Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40411 |
|
Vulnerability in microsoft (CVE-2026-40411)
vulnerability in microsoft (CVE-2026-40411). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23652 |
|
Command Injection in microsoft (CVE-2026-23652)
command injection in microsoft (CVE-2026-23652). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3294 |
|
Vulnerability in tp-link (CVE-2026-3294)
vulnerability in tp-link (CVE-2026-3294). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26147 |
|
Vulnerability in microsoft (CVE-2026-26147)
vulnerability in microsoft (CVE-2026-26147). Confidential information can be exposed externally.
|
| CVE-2026-5817 |
|
Vulnerability in docker (CVE-2026-5817)
vulnerability in docker (CVE-2026-5817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5843 |
|
Vulnerability in docker (CVE-2026-5843)
vulnerability in docker (CVE-2026-5843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23663 |
|
Privilege Escalation in microsoft (CVE-2026-23663)
vulnerability in microsoft (CVE-2026-23663). Confidential information can be exposed externally.
|
| CVE-2026-33843 |
|
Vulnerability in microsoft (CVE-2026-33843)
vulnerability in microsoft (CVE-2026-33843). Confidential information can be exposed externally.
|
| CVE-2026-42627 |
|
Vulnerability in cpp (CVE-2026-42627)
vulnerability in cpp (CVE-2026-42627). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46727 |
|
Vulnerability in ruby (CVE-2026-46727)
vulnerability in ruby (CVE-2026-46727). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-6406 |
|
Authorization Flaw in docker (CVE-2026-6406)
vulnerability in docker (CVE-2026-6406). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36227 |
|
Path Traversal in path-traversal (CVE-2026-36227)
path traversal in path-traversal (CVE-2026-36227). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36228 |
|
Vulnerability in CVE-2026-36228 (CVE-2026-36228)
vulnerability in CVE-2026-36228 (CVE-2026-36228). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8340 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8340)
vulnerability in concrete5/concrete5 (CVE-2026-8340). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8672 |
|
Vulnerability in avantra (CVE-2026-8672)
vulnerability in avantra (CVE-2026-8672). Confidential information can be exposed externally.
|
| CVE-2025-45145 |
|
Path Traversal in path-traversal (CVE-2025-45145)
path traversal in path-traversal (CVE-2025-45145). Confidential information can be exposed externally.
|
| CVE-2022-34363 |
|
Vulnerability in dell (CVE-2022-34363)
vulnerability in dell (CVE-2022-34363). Data can be tampered with by attackers.
|
| CVE-2026-9256 |
|
Vulnerability in nginx (CVE-2026-9256)
vulnerability in nginx (CVE-2026-9256). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.0, 1.30.2, 1.31.1` or later.
|
| CVE-2026-8671 |
|
Vulnerability in avantra (CVE-2026-8671)
vulnerability in avantra (CVE-2026-8671). Data can be tampered with by attackers.
|
| CVE-2026-44417 |
|
Vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417)
vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-47073 |
|
Vulnerability in hackney (CVE-2026-47073)
vulnerability in hackney (CVE-2026-47073). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47067 |
|
Vulnerability in hackney (CVE-2026-47067)
vulnerability in hackney (CVE-2026-47067). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47072 |
|
Vulnerability in hackney (CVE-2026-47072)
vulnerability in hackney (CVE-2026-47072). Data can be tampered with by attackers. Exploitable via `Host header`. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47070 |
|
Open Redirect in hackney (CVE-2026-47070)
vulnerability in hackney (CVE-2026-47070). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47076 |
|
Vulnerability in hackney (CVE-2026-47076)
vulnerability in hackney (CVE-2026-47076). Confidential information can be exposed externally. Exploitable via ``localhost``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47075 |
|
Vulnerability in hackney (CVE-2026-47075)
vulnerability in hackney (CVE-2026-47075). Data can be tampered with by attackers. Exploitable via ``Authorization``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47071 |
|
Vulnerability in hackney (CVE-2026-47071)
vulnerability in hackney (CVE-2026-47071). Risk of unauthorized operations or information disclosure. Exploitable via ``infinity``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47069 |
|
Vulnerability in hackney (CVE-2026-47069)
vulnerability in hackney (CVE-2026-47069). Risk of unauthorized operations or information disclosure. Exploitable via ``Name``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47066 |
|
Vulnerability in hackney (CVE-2026-47066)
vulnerability in hackney (CVE-2026-47066). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_entry``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-5222 |
|
Vulnerability in cargo (CVE-2026-5222)
vulnerability in cargo (CVE-2026-5222). Confidential information can be exposed externally. Exploitable via ``foo``. Mitigation: upgrade to `0.97.0` or later.
|
| CVE-2026-6059 |
|
Cross-Site Scripting (XSS) in jvn (CVE-2026-6059)
cross-site scripting in jvn (CVE-2026-6059). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8652 |
|
OS Command Injection in jvn (CVE-2026-8652)
OS command injection in jvn (CVE-2026-8652). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47124 |
|
Information Disclosure in github.com/nezhahq/nezha (CVE-2026-47124)
vulnerability in github.com/nezhahq/nezha (CVE-2026-47124). Confidential information can be exposed externally. Exploitable via `GET /api/v1/server`. Mitigation: upgrade to `1.14.15-0.20260517034128-05e5da253519` or later.
|
| CVE-2026-46716 |
|
OS Command Injection in github.com/nezhahq/nezha (CVE-2026-46716)
OS command injection in github.com/nezhahq/nezha (CVE-2026-46716). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/cron`. Mitigation: upgrade to `1.14.15-0.20260517022419-d7526351cf97` or later.
|
| CVE-2026-47125 |
|
Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-47125)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-47125). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/environments/{id}/templates/variables`. Mitigation: upgrade to `1.19.2` or later.
|
| CVE-2026-47157 |
|
SSRF (Server-Side Request Forgery) in aiograpi (CVE-2026-47157)
SSRF in aiograpi (CVE-2026-47157). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-47120 |
|
Vulnerability in github.com/nezhahq/nezha (CVE-2026-47120)
vulnerability in github.com/nezhahq/nezha (CVE-2026-47120). Data can be tampered with by attackers. Exploitable via `POST /api/v1/alert-rule`. Mitigation: upgrade to `1.14.15-0.20260517022419-d7526351cf97` or later.
|
| CVE-2026-46717 |
|
Authorization Flaw in github.com/nezhahq/nezha (CVE-2026-46717)
vulnerability in github.com/nezhahq/nezha (CVE-2026-46717). Confidential information can be exposed externally. Exploitable via `POST /api/v1/notification`. Mitigation: upgrade to `1.14.15-0.20260517022419-d06d539d34c1` or later.
|
| CVE-2026-41076 |
|
Authentication Bypass in CVE-2026-41076 (CVE-2026-41076)
authentication bypass in CVE-2026-41076 (CVE-2026-41076). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41074 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-41074)
vulnerability in csrf (CVE-2026-41074). Data can be tampered with by attackers.
|
| CVE-2026-41075 |
|
SQL Injection in sqli (CVE-2026-41075)
SQL injection in sqli (CVE-2026-41075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41071 |
|
Out-of-Bounds Read in struktur (CVE-2026-41071)
vulnerability in struktur (CVE-2026-41071). Confidential information can be exposed externally.
|
| CVE-2026-41069 |
|
Out-of-Bounds Read in dos (CVE-2026-41069)
vulnerability in dos (CVE-2026-41069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40864 |
|
Cross-Site Request Forgery (CSRF) in jupyterhub (CVE-2026-40864)
vulnerability in jupyterhub (CVE-2026-40864). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.4.5` or later.
|
| CVE-2026-45390 |
|
Path Traversal in tar (CVE-2026-45390)
path traversal in tar (CVE-2026-45390). Confidential information can be exposed externally. Mitigation: upgrade to `3.5.0, 51ceb0a15982993503c169b9d84456fd50eabe99` or later.
|
| CVE-2026-40610 |
|
Vulnerability in bentoml (CVE-2026-40610)
vulnerability in bentoml (CVE-2026-40610). Confidential information can be exposed externally. Exploitable via ``src_file``. Mitigation: upgrade to `1.4.39` or later.
|
| CVE-2026-39967 |
|
Vulnerability in CVE-2026-39967 (CVE-2026-39967)
vulnerability in CVE-2026-39967 (CVE-2026-39967). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39968 |
|
Vulnerability in CVE-2026-39968 (CVE-2026-39968)
vulnerability in CVE-2026-39968 (CVE-2026-39968). Confidential information can be exposed externally.
|
| CVE-2026-39824 |
|
Vulnerability in golang.org/x/sys (CVE-2026-39824)
vulnerability in golang.org/x/sys (CVE-2026-39824). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-9255 |
|
Vulnerability in Amazon aws (CVE-2026-9255)
vulnerability in Amazon aws (CVE-2026-9255). Successful exploitation can lead to full system takeover.
|