations or information disclosure.
CVE-2026-46034 Vulnerability in linux (CVE-2026-46034)
vulnerability in linux (CVE-2026-46034). Risk of unauthorized operations or information disclosure.
CVE-2026-46031 Vulnerability in linux (CVE-2026-46031)
vulnerability in linux (CVE-2026-46031). Risk of unauthorized operations or information disclosure.
CVE-2026-46030 Vulnerability in linux (CVE-2026-46030)
vulnerability in linux (CVE-2026-46030). Risk of unauthorized operations or information disclosure.
CVE-2026-45991 Out-of-Bounds Write in linux (CVE-2026-45991)
out-of-bounds write in linux (CVE-2026-45991). Successful exploitation can lead to full system takeover.
CVE-2026-45998 Use-After-Free in linux (CVE-2026-45998)
vulnerability in linux (CVE-2026-45998). Successful exploitation can lead to full system takeover.
CVE-2026-45989 Use-After-Free in linux (CVE-2026-45989)
vulnerability in linux (CVE-2026-45989). Successful exploitation can lead to full system takeover.
CVE-2026-45980 Use-After-Free in linux (CVE-2026-45980)
vulnerability in linux (CVE-2026-45980). Successful exploitation can lead to full system takeover.
CVE-2026-45976 Vulnerability in linux (CVE-2026-45976)
vulnerability in linux (CVE-2026-45976). Risk of unauthorized operations or information disclosure.
CVE-2026-45981 Vulnerability in linux (CVE-2026-45981)
vulnerability in linux (CVE-2026-45981). Risk of unauthorized operations or information disclosure.
CVE-2026-45968 Vulnerability in c (CVE-2026-45968)
vulnerability in c (CVE-2026-45968). Risk of unauthorized operations or information disclosure.
CVE-2026-45969 Vulnerability in linux (CVE-2026-45969)
vulnerability in linux (CVE-2026-45969). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →