Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-24187 |
|
Use-After-Free in dos (CVE-2026-24187)
vulnerability in dos (CVE-2026-24187). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46624 |
|
OS Command Injection in sqli (CVE-2026-46624)
OS command injection in sqli (CVE-2026-46624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47202 |
|
Authentication Bypass in CVE-2026-47202 (CVE-2026-47202)
authentication bypass in CVE-2026-47202 (CVE-2026-47202). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.0.2` or later.
|
| CVE-2026-44730 |
|
Vulnerability in pycti (CVE-2026-44730)
vulnerability in pycti (CVE-2026-44730). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.9.7` or later.
|
| CVE-2026-44775 |
|
Vulnerability in CVE-2026-44775 (CVE-2026-44775)
vulnerability in CVE-2026-44775 (CVE-2026-44775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44668 |
|
Vulnerability in CVE-2026-44668 (CVE-2026-44668)
vulnerability in CVE-2026-44668 (CVE-2026-44668). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.8.3` or later.
|
| CVE-2026-44706 |
|
SQL Injection in sqli (CVE-2026-44706)
SQL injection in sqli (CVE-2026-44706). Confidential information can be exposed externally. Mitigation: upgrade to `4.11.2` or later.
|
| CVE-2026-44667 |
|
Cross-Site Scripting (XSS) in CVE-2026-44667 (CVE-2026-44667)
cross-site scripting in CVE-2026-44667 (CVE-2026-44667). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
|
| CVE-2026-44669 |
|
Cross-Site Scripting (XSS) in CVE-2026-44669 (CVE-2026-44669)
cross-site scripting in CVE-2026-44669 (CVE-2026-44669). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
|
| CVE-2026-44707 |
|
Vulnerability in CVE-2026-44707 (CVE-2026-44707)
vulnerability in CVE-2026-44707 (CVE-2026-44707). Confidential information can be exposed externally. Mitigation: upgrade to `4.13.0` or later.
|
| CVE-2026-42448 |
|
Path Traversal in magic-wormhole (CVE-2026-42448)
path traversal in magic-wormhole (CVE-2026-42448). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.24.0` or later.
|
| CVE-2026-9562 |
|
Vulnerability in CVE-2026-9562 (CVE-2026-9562)
vulnerability in CVE-2026-9562 (CVE-2026-9562). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9565 |
|
Command Injection in CVE-2026-9565 (CVE-2026-9565)
command injection in CVE-2026-9565 (CVE-2026-9565). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9564 |
|
Cross-Site Scripting (XSS) in CVE-2026-9564 (CVE-2026-9564)
cross-site scripting in CVE-2026-9564 (CVE-2026-9564). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48903 |
|
Cross-Site Scripting (XSS) in joomla (CVE-2026-48903)
cross-site scripting in joomla (CVE-2026-48903). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48905 |
|
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
Joomla! Framework - [20260520] - Inadequate content filtering within the cleanAttributes filter code.
|
| CVE-2026-8850 |
|
Vulnerability in dos (CVE-2026-8850)
vulnerability in dos (CVE-2026-8850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48904 |
|
Vulnerability in joomla (CVE-2026-48904)
vulnerability in joomla (CVE-2026-48904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48864 |
|
Out-of-Bounds Write in dos (CVE-2026-48864)
out-of-bounds write in dos (CVE-2026-48864). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48896 |
|
Joomla! Core - [20260511] - MFA Authentication Bypass
Joomla! Core - [20260511] - MFA Authentication Bypass
|
| CVE-2026-48897 |
|
Joomla! Core - [20260512] - MFA Authentication Bypass
Joomla! Core - [20260512] - MFA Authentication Bypass
|
| CVE-2026-48898 |
|
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
|
| CVE-2026-48899 |
|
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
|
| CVE-2026-48900 |
|
Vulnerability in joomla (CVE-2026-48900)
vulnerability in joomla (CVE-2026-48900). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48901 |
|
Vulnerability in joomla (CVE-2026-48901)
vulnerability in joomla (CVE-2026-48901). Confidential information can be exposed externally. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-48693 |
|
Vulnerability in cpp (CVE-2026-48693)
vulnerability in cpp (CVE-2026-48693). Data can be tampered with by attackers.
|
| CVE-2026-48126 |
|
Path Traversal in github.com/xyproto/algernon (CVE-2026-48126)
path traversal in github.com/xyproto/algernon (CVE-2026-48126). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `1.17.8` or later.
|
| CVE-2026-47728 |
|
Vulnerability in bugsink (CVE-2026-47728)
vulnerability in bugsink (CVE-2026-47728). Risk of unauthorized operations or information disclosure. Exploitable via ``FEATURE_MINIDUMPS``. Mitigation: upgrade to `2.2.0` or later.
|
| CVE-2026-48697 |
|
Vulnerability in cpp (CVE-2026-48697)
vulnerability in cpp (CVE-2026-48697). Confidential information can be exposed externally.
|
| CVE-2026-48690 |
|
Vulnerability in pavel-odintsov (CVE-2026-48690)
vulnerability in pavel-odintsov (CVE-2026-48690). Confidential information can be exposed externally.
|
| CVE-2026-48691 |
|
Vulnerability in pavel-odintsov (CVE-2026-48691)
vulnerability in pavel-odintsov (CVE-2026-48691). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45836 |
|
Vulnerability in linux (CVE-2026-45836)
vulnerability in linux (CVE-2026-45836). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45834 |
|
Vulnerability in linux (CVE-2026-45834)
vulnerability in linux (CVE-2026-45834). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45835 |
|
Vulnerability in linux (CVE-2026-45835)
vulnerability in linux (CVE-2026-45835). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44314 |
|
Authorization Flaw in traccar (CVE-2026-44314)
vulnerability in traccar (CVE-2026-44314). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.13.0` or later.
|
| CVE-2026-43982 |
|
Path Traversal in CVE-2026-43982 (CVE-2026-43982)
path traversal in CVE-2026-43982 (CVE-2026-43982). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.17.6` or later.
|
| CVE-2026-44729 |
|
Cross-Site Scripting (XSS) in twenty (CVE-2026-44729)
cross-site scripting in twenty (CVE-2026-44729). Confidential information can be exposed externally.
|
| CVE-2026-44723 |
|
OS Command Injection in vowpalwabbit (CVE-2026-44723)
OS command injection in vowpalwabbit (CVE-2026-44723). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43981 |
|
Vulnerability in c (CVE-2026-43981)
vulnerability in c (CVE-2026-43981). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.17.6` or later.
|
| CVE-2026-40383 |
|
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
Joomla! Core - [20260509] - LFI in HTMLView layout parameter
|
| CVE-2026-40384 |
|
Path Traversal in joomla (CVE-2026-40384)
path traversal in joomla (CVE-2026-40384). Confidential information can be exposed externally. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-35223 |
|
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
Joomla! Core - [20260508] - Improper access check in com_config webservice endpoints
|
| CVE-2026-35220 |
|
Cross-Site Request Forgery (CSRF) in joomla (CVE-2026-35220)
vulnerability in joomla (CVE-2026-35220). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.1` or later.
|
| CVE-2026-35221 |
|
SQL Injection in joomla (CVE-2026-35221)
SQL injection in joomla (CVE-2026-35221). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.4.6, 6.1.1` or later.
|
| CVE-2026-35222 |
|
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
Joomla! Core - [20260507] - Authenticated blind SQLi in com_tags
|
| CVE-2026-30895 |
|
Joomla! Core - [20260504] - XSS in readmore links
Joomla! Core - [20260504] - XSS in readmore links
|
| CVE-2026-25900 |
|
Joomla! Core - [20260501] - XSS in feed modules
Joomla! Core - [20260501] - XSS in feed modules
|
| CVE-2026-25901 |
|
Joomla! Core - [20260502] - XSS in com_associations
Joomla! Core - [20260502] - XSS in com_associations
|
| CVE-2026-30894 |
|
Joomla! Core - [20260503] - XSS in com_contenthistory
Joomla! Core - [20260503] - XSS in com_contenthistory
|
| CVE-2026-2264 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-2264)
SSRF in ssrf (CVE-2026-2264). Risk of unauthorized operations or information disclosure.
|