Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45796 |
|
SSRF (Server-Side Request Forgery) in github.com/coder/coder/v2 (CVE-2026-45796)
SSRF in github.com/coder/coder/v2 (CVE-2026-45796). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
|
| CVE-2026-46357 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357). Risk of unauthorized operations or information disclosure. Exploitable via ``createSite``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-8370 |
|
Vulnerability in privilege-escalation (CVE-2026-8370)
vulnerability in privilege-escalation (CVE-2026-8370). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8073 |
|
Vulnerability in wordpress (CVE-2026-8073)
vulnerability in wordpress (CVE-2026-8073). Confidential information can be exposed externally.
|
| CVE-2026-8096 |
|
Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
|
| CVE-2026-41470 |
|
Authorization Flaw in CVE-2026-41470 (CVE-2026-41470)
vulnerability in CVE-2026-41470 (CVE-2026-41470). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34154 |
|
Vulnerability in discourse (CVE-2026-34154)
vulnerability in discourse (CVE-2026-34154). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.1.4, 2026.3.1, 2026.4.1` or later.
|
| CVE-2026-33741 |
|
Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
cross-site scripting in CVE-2026-33741 (CVE-2026-33741). Confidential information can be exposed externally.
|
| CVE-2026-33642 |
|
Out-of-Bounds Read in c (CVE-2026-33642)
vulnerability in c (CVE-2026-33642). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32738 |
|
Out-of-Bounds Read in dos (CVE-2026-32738)
vulnerability in dos (CVE-2026-32738). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8605 |
|
Vulnerability in scadabr (CVE-2026-8605)
vulnerability in scadabr (CVE-2026-8605). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8604 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-8604)
vulnerability in csrf (CVE-2026-8604). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8603 |
|
OS Command Injection in scadabr (CVE-2026-8603)
OS command injection in scadabr (CVE-2026-8603). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6009 |
|
Unsafe Deserialization in net.sf.jasperreports:jasperreports (CVE-2026-6009)
vulnerability in net.sf.jasperreports:jasperreports (CVE-2026-6009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.7` or later.
|
| CVE-2026-47107 |
|
Vulnerability in CVE-2026-47107 (CVE-2026-47107)
vulnerability in CVE-2026-47107 (CVE-2026-47107). Confidential information can be exposed externally.
|
| CVE-2026-32134 |
|
Vulnerability in CVE-2026-32134 (CVE-2026-32134)
vulnerability in CVE-2026-32134 (CVE-2026-32134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33633 |
|
Vulnerability in dos (CVE-2026-33633)
vulnerability in dos (CVE-2026-33633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5511 |
|
Vulnerability in tp-link (CVE-2026-5511)
vulnerability in tp-link (CVE-2026-5511). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47358 |
|
Vulnerability in ssrf (CVE-2026-47358)
vulnerability in ssrf (CVE-2026-47358). Confidential information can be exposed externally.
|
| CVE-2026-47356 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-47356)
SSRF in ssrf (CVE-2026-47356). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan`.
|
| CVE-2026-47357 |
|
Vulnerability in ssrf (CVE-2026-47357)
vulnerability in ssrf (CVE-2026-47357). Confidential information can be exposed externally. Exploitable via `POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan`.
|
| CVE-2026-36829 |
|
Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36828 |
|
OS Command Injection in CVE-2026-36828 (CVE-2026-36828)
OS command injection in CVE-2026-36828 (CVE-2026-36828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36827 |
|
OS Command Injection in CVE-2026-36827 (CVE-2026-36827)
OS command injection in CVE-2026-36827 (CVE-2026-36827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46426 |
|
Unrestricted File Upload in budibase (CVE-2026-46426)
vulnerability in budibase (CVE-2026-46426). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/process`. Mitigation: upgrade to `3.38.2` or later.
|
| CVE-2026-8602 |
|
Vulnerability in cisa (CVE-2026-8602)
vulnerability in cisa (CVE-2026-8602). Data can be tampered with by attackers.
|
| CVE-2026-8598 |
|
Vulnerability in cisa (CVE-2026-8598)
vulnerability in cisa (CVE-2026-8598). Confidential information can be exposed externally.
|
| CVE-2026-46424 |
|
Privilege Escalation in @budibase/backend-core (CVE-2026-46424)
vulnerability in @budibase/backend-core (CVE-2026-46424). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/public/v1/roles/unassign`. Mitigation: upgrade to `3.38.2` or later.
|
| CVE-2026-46337 |
|
Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
|
| CVE-2026-56348 |
|
SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-8706 |
|
Information Disclosure in mozilla (CVE-2026-8706)
vulnerability in mozilla (CVE-2026-8706). Confidential information can be exposed externally.
|
| CVE-2026-37281 |
|
OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31069 |
|
SQL Injection in billabear/billabear (CVE-2026-31069)
SQL injection in billabear/billabear (CVE-2026-31069). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31072 |
|
Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30118 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31071 |
|
Vulnerability in CVE-2026-31071 (CVE-2026-31071)
vulnerability in CVE-2026-31071 (CVE-2026-31071). Confidential information can be exposed externally.
|
| CVE-2026-31070 |
|
Privilege Escalation in CVE-2026-31070 (CVE-2026-31070)
vulnerability in CVE-2026-31070 (CVE-2026-31070). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30117 |
|
Code Injection in CVE-2026-30117 (CVE-2026-30117)
code injection in CVE-2026-30117 (CVE-2026-30117). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45739 |
|
Information Disclosure in strawberry-graphql (CVE-2026-45739)
vulnerability in strawberry-graphql (CVE-2026-45739). Risk of unauthorized operations or information disclosure. Exploitable via ``parameters``. Mitigation: upgrade to `0.315.4` or later.
|
| CVE-2026-45692 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692). Risk of unauthorized operations or information disclosure. Exploitable via `GET /config/apps/http/servers/srv/routes/0`. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45670 |
|
Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45758 |
|
Vulnerability in guardrails-ai (CVE-2026-45758)
vulnerability in guardrails-ai (CVE-2026-45758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45581 |
|
Vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581)
vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581). Confidential information can be exposed externally. Mitigation: upgrade to `2.5.10` or later.
|
| CVE-2026-45571 |
|
Path Traversal in github.com/go-git/go-git/v5 (CVE-2026-45571)
path traversal in github.com/go-git/go-git/v5 (CVE-2026-45571). Risk of unauthorized operations or information disclosure. Exploitable via ``Storer``. Mitigation: upgrade to `5.19.1` or later.
|
| CVE-2026-45557 |
|
Vulnerability in CVE-2026-45557 (CVE-2026-45557)
vulnerability in CVE-2026-45557 (CVE-2026-45557). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.0` or later.
|
| CVE-2026-47100 |
|
Vulnerability in CVE-2026-47100 (CVE-2026-47100)
vulnerability in CVE-2026-47100 (CVE-2026-47100). Data can be tampered with by attackers.
|
| CVE-2026-8711 |
|
Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34883 |
|
Vulnerability in c (CVE-2026-34883)
vulnerability in c (CVE-2026-34883). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2587 |
|
Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2025-51427 |
|
Code Injection in modelscope (CVE-2025-51427)
code injection in modelscope (CVE-2025-51427). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.27.0` or later.
|