Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-8239 Vulnerability in concrete5/concrete5 (CVE-2026-8239)
vulnerability in concrete5/concrete5 (CVE-2026-8239). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8240 Vulnerability in concrete5/concrete5 (CVE-2026-8240)
vulnerability in concrete5/concrete5 (CVE-2026-8240). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8236 Vulnerability in concrete5/concrete5 (CVE-2026-8236)
vulnerability in concrete5/concrete5 (CVE-2026-8236). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8237 Vulnerability in concrete5/concrete5 (CVE-2026-8237)
vulnerability in concrete5/concrete5 (CVE-2026-8237). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8238 Vulnerability in concrete5/concrete5 (CVE-2026-8238)
vulnerability in concrete5/concrete5 (CVE-2026-8238). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-7890 SSRF (Server-Side Request Forgery) in concrete5/concrete5 (CVE-2026-7890)
SSRF in concrete5/concrete5 (CVE-2026-7890). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8139 Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8139)
cross-site scripting in concrete5/concrete5 (CVE-2026-8139). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-7882 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-7882)
vulnerability in concrete5/concrete5 (CVE-2026-7882). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-7887 Vulnerability in concrete5/concrete5 (CVE-2026-7887)
vulnerability in concrete5/concrete5 (CVE-2026-7887). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-6960 Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
CVE-2026-7879 Vulnerability in concrete5/concrete5 (CVE-2026-7879)
vulnerability in concrete5/concrete5 (CVE-2026-7879). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-4093 Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
CVE-2026-4929 Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
CVE-2026-5091 Vulnerability in CVE-2026-5091 (CVE-2026-5091)
vulnerability in CVE-2026-5091 (CVE-2026-5091). Risk of unauthorized operations or information disclosure.
CVE-2026-22678 Cross-Site Scripting (XSS) in CVE-2026-22678 (CVE-2026-22678)
cross-site scripting in CVE-2026-22678 (CVE-2026-22678). Risk of unauthorized operations or information disclosure.
CVE-2026-46680 Privilege Escalation in github.com/containerd/containerd (CVE-2026-46680)
vulnerability in github.com/containerd/containerd (CVE-2026-46680). Successful exploitation can lead to full system takeover. Exploitable via ``User``. Mitigation: upgrade to `1.7.32` or later.
CVE-2026-46679 Vulnerability in @libp2p/gossipsub (CVE-2026-46679)
vulnerability in @libp2p/gossipsub (CVE-2026-46679). Risk of unauthorized operations or information disclosure. Exploitable via ``handleReceivedSubscription``. Mitigation: upgrade to `15.0.23` or later.
CVE-2026-46645 Vulnerability in sqladmin (CVE-2026-46645)
vulnerability in sqladmin (CVE-2026-46645). Risk of unauthorized operations or information disclosure. Exploitable via `GET /{identity}/ajax/lookup`. Mitigation: upgrade to `0.25.1` or later.
CVE-2026-8350 Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8428 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8426 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8417 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8421 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8205 Vulnerability in concrete5/concrete5 (CVE-2026-8205)
vulnerability in concrete5/concrete5 (CVE-2026-8205). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8203 Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8203)
cross-site scripting in concrete5/concrete5 (CVE-2026-8203). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8197 Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8134 Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-47102 Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
CVE-2026-8135 Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-6826 Information Disclosure in concrete5/concrete5 (CVE-2026-6826)
vulnerability in concrete5/concrete5 (CVE-2026-6826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-8140 Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-47101 Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
CVE-2026-46625 Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
CVE-2026-46673 Vulnerability in russh-cryptovec (CVE-2026-46673)
vulnerability in russh-cryptovec (CVE-2026-46673). Risk of unauthorized operations or information disclosure. Exploitable via ``CryptoVec``. Mitigation: upgrade to `0.60.3` or later.
CVE-2026-46609 Cross-Site Scripting (XSS) in Umbraco.Cms (CVE-2026-46609)
cross-site scripting in Umbraco.Cms (CVE-2026-46609). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.4.0` or later.
CVE-2026-46553 Vulnerability in nocodb (CVE-2026-46553)
vulnerability in nocodb (CVE-2026-46553). Risk of unauthorized operations or information disclosure. Exploitable via ``NC_ATTACHMENT_FIELD_SIZE``.
CVE-2026-46552 Vulnerability in nocodb (CVE-2026-46552)
vulnerability in nocodb (CVE-2026-46552). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v2/meta/bases/`.
CVE-2026-46551 Vulnerability in nocodb (CVE-2026-46551)
vulnerability in nocodb (CVE-2026-46551). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/db/storage/upload-by-url`.
CVE-2026-46549 Authorization Flaw in nocodb (CVE-2026-46549)
vulnerability in nocodb (CVE-2026-46549). Risk of unauthorized operations or information disclosure. Exploitable via ``oauth_scope``.
CVE-2026-46548 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-46548)
SSRF in nocodb (CVE-2026-46548). Risk of unauthorized operations or information disclosure. Exploitable via ``httpAgent``.
CVE-2026-46547 Cross-Site Scripting (XSS) in nocodb (CVE-2026-46547)
cross-site scripting in nocodb (CVE-2026-46547). Risk of unauthorized operations or information disclosure. Exploitable via ``ncRedirectUrl``.
CVE-2026-46519 Authorization Flaw in mcp-server-kubernetes (CVE-2026-46519)
vulnerability in mcp-server-kubernetes (CVE-2026-46519). Successful exploitation can lead to full system takeover. Exploitable via ``ALLOW_ONLY_READONLY_TOOLS``. Mitigation: upgrade to `3.6.0` or later.
CVE-2026-46668 Vulnerability in github.com/authzed/spicedb (CVE-2026-46668)
vulnerability in github.com/authzed/spicedb (CVE-2026-46668). Risk of unauthorized operations or information disclosure. Exploitable via ``lr3``. Mitigation: upgrade to `1.52.0` or later.
CVE-2026-46643 OS Command Injection in KnpLabs/knp-snappy (CVE-2026-46643)
OS command injection in KnpLabs/knp-snappy (CVE-2026-46643). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.1` or later.
CVE-2026-46683 SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
CVE-2026-46618 Vulnerability in github.com/fission/fission (CVE-2026-46618)
vulnerability in github.com/fission/fission (CVE-2026-46618). Risk of unauthorized operations or information disclosure. Exploitable via ``Environment.spec.builder.command``. Mitigation: upgrade to `1.23.0` or later.
CVE-2026-47114 Vulnerability in CVE-2026-47114 (CVE-2026-47114)
vulnerability in CVE-2026-47114 (CVE-2026-47114). Successful exploitation can lead to full system takeover.
CVE-2026-4843 Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
CVE-2026-46617 Vulnerability in github.com/fission/fission (CVE-2026-46617)
vulnerability in github.com/fission/fission (CVE-2026-46617). Risk of unauthorized operations or information disclosure. Exploitable via ``get``. Mitigation: upgrade to `1.23.0` or later.
CVE-2026-46614 Vulnerability in github.com/fission/fission (CVE-2026-46614)
vulnerability in github.com/fission/fission (CVE-2026-46614). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v2/foo`. Mitigation: upgrade to `1.23.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →