Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48213 |
|
Cross-Site Scripting (XSS) in CVE-2026-48213 (CVE-2026-48213)
cross-site scripting in CVE-2026-48213 (CVE-2026-48213). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46492 |
|
Vulnerability in md-fileserver (CVE-2026-46492)
vulnerability in md-fileserver (CVE-2026-46492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.3` or later.
|
| CVE-2026-46432 |
|
Code Injection in lmdeploy (CVE-2026-46432)
code injection in lmdeploy (CVE-2026-46432). Successful exploitation can lead to full system takeover. Exploitable via ``model_path``. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-46490 |
|
Vulnerability in samlify (CVE-2026-46490)
vulnerability in samlify (CVE-2026-46490). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-46486 |
|
Path Traversal in mvt (CVE-2026-46486)
path traversal in mvt (CVE-2026-46486). Risk of unauthorized operations or information disclosure. Exploitable via ``fileID``. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-48989 |
|
Vulnerability in windows-mcp (CVE-2026-48989)
vulnerability in windows-mcp (CVE-2026-48989). Risk of unauthorized operations or information disclosure. Exploitable via ``PowerShell``. Mitigation: upgrade to `0.7.5` or later.
|
| CVE-2026-9089 |
|
Vulnerability in CVE-2026-9089 (CVE-2026-9089)
vulnerability in CVE-2026-9089 (CVE-2026-9089). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39531 |
|
SQL Injection in sqli (CVE-2026-39531)
SQL injection in sqli (CVE-2026-39531). Confidential information can be exposed externally.
|
| CVE-2026-36189 |
|
Vulnerability in cpp (CVE-2026-36189)
vulnerability in cpp (CVE-2026-36189). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45208 |
|
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker...
A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker...
|
| CVE-2026-34926 KEV |
|
[KEV] Vulnerability in Trend micro path-traversal (CVE-2026-34926)
vulnerability in Trend micro path-traversal (CVE-2026-34926). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-2740 |
|
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and...
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and...
|
| CVE-2025-71215 |
|
Vulnerability in trendmicro (CVE-2025-71215)
vulnerability in trendmicro (CVE-2025-71215). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71216 |
|
Vulnerability in trendmicro (CVE-2025-71216)
vulnerability in trendmicro (CVE-2025-71216). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13477 |
|
Vulnerability in CVE-2025-13477 (CVE-2025-13477)
vulnerability in CVE-2025-13477 (CVE-2025-13477). Confidential information can be exposed externally.
|
| CVE-2025-71212 |
|
Vulnerability in CVE-2025-71212 (CVE-2025-71212)
vulnerability in CVE-2025-71212 (CVE-2025-71212). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71210 |
|
Path Traversal in CVE-2025-71210 (CVE-2025-71210)
path traversal in CVE-2025-71210 (CVE-2025-71210). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71211 |
|
Path Traversal in CVE-2025-71211 (CVE-2025-71211)
path traversal in CVE-2025-71211 (CVE-2025-71211). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5118 |
|
Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6841 |
|
Cross-Site Scripting (XSS) in bestpractical (CVE-2026-6841)
cross-site scripting in bestpractical (CVE-2026-6841). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43497 |
|
Use-After-Free in linux (CVE-2026-43497)
vulnerability in linux (CVE-2026-43497). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43499 |
|
Use-After-Free in linux (CVE-2026-43499)
vulnerability in linux (CVE-2026-43499). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43498 |
|
Out-of-Bounds Write in linux (CVE-2026-43498)
out-of-bounds write in linux (CVE-2026-43498). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43501 |
|
Out-of-Bounds Write in linux (CVE-2026-43501)
out-of-bounds write in linux (CVE-2026-43501). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45760 |
|
Vulnerability in github.com/apache/camel-k/v2 (CVE-2026-45760)
vulnerability in github.com/apache/camel-k/v2 (CVE-2026-45760). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.10.1` or later.
|
| CVE-2026-43495 |
|
Out-of-Bounds Read in linux (CVE-2026-43495)
vulnerability in linux (CVE-2026-43495). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43496 |
|
Vulnerability in linux (CVE-2026-43496)
vulnerability in linux (CVE-2026-43496). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0393 |
|
Vulnerability in codesys (CVE-2026-0393)
vulnerability in codesys (CVE-2026-0393). Confidential information can be exposed externally.
|
| CVE-2026-47261 |
|
Vulnerability in wasmtime-wasi (CVE-2026-47261)
vulnerability in wasmtime-wasi (CVE-2026-47261). Data can be tampered with by attackers. Exploitable via ``path_open``. Mitigation: upgrade to `24.0.9` or later.
|
| CVE-2026-45253 |
|
Out-of-Bounds Write in freebsd (CVE-2026-45253)
out-of-bounds write in freebsd (CVE-2026-45253). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45252 |
|
Vulnerability in freebsd (CVE-2026-45252)
vulnerability in freebsd (CVE-2026-45252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45254 |
|
Privilege Escalation in freebsd (CVE-2026-45254)
vulnerability in freebsd (CVE-2026-45254). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45255 |
|
OS Command Injection in freebsd (CVE-2026-45255)
OS command injection in freebsd (CVE-2026-45255). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45251 |
|
Use-After-Free in freebsd (CVE-2026-45251)
vulnerability in freebsd (CVE-2026-45251). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42000 |
|
Insufficient Validation of Names During AXFR
Insufficient Validation of Names During AXFR
|
| CVE-2026-42396 |
|
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
|
| CVE-2026-42001 |
|
Insufficient Validation of Autoprimary SOA Queries
Insufficient Validation of Autoprimary SOA Queries
|
| CVE-2026-41999 |
|
Incorrect Behaviour of Views with TCP PROXY Requests
Incorrect Behaviour of Views with TCP PROXY Requests
|
| CVE-2026-39461 |
|
Vulnerability in freebsd (CVE-2026-39461)
vulnerability in freebsd (CVE-2026-39461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28764 |
|
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
|
| CVE-2026-27349 |
|
Vulnerability in CVE-2026-27349 (CVE-2026-27349)
vulnerability in CVE-2026-27349 (CVE-2026-27349). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7837 |
|
Vulnerability in CVE-2026-7837 (CVE-2026-7837)
vulnerability in CVE-2026-7837 (CVE-2026-7837). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45250 |
|
Vulnerability in freebsd (CVE-2026-45250)
vulnerability in freebsd (CVE-2026-45250). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9157 |
|
Vulnerability in CVE-2026-9157 (CVE-2026-9157)
vulnerability in CVE-2026-9157 (CVE-2026-9157). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44071 |
|
Vulnerability in dos (CVE-2026-44071)
vulnerability in dos (CVE-2026-44071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27393 |
|
Vulnerability in CVE-2026-27393 (CVE-2026-27393)
vulnerability in CVE-2026-27393 (CVE-2026-27393). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4858 |
|
Path Traversal in github.com/mattermost/mattermost-server (CVE-2026-4858)
path traversal in github.com/mattermost/mattermost-server (CVE-2026-4858). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.11.15` or later.
|
| CVE-2026-22880 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-22880 (CVE-2026-22880)
vulnerability in CVE-2026-22880 (CVE-2026-22880). Confidential information can be exposed externally.
|
| CVE-2026-7835 |
|
Vulnerability in dos (CVE-2026-7835)
vulnerability in dos (CVE-2026-7835). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4055 |
|
Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-4055)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-4055). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.0-20260320113102-f2b3d1c6a945` or later.
|