Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8604 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-8604)
vulnerability in csrf (CVE-2026-8604). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8603 |
|
OS Command Injection in scadabr (CVE-2026-8603)
OS command injection in scadabr (CVE-2026-8603). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6009 |
|
Unsafe Deserialization in net.sf.jasperreports:jasperreports (CVE-2026-6009)
vulnerability in net.sf.jasperreports:jasperreports (CVE-2026-6009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.7` or later.
|
| CVE-2026-47107 |
|
Vulnerability in CVE-2026-47107 (CVE-2026-47107)
vulnerability in CVE-2026-47107 (CVE-2026-47107). Confidential information can be exposed externally.
|
| CVE-2026-32134 |
|
Vulnerability in CVE-2026-32134 (CVE-2026-32134)
vulnerability in CVE-2026-32134 (CVE-2026-32134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33633 |
|
Vulnerability in dos (CVE-2026-33633)
vulnerability in dos (CVE-2026-33633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47358 |
|
Vulnerability in ssrf (CVE-2026-47358)
vulnerability in ssrf (CVE-2026-47358). Confidential information can be exposed externally.
|
| CVE-2026-5511 |
|
Vulnerability in tp-link (CVE-2026-5511)
vulnerability in tp-link (CVE-2026-5511). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36828 |
|
OS Command Injection in CVE-2026-36828 (CVE-2026-36828)
OS command injection in CVE-2026-36828 (CVE-2026-36828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47356 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
SSRF in ssrf (CVE-2026-47356). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan`.
|
| CVE-2026-47357 |
|
Vulnerability in ssrf (CVE-2026-47357)
vulnerability in ssrf (CVE-2026-47357). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan`.
|
| CVE-2026-36829 |
|
Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36827 |
|
OS Command Injection in CVE-2026-36827 (CVE-2026-36827)
OS command injection in CVE-2026-36827 (CVE-2026-36827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46426 |
|
Unrestricted File Upload in budibase (CVE-2026-46426)
vulnerability in budibase (CVE-2026-46426). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/process`. Mitigation: upgrade to `3.38.2` or later.
|
| CVE-2026-8602 |
|
Vulnerability in cisa (CVE-2026-8602)
vulnerability in cisa (CVE-2026-8602). Data can be tampered with by attackers.
|
| CVE-2026-8598 |
|
Vulnerability in cisa (CVE-2026-8598)
vulnerability in cisa (CVE-2026-8598). Confidential information can be exposed externally.
|
| CVE-2026-46424 |
|
Privilege Escalation in @budibase/backend-core (CVE-2026-46424)
vulnerability in @budibase/backend-core (CVE-2026-46424). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/public/v1/roles/unassign`. Mitigation: upgrade to `3.38.2` or later.
|
| CVE-2026-46337 |
|
Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
|
| CVE-2026-56348 |
|
SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-8706 |
|
Information Disclosure in mozilla (CVE-2026-8706)
vulnerability in mozilla (CVE-2026-8706). Confidential information can be exposed externally.
|
| CVE-2026-37281 |
|
OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31069 |
|
SQL Injection in billabear/billabear (CVE-2026-31069)
SQL injection in billabear/billabear (CVE-2026-31069). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31071 |
|
Vulnerability in CVE-2026-31071 (CVE-2026-31071)
vulnerability in CVE-2026-31071 (CVE-2026-31071). Confidential information can be exposed externally.
|
| CVE-2026-31070 |
|
Privilege Escalation in CVE-2026-31070 (CVE-2026-31070)
vulnerability in CVE-2026-31070 (CVE-2026-31070). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31072 |
|
Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30118 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30117 |
|
Code Injection in CVE-2026-30117 (CVE-2026-30117)
code injection in CVE-2026-30117 (CVE-2026-30117). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45739 |
|
Information Disclosure in strawberry-graphql (CVE-2026-45739)
vulnerability in strawberry-graphql (CVE-2026-45739). Risk of unauthorized operations or information disclosure. Exploitable via ``parameters``. Mitigation: upgrade to `0.315.4` or later.
|
| CVE-2026-45692 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692). Risk of unauthorized operations or information disclosure. Exploitable via `GET /config/apps/http/servers/srv/routes/0`. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45670 |
|
Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45758 |
|
Vulnerability in guardrails-ai (CVE-2026-45758)
vulnerability in guardrails-ai (CVE-2026-45758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45581 |
|
Vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581)
vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581). Confidential information can be exposed externally. Mitigation: upgrade to `2.5.10` or later.
|
| CVE-2026-45571 |
|
Path Traversal in github.com/go-git/go-git/v5 (CVE-2026-45571)
path traversal in github.com/go-git/go-git/v5 (CVE-2026-45571). Risk of unauthorized operations or information disclosure. Exploitable via ``Storer``. Mitigation: upgrade to `5.19.1` or later.
|
| CVE-2026-45557 |
|
Vulnerability in CVE-2026-45557 (CVE-2026-45557)
vulnerability in CVE-2026-45557 (CVE-2026-45557). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.0` or later.
|
| CVE-2026-47100 |
|
Vulnerability in CVE-2026-47100 (CVE-2026-47100)
vulnerability in CVE-2026-47100 (CVE-2026-47100). Data can be tampered with by attackers.
|
| CVE-2026-8711 |
|
Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
|
| CVE-2025-51427 |
|
Code Injection in modelscope (CVE-2025-51427)
code injection in modelscope (CVE-2025-51427). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.27.0` or later.
|
| CVE-2026-2586 |
|
Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2025-70950 |
|
Path Traversal in github.com/itang/gohttp (CVE-2025-70950)
path traversal in github.com/itang/gohttp (CVE-2025-70950). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34883 |
|
Vulnerability in c (CVE-2026-34883)
vulnerability in c (CVE-2026-34883). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2587 |
|
Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-45570 |
|
Vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570)
vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570). Successful exploitation can lead to full system takeover. Exploitable via ``sq_quote_buf``. Mitigation: upgrade to `5.19.1` or later.
|
| CVE-2026-46511 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46396 |
|
Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46395 |
|
Information Disclosure in @haxtheweb/haxcms-nodejs (CVE-2026-46395)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46395). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46391 |
|
Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46496 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46393 |
|
SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-45721 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-45728 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45728)
vulnerability in github.com/xyproto/algernon (CVE-2026-45728). Confidential information can be exposed externally. Exploitable via ``singleFileMode``. Mitigation: upgrade to `1.17.7` or later.
|