Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-8604 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-8604)
vulnerability in csrf (CVE-2026-8604). Successful exploitation can lead to full system takeover.
CVE-2026-8603 OS Command Injection in scadabr (CVE-2026-8603)
OS command injection in scadabr (CVE-2026-8603). Successful exploitation can lead to full system takeover.
CVE-2026-6009 Unsafe Deserialization in net.sf.jasperreports:jasperreports (CVE-2026-6009)
vulnerability in net.sf.jasperreports:jasperreports (CVE-2026-6009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.7` or later.
CVE-2026-47107 Vulnerability in CVE-2026-47107 (CVE-2026-47107)
vulnerability in CVE-2026-47107 (CVE-2026-47107). Confidential information can be exposed externally.
CVE-2026-32134 Vulnerability in CVE-2026-32134 (CVE-2026-32134)
vulnerability in CVE-2026-32134 (CVE-2026-32134). Risk of unauthorized operations or information disclosure.
CVE-2026-33633 Vulnerability in dos (CVE-2026-33633)
vulnerability in dos (CVE-2026-33633). Successful exploitation can lead to full system takeover.
CVE-2026-47358 Vulnerability in ssrf (CVE-2026-47358)
vulnerability in ssrf (CVE-2026-47358). Confidential information can be exposed externally.
CVE-2026-5511 Vulnerability in tp-link (CVE-2026-5511)
vulnerability in tp-link (CVE-2026-5511). Risk of unauthorized operations or information disclosure.
CVE-2026-36828 OS Command Injection in CVE-2026-36828 (CVE-2026-36828)
OS command injection in CVE-2026-36828 (CVE-2026-36828). Successful exploitation can lead to full system takeover.
CVE-2026-47356 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
SSRF in ssrf (CVE-2026-47356). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan`.
CVE-2026-47357 Vulnerability in ssrf (CVE-2026-47357)
vulnerability in ssrf (CVE-2026-47357). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan`.
CVE-2026-36829 Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
CVE-2026-36827 OS Command Injection in CVE-2026-36827 (CVE-2026-36827)
OS command injection in CVE-2026-36827 (CVE-2026-36827). Risk of unauthorized operations or information disclosure.
CVE-2026-46426 Unrestricted File Upload in budibase (CVE-2026-46426)
vulnerability in budibase (CVE-2026-46426). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/process`. Mitigation: upgrade to `3.38.2` or later.
CVE-2026-8602 Vulnerability in cisa (CVE-2026-8602)
vulnerability in cisa (CVE-2026-8602). Data can be tampered with by attackers.
CVE-2026-8598 Vulnerability in cisa (CVE-2026-8598)
vulnerability in cisa (CVE-2026-8598). Confidential information can be exposed externally.
CVE-2026-46424 Privilege Escalation in @budibase/backend-core (CVE-2026-46424)
vulnerability in @budibase/backend-core (CVE-2026-46424). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/public/v1/roles/unassign`. Mitigation: upgrade to `3.38.2` or later.
CVE-2026-46337 Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
CVE-2026-56348 SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
CVE-2026-8706 Information Disclosure in mozilla (CVE-2026-8706)
vulnerability in mozilla (CVE-2026-8706). Confidential information can be exposed externally.
CVE-2026-37281 OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
CVE-2026-31069 SQL Injection in billabear/billabear (CVE-2026-31069)
SQL injection in billabear/billabear (CVE-2026-31069). Successful exploitation can lead to full system takeover.
CVE-2026-31071 Vulnerability in CVE-2026-31071 (CVE-2026-31071)
vulnerability in CVE-2026-31071 (CVE-2026-31071). Confidential information can be exposed externally.
CVE-2026-31070 Privilege Escalation in CVE-2026-31070 (CVE-2026-31070)
vulnerability in CVE-2026-31070 (CVE-2026-31070). Successful exploitation can lead to full system takeover.
CVE-2026-31072 Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
CVE-2026-30118 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
CVE-2026-30117 Code Injection in CVE-2026-30117 (CVE-2026-30117)
code injection in CVE-2026-30117 (CVE-2026-30117). Successful exploitation can lead to full system takeover.
CVE-2026-45739 Information Disclosure in strawberry-graphql (CVE-2026-45739)
vulnerability in strawberry-graphql (CVE-2026-45739). Risk of unauthorized operations or information disclosure. Exploitable via ``parameters``. Mitigation: upgrade to `0.315.4` or later.
CVE-2026-45692 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692). Risk of unauthorized operations or information disclosure. Exploitable via `GET /config/apps/http/servers/srv/routes/0`. Mitigation: upgrade to `2.11.3` or later.
CVE-2026-45670 Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
CVE-2026-45758 Vulnerability in guardrails-ai (CVE-2026-45758)
vulnerability in guardrails-ai (CVE-2026-45758). Successful exploitation can lead to full system takeover.
CVE-2026-45581 Vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581)
vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581). Confidential information can be exposed externally. Mitigation: upgrade to `2.5.10` or later.
CVE-2026-45571 Path Traversal in github.com/go-git/go-git/v5 (CVE-2026-45571)
path traversal in github.com/go-git/go-git/v5 (CVE-2026-45571). Risk of unauthorized operations or information disclosure. Exploitable via ``Storer``. Mitigation: upgrade to `5.19.1` or later.
CVE-2026-45557 Vulnerability in CVE-2026-45557 (CVE-2026-45557)
vulnerability in CVE-2026-45557 (CVE-2026-45557). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.0` or later.
CVE-2026-47100 Vulnerability in CVE-2026-47100 (CVE-2026-47100)
vulnerability in CVE-2026-47100 (CVE-2026-47100). Data can be tampered with by attackers.
CVE-2026-8711 Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
CVE-2025-51427 Code Injection in modelscope (CVE-2025-51427)
code injection in modelscope (CVE-2025-51427). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.27.0` or later.
CVE-2026-2586 Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
CVE-2025-70950 Path Traversal in github.com/itang/gohttp (CVE-2025-70950)
path traversal in github.com/itang/gohttp (CVE-2025-70950). Risk of unauthorized operations or information disclosure.
CVE-2026-34883 Vulnerability in c (CVE-2026-34883)
vulnerability in c (CVE-2026-34883). Risk of unauthorized operations or information disclosure.
CVE-2026-2587 Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-45570 Vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570)
vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570). Successful exploitation can lead to full system takeover. Exploitable via ``sq_quote_buf``. Mitigation: upgrade to `5.19.1` or later.
CVE-2026-46511 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46396 Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46395 Information Disclosure in @haxtheweb/haxcms-nodejs (CVE-2026-46395)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46395). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46391 Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46496 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46393 SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-45721 Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
CVE-2026-45728 Vulnerability in github.com/xyproto/algernon (CVE-2026-45728)
vulnerability in github.com/xyproto/algernon (CVE-2026-45728). Confidential information can be exposed externally. Exploitable via ``singleFileMode``. Mitigation: upgrade to `1.17.7` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →