Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43618 |
|
Out-of-Bounds Read in samba (CVE-2026-43618)
vulnerability in samba (CVE-2026-43618). Confidential information can be exposed externally.
|
| CVE-2026-43620 |
|
Out-of-Bounds Read in c (CVE-2026-43620)
vulnerability in c (CVE-2026-43620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3985 |
|
SQL Injection in wordpress (CVE-2026-3985)
SQL injection in wordpress (CVE-2026-3985). Confidential information can be exposed externally.
|
| CVE-2026-45585 |
|
Command Injection in microsoft (CVE-2026-45585)
command injection in microsoft (CVE-2026-45585). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35593 |
|
Path Traversal in CVE-2026-35593 (CVE-2026-35593)
path traversal in CVE-2026-35593 (CVE-2026-35593). Confidential information can be exposed externally.
|
| CVE-2026-39309 |
|
Vulnerability in CVE-2026-39309 (CVE-2026-39309)
vulnerability in CVE-2026-39309 (CVE-2026-39309). Confidential information can be exposed externally.
|
| CVE-2009-1537 KEV |
|
[KEV] Vulnerability in Microsoft directx (CVE-2009-1537)
vulnerability in Microsoft directx (CVE-2009-1537). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2010-0806 KEV |
|
[KEV] Vulnerability in Microsoft internet-explorer (CVE-2010-0806)
vulnerability in Microsoft internet-explorer (CVE-2010-0806). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2008-4250 KEV |
|
[KEV] Code Injection in Microsoft windows-2000 (CVE-2008-4250)
code injection in Microsoft windows-2000 (CVE-2008-4250). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2009-3459 KEV |
|
[KEV] Buffer Overflow in Adobe acrobat (CVE-2009-3459)
vulnerability in Adobe acrobat (CVE-2009-3459). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6365 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6367 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
|
| CVE-2026-6871 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6095 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34600 |
|
Information Disclosure in CVE-2026-34600 (CVE-2026-34600)
vulnerability in CVE-2026-34600 (CVE-2026-34600). Confidential information can be exposed externally.
|
| CVE-2026-5090 |
|
Cross-Site Scripting (XSS) in CVE-2026-5090 (CVE-2026-5090)
cross-site scripting in CVE-2026-5090 (CVE-2026-5090). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34241 |
|
Cross-Site Scripting (XSS) in CVE-2026-34241 (CVE-2026-34241)
cross-site scripting in CVE-2026-34241 (CVE-2026-34241). Confidential information can be exposed externally.
|
| CVE-2026-34234 |
|
OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34358 |
|
Vulnerability in privilege-escalation (CVE-2026-34358)
vulnerability in privilege-escalation (CVE-2026-34358). Confidential information can be exposed externally.
|
| CVE-2024-36343 |
|
Vulnerability in CVE-2024-36343 (CVE-2024-36343)
vulnerability in CVE-2024-36343 (CVE-2024-36343). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-7345 |
|
Vulnerability in CVE-2023-7345 (CVE-2023-7345)
vulnerability in CVE-2023-7345 (CVE-2023-7345). Data can be tampered with by attackers.
|
| CVE-2026-39250 |
|
Vulnerability in CVE-2026-39250 (CVE-2026-39250)
vulnerability in CVE-2026-39250 (CVE-2026-39250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32814 |
|
Information Disclosure in CVE-2026-32814 (CVE-2026-32814)
vulnerability in CVE-2026-32814 (CVE-2026-32814). Confidential information can be exposed externally.
|
| CVE-2026-34233 |
|
Vulnerability in CVE-2026-34233 (CVE-2026-34233)
vulnerability in CVE-2026-34233 (CVE-2026-34233). Confidential information can be exposed externally.
|
| CVE-2026-32741 |
|
Vulnerability in CVE-2026-32741 (CVE-2026-32741)
vulnerability in CVE-2026-32741 (CVE-2026-32741). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32882 |
|
Out-of-Bounds Read in dos (CVE-2026-32882)
vulnerability in dos (CVE-2026-32882). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34216 |
|
Vulnerability in CVE-2026-34216 (CVE-2026-34216)
vulnerability in CVE-2026-34216 (CVE-2026-34216). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57798 |
|
Vulnerability in dos (CVE-2025-57798)
vulnerability in dos (CVE-2025-57798). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46417 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-46417)
SSRF in @angular/platform-server (CVE-2026-46417). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerPlatformLocation``.
|
| CVE-2026-42526 |
|
Authorization Flaw in apache-airflow-providers-amazon (CVE-2026-42526)
vulnerability in apache-airflow-providers-amazon (CVE-2026-42526). Confidential information can be exposed externally. Exploitable via ``conn_id``. Mitigation: upgrade to `9.28.0` or later.
|
| CVE-2026-32740 |
|
Out-of-Bounds Write in struktur (CVE-2026-32740)
out-of-bounds write in struktur (CVE-2026-32740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32739 |
|
Vulnerability in dos (CVE-2026-32739)
vulnerability in dos (CVE-2026-32739). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46374 |
|
Vulnerability in sqlfluff (CVE-2026-46374)
vulnerability in sqlfluff (CVE-2026-46374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-46372 |
|
SSRF (Server-Side Request Forgery) in sillytavern (CVE-2026-46372)
SSRF in sillytavern (CVE-2026-46372). Confidential information can be exposed externally. Exploitable via `POST /api/search/searxng`. Mitigation: upgrade to `1.18.0` or later.
|
| CVE-2026-45783 |
|
Vulnerability in @libp2p/kad-dht (CVE-2026-45783)
vulnerability in @libp2p/kad-dht (CVE-2026-45783). Risk of unauthorized operations or information disclosure. Exploitable via ``PUT_VALUE``. Mitigation: upgrade to `16.2.6` or later.
|
| CVE-2026-46354 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-46354)
vulnerability in github.com/coder/coder/v2 (CVE-2026-46354). Confidential information can be exposed externally. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
|
| CVE-2026-46342 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-46342)
cross-site scripting in nuxt (CVE-2026-46342). Risk of unauthorized operations or information disclosure. Exploitable via ``props``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45802 |
|
Vulnerability in setasign/fpdi (CVE-2026-45802)
vulnerability in setasign/fpdi (CVE-2026-45802). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.7` or later.
|
| CVE-2026-45796 |
|
SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
SSRF in github.com/coder/coder/v2 (CVE-2026-45796). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
|
| CVE-2026-46357 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357). Risk of unauthorized operations or information disclosure. Exploitable via ``createSite``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-8370 |
|
Vulnerability in privilege-escalation (CVE-2026-8370)
vulnerability in privilege-escalation (CVE-2026-8370). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8073 |
|
Vulnerability in wordpress (CVE-2026-8073)
vulnerability in wordpress (CVE-2026-8073). Confidential information can be exposed externally.
|
| CVE-2026-8096 |
|
Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
|
| CVE-2026-41470 |
|
Authorization Flaw in CVE-2026-41470 (CVE-2026-41470)
vulnerability in CVE-2026-41470 (CVE-2026-41470). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34154 |
|
Vulnerability in discourse (CVE-2026-34154)
vulnerability in discourse (CVE-2026-34154). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.1.4, 2026.3.1, 2026.4.1` or later.
|
| CVE-2026-33741 |
|
Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
cross-site scripting in CVE-2026-33741 (CVE-2026-33741). Confidential information can be exposed externally.
|
| CVE-2026-33642 |
|
Out-of-Bounds Read in c (CVE-2026-33642)
vulnerability in c (CVE-2026-33642). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32738 |
|
Out-of-Bounds Read in dos (CVE-2026-32738)
vulnerability in dos (CVE-2026-32738). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8605 |
|
Vulnerability in scadabr (CVE-2026-8605)
vulnerability in scadabr (CVE-2026-8605). Successful exploitation can lead to full system takeover.
|