Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-39047 |
|
Vulnerability in CVE-2026-39047 (CVE-2026-39047)
vulnerability in CVE-2026-39047 (CVE-2026-39047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20199 |
|
Vulnerability in Cisco thousandeyes-virtual-appliance (CVE-2026-20199)
vulnerability in Cisco thousandeyes-virtual-appliance (CVE-2026-20199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20206 |
|
OS Command Injection in cisco (CVE-2026-20206)
OS command injection in cisco (CVE-2026-20206). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20223 |
|
Vulnerability in Cisco secure-workload (CVE-2026-20223)
vulnerability in Cisco secure-workload (CVE-2026-20223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20171 |
|
Vulnerability in Cisco dos (CVE-2026-20171)
vulnerability in Cisco dos (CVE-2026-20171). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35672 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35672)
vulnerability in thorsten/phpmyfaq (CVE-2026-35672). Data can be tampered with by attackers. Exploitable via `POST /api/v4.0/faq/create`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-56268 |
|
Authorization Flaw in flowise (CVE-2026-56268)
vulnerability in flowise (CVE-2026-56268). Confidential information can be exposed externally. Exploitable via ``keyonly``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46430 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-46430)
vulnerability in github.com/xyproto/algernon (CVE-2026-46430). Risk of unauthorized operations or information disclosure. Exploitable via ``http.Server.Addr``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-45792 |
|
Vulnerability in rtk (CVE-2026-45792)
vulnerability in rtk (CVE-2026-45792). Data can be tampered with by attackers. Exploitable via ``strip_lines_matching``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-8467 |
|
Code Injection in phoenix_storybook (CVE-2026-8467)
code injection in phoenix_storybook (CVE-2026-8467). Risk of unauthorized operations or information disclosure. Exploitable via ``Kernel``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-8469 |
|
Vulnerability in phoenix_storybook (CVE-2026-8469)
vulnerability in phoenix_storybook (CVE-2026-8469). Risk of unauthorized operations or information disclosure. Exploitable via ``PhoenixStorybook.Story.Playground``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-24425 |
|
Vulnerability in twig/twig (CVE-2026-24425)
vulnerability in twig/twig (CVE-2026-24425). Successful exploitation can lead to full system takeover. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-22554 |
|
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
|
| CVE-2026-21836 |
|
Vulnerability in CVE-2026-21836 (CVE-2026-21836)
vulnerability in CVE-2026-21836 (CVE-2026-21836). Confidential information can be exposed externally.
|
| CVE-2026-45389 |
|
Vulnerability in tls (CVE-2026-45389)
vulnerability in tls (CVE-2026-45389). Confidential information can be exposed externally. Mitigation: upgrade to `2.1.0, b1a598ef9be83a4f8b0f73a4e2d9730d50906049` or later.
|
| CVE-2026-45388 |
|
Vulnerability in tls (CVE-2026-45388)
vulnerability in tls (CVE-2026-45388). Confidential information can be exposed externally. Mitigation: upgrade to `2.1.0, 6a12247b3fbd747972ad2d35b74d9a89f6404952` or later.
|
| CVE-2026-5946 |
|
Vulnerability in isc (CVE-2026-5946)
vulnerability in isc (CVE-2026-5946). Risk of unauthorized operations or information disclosure. Exploitable via ``named``.
|
| CVE-2026-5947 |
|
Vulnerability in isc (CVE-2026-5947)
vulnerability in isc (CVE-2026-5947). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45584 |
|
Vulnerability in microsoft (CVE-2026-45584)
vulnerability in microsoft (CVE-2026-45584). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45498 KEV |
|
Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
|
| CVE-2026-45443 |
|
Vulnerability in CVE-2026-45443 (CVE-2026-45443)
vulnerability in CVE-2026-45443 (CVE-2026-45443). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42834 |
|
Vulnerability in microsoft (CVE-2026-42834)
vulnerability in microsoft (CVE-2026-42834). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42383 |
|
SQL Injection in sqli (CVE-2026-42383)
SQL injection in sqli (CVE-2026-42383). Confidential information can be exposed externally.
|
| CVE-2026-41091 KEV |
|
[KEV] Vulnerability in Microsoft malware-protection-engine (CVE-2026-41091)
vulnerability in Microsoft malware-protection-engine (CVE-2026-41091). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-3039 |
|
Vulnerability in isc (CVE-2026-3039)
vulnerability in isc (CVE-2026-3039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3593 |
|
Use-After-Free in isc (CVE-2026-3593)
vulnerability in isc (CVE-2026-3593). Confidential information can be exposed externally.
|
| CVE-2026-29518 |
|
Vulnerability in privilege-escalation (CVE-2026-29518)
vulnerability in privilege-escalation (CVE-2026-29518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24573 |
|
Cross-Site Scripting (XSS) in CVE-2026-24573 (CVE-2026-24573)
cross-site scripting in CVE-2026-24573 (CVE-2026-24573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27405 |
|
Vulnerability in CVE-2026-27405 (CVE-2026-27405)
vulnerability in CVE-2026-27405 (CVE-2026-27405). Data can be tampered with by attackers.
|
| CVE-2026-27424 |
|
Vulnerability in CVE-2026-27424 (CVE-2026-27424)
vulnerability in CVE-2026-27424 (CVE-2026-27424). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11954 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-11954)
vulnerability in csrf (CVE-2025-11954). Successful exploitation can lead to full system takeover.
|
| CVE-2025-31985 |
|
Information Disclosure in hcltech (CVE-2025-31985)
vulnerability in hcltech (CVE-2025-31985). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22314 |
|
Code Injection in CVE-2026-22314 (CVE-2026-22314)
code injection in CVE-2026-22314 (CVE-2026-22314). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0856 |
|
Vulnerability in CVE-2026-0856 (CVE-2026-0856)
vulnerability in CVE-2026-0856 (CVE-2026-0856). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9064 |
|
Vulnerability in dos (CVE-2026-9064)
vulnerability in dos (CVE-2026-9064). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6728 |
|
Information Disclosure in wordpress (CVE-2026-6728)
vulnerability in wordpress (CVE-2026-6728). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44933 |
|
Vulnerability in CVE-2026-44933 (CVE-2026-44933)
vulnerability in CVE-2026-44933 (CVE-2026-44933). Successful exploitation can lead to full system takeover. Exploitable via ``PluginScript``.
|
| CVE-2026-42959 |
|
Vulnerability in c (CVE-2026-42959)
vulnerability in c (CVE-2026-42959). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42944 |
|
Vulnerability in nlnetlabs (CVE-2026-42944)
vulnerability in nlnetlabs (CVE-2026-42944). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41292 |
|
Vulnerability in dos (CVE-2026-41292)
vulnerability in dos (CVE-2026-41292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41054 |
|
Vulnerability in c (CVE-2026-41054)
vulnerability in c (CVE-2026-41054). Successful exploitation can lead to full system takeover. Exploitable via ``socket_handler``.
|
| CVE-2026-35070 |
|
Command Injection in CVE-2026-35070 (CVE-2026-35070)
command injection in CVE-2026-35070 (CVE-2026-35070). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32792 |
|
Out-of-Bounds Read in dos (CVE-2026-32792)
vulnerability in dos (CVE-2026-32792). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33278 |
|
Use-After-Free in dos (CVE-2026-33278)
vulnerability in dos (CVE-2026-33278). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9065 |
|
SQL Injection in wordpress (CVE-2026-9065)
SQL injection in wordpress (CVE-2026-9065). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9059 |
|
SQL Injection in sqli (CVE-2026-9059)
SQL injection in sqli (CVE-2026-9059). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44392 |
|
Vulnerability in jvn (CVE-2026-44392)
vulnerability in jvn (CVE-2026-44392). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6405 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6405)
vulnerability in wordpress (CVE-2026-6405). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5200 |
|
Vulnerability in wordpress (CVE-2026-5200)
vulnerability in wordpress (CVE-2026-5200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47783 |
|
Vulnerability in memcached (CVE-2026-47783)
vulnerability in memcached (CVE-2026-47783). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.6.42` or later.
|