Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8239 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8239)
vulnerability in concrete5/concrete5 (CVE-2026-8239). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8240 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8240)
vulnerability in concrete5/concrete5 (CVE-2026-8240). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8236 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8236)
vulnerability in concrete5/concrete5 (CVE-2026-8236). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8237 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8237)
vulnerability in concrete5/concrete5 (CVE-2026-8237). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8238 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8238)
vulnerability in concrete5/concrete5 (CVE-2026-8238). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-7890 |
|
SSRF (Server-Side Request Forgery) in concrete5/concrete5 (CVE-2026-7890)
SSRF in concrete5/concrete5 (CVE-2026-7890). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8139 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8139)
cross-site scripting in concrete5/concrete5 (CVE-2026-8139). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-7882 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-7882)
vulnerability in concrete5/concrete5 (CVE-2026-7882). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-7887 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7887)
vulnerability in concrete5/concrete5 (CVE-2026-7887). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-6960 |
|
Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7879 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7879)
vulnerability in concrete5/concrete5 (CVE-2026-7879). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-4093 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4929 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4929)
cross-site scripting in drupal (CVE-2026-4929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5091 |
|
Vulnerability in CVE-2026-5091 (CVE-2026-5091)
vulnerability in CVE-2026-5091 (CVE-2026-5091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22678 |
|
Cross-Site Scripting (XSS) in CVE-2026-22678 (CVE-2026-22678)
cross-site scripting in CVE-2026-22678 (CVE-2026-22678). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46680 |
|
Privilege Escalation in github.com/containerd/containerd (CVE-2026-46680)
vulnerability in github.com/containerd/containerd (CVE-2026-46680). Successful exploitation can lead to full system takeover. Exploitable via ``User``. Mitigation: upgrade to `1.7.32` or later.
|
| CVE-2026-46679 |
|
Vulnerability in @libp2p/gossipsub (CVE-2026-46679)
vulnerability in @libp2p/gossipsub (CVE-2026-46679). Risk of unauthorized operations or information disclosure. Exploitable via ``handleReceivedSubscription``. Mitigation: upgrade to `15.0.23` or later.
|
| CVE-2026-46645 |
|
Vulnerability in sqladmin (CVE-2026-46645)
vulnerability in sqladmin (CVE-2026-46645). Risk of unauthorized operations or information disclosure. Exploitable via `GET /{identity}/ajax/lookup`. Mitigation: upgrade to `0.25.1` or later.
|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8205 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8205)
vulnerability in concrete5/concrete5 (CVE-2026-8205). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8203 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8203)
cross-site scripting in concrete5/concrete5 (CVE-2026-8203). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8197 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8134 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47102 |
|
Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-6826 |
|
Information Disclosure in concrete5/concrete5 (CVE-2026-6826)
vulnerability in concrete5/concrete5 (CVE-2026-6826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8140 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47101 |
|
Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
|
| CVE-2026-46625 |
|
Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
|
| CVE-2026-46673 |
|
Vulnerability in russh-cryptovec (CVE-2026-46673)
vulnerability in russh-cryptovec (CVE-2026-46673). Risk of unauthorized operations or information disclosure. Exploitable via ``CryptoVec``. Mitigation: upgrade to `0.60.3` or later.
|
| CVE-2026-46609 |
|
Cross-Site Scripting (XSS) in Umbraco.Cms (CVE-2026-46609)
cross-site scripting in Umbraco.Cms (CVE-2026-46609). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.4.0` or later.
|
| CVE-2026-46553 |
|
Vulnerability in nocodb (CVE-2026-46553)
vulnerability in nocodb (CVE-2026-46553). Risk of unauthorized operations or information disclosure. Exploitable via ``NC_ATTACHMENT_FIELD_SIZE``.
|
| CVE-2026-46552 |
|
Vulnerability in nocodb (CVE-2026-46552)
vulnerability in nocodb (CVE-2026-46552). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v2/meta/bases/`.
|
| CVE-2026-46551 |
|
Vulnerability in nocodb (CVE-2026-46551)
vulnerability in nocodb (CVE-2026-46551). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/db/storage/upload-by-url`.
|
| CVE-2026-46549 |
|
Authorization Flaw in nocodb (CVE-2026-46549)
vulnerability in nocodb (CVE-2026-46549). Risk of unauthorized operations or information disclosure. Exploitable via ``oauth_scope``.
|
| CVE-2026-46548 |
|
SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-46548)
SSRF in nocodb (CVE-2026-46548). Risk of unauthorized operations or information disclosure. Exploitable via ``httpAgent``.
|
| CVE-2026-46547 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-46547)
cross-site scripting in nocodb (CVE-2026-46547). Risk of unauthorized operations or information disclosure. Exploitable via ``ncRedirectUrl``.
|
| CVE-2026-46519 |
|
Authorization Flaw in mcp-server-kubernetes (CVE-2026-46519)
vulnerability in mcp-server-kubernetes (CVE-2026-46519). Successful exploitation can lead to full system takeover. Exploitable via ``ALLOW_ONLY_READONLY_TOOLS``. Mitigation: upgrade to `3.6.0` or later.
|
| CVE-2026-46668 |
|
Vulnerability in github.com/authzed/spicedb (CVE-2026-46668)
vulnerability in github.com/authzed/spicedb (CVE-2026-46668). Risk of unauthorized operations or information disclosure. Exploitable via ``lr3``. Mitigation: upgrade to `1.52.0` or later.
|
| CVE-2026-46643 |
|
OS Command Injection in KnpLabs/knp-snappy (CVE-2026-46643)
OS command injection in KnpLabs/knp-snappy (CVE-2026-46643). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-46683 |
|
SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2026-46618 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46618)
vulnerability in github.com/fission/fission (CVE-2026-46618). Risk of unauthorized operations or information disclosure. Exploitable via ``Environment.spec.builder.command``. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-47114 |
|
Vulnerability in CVE-2026-47114 (CVE-2026-47114)
vulnerability in CVE-2026-47114 (CVE-2026-47114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4843 |
|
Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46617 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46617)
vulnerability in github.com/fission/fission (CVE-2026-46617). Risk of unauthorized operations or information disclosure. Exploitable via ``get``. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-46614 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46614)
vulnerability in github.com/fission/fission (CVE-2026-46614). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v2/foo`. Mitigation: upgrade to `1.23.0` or later.
|