Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45622 |
|
Cross-Site Scripting (XSS) in CVE-2026-45622 (CVE-2026-45622)
cross-site scripting in CVE-2026-45622 (CVE-2026-45622). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.3` or later.
|
| CVE-2026-45616 |
|
Cross-Site Scripting (XSS) in CVE-2026-45616 (CVE-2026-45616)
cross-site scripting in CVE-2026-45616 (CVE-2026-45616). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.3` or later.
|
| CVE-2026-45007 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-45007)
vulnerability in thorsten/phpmyfaq (CVE-2026-45007). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationTabController.php``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-45009 |
|
Authorization Flaw in phpMyFAQ/phpMyFAQ (CVE-2026-45009)
vulnerability in phpMyFAQ/phpMyFAQ (CVE-2026-45009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-45008 |
|
Path Traversal in phpMyFAQ/phpMyFAQ (CVE-2026-45008)
path traversal in phpMyFAQ/phpMyFAQ (CVE-2026-45008). Data can be tampered with by attackers. Exploitable via ``clientFolder``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-44718 |
|
Vulnerability in CVE-2026-44718 (CVE-2026-44718)
vulnerability in CVE-2026-44718 (CVE-2026-44718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.10.0` or later.
|
| CVE-2026-44719 |
|
Vulnerability in CVE-2026-44719 (CVE-2026-44719)
vulnerability in CVE-2026-44719 (CVE-2026-44719). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.10.0` or later.
|
| CVE-2026-44366 |
|
Cross-Site Scripting (XSS) in CVE-2026-44366 (CVE-2026-44366)
cross-site scripting in CVE-2026-44366 (CVE-2026-44366). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.8.1` or later.
|
| CVE-2021-47966 |
|
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in...
|
| CVE-2021-47967 |
|
Cross-Site Scripting (XSS) in c (CVE-2021-47967)
cross-site scripting in c (CVE-2021-47967). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47968 |
|
Cross-Site Scripting (XSS) in CVE-2021-47968 (CVE-2021-47968)
cross-site scripting in CVE-2021-47968 (CVE-2021-47968). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47964 |
|
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
|
| CVE-2021-47965 |
|
Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47962 |
|
Cross-Site Scripting (XSS) in CVE-2021-47962 (CVE-2021-47962)
cross-site scripting in CVE-2021-47962 (CVE-2021-47962). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47963 |
|
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to...
|
| CVE-2021-47959 |
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
| CVE-2021-47958 |
|
SSRF (Server-Side Request Forgery) in CVE-2021-47958 (CVE-2021-47958)
SSRF in CVE-2021-47958 (CVE-2021-47958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45619 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45619)
vulnerability in WWBN/AVideo (CVE-2026-45619). Confidential information can be exposed externally. Exploitable via ``EpgParser.php``.
|
| CVE-2026-45610 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45610)
vulnerability in WWBN/AVideo (CVE-2026-45610). Data can be tampered with by attackers. Exploitable via ``SameSite``.
|
| CVE-2026-45580 |
|
Cross-Site Scripting (XSS) in WWBN/AVideo (CVE-2026-45580)
cross-site scripting in WWBN/AVideo (CVE-2026-45580). Risk of unauthorized operations or information disclosure. Exploitable via ``echo``.
|
| CVE-2026-45578 |
|
OS Command Injection in WWBN/AVideo (CVE-2026-45578)
OS command injection in WWBN/AVideo (CVE-2026-45578). Successful exploitation can lead to full system takeover. Exploitable via ``on_publish.php``.
|
| CVE-2026-45575 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45575). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
|
| CVE-2026-8695 |
|
Use-After-Free in dos (CVE-2026-8695)
vulnerability in dos (CVE-2026-8695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23695 |
|
Cross-Site Scripting (XSS) in cockpit-hq/cockpit (CVE-2026-23695)
cross-site scripting in cockpit-hq/cockpit (CVE-2026-23695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45574 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-45574). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.2` or later.
|
| CVE-2026-46383 |
|
Path Traversal in apm-cli (CVE-2026-46383)
path traversal in apm-cli (CVE-2026-46383). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-46491 |
|
Path Traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491)
path traversal in simplesamlphp/simplesamlphp-module-casserver (CVE-2026-46491). Data can be tampered with by attackers. Exploitable via ``ticket``. Mitigation: upgrade to `7.0.3` or later.
|
| CVE-2026-45717 |
|
Vulnerability in @budibase/server (CVE-2026-45717)
vulnerability in @budibase/server (CVE-2026-45717). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/datasources/`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-45715 |
|
SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-45715)
SSRF in @budibase/server (CVE-2026-45715). Confidential information can be exposed externally. Exploitable via `POST /api/queries/preview`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-45548 |
|
SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-45548)
SSRF in @budibase/server (CVE-2026-45548). Confidential information can be exposed externally. Exploitable via ``processUrlFile``. Mitigation: upgrade to `3.34.8` or later.
|
| CVE-2026-44717 |
|
Code Injection in CVE-2026-44717 (CVE-2026-44717)
code injection in CVE-2026-44717 (CVE-2026-44717). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.1` or later.
|
| CVE-2026-45035 |
|
OS Command Injection in tabby (CVE-2026-45035)
OS command injection in tabby (CVE-2026-45035). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
|
| CVE-2026-45036 |
|
OS Command Injection in tabby (CVE-2026-45036)
OS command injection in tabby (CVE-2026-45036). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.233` or later.
|
| CVE-2026-45037 |
|
Vulnerability in tabby (CVE-2026-45037)
vulnerability in tabby (CVE-2026-45037). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.232` or later.
|
| CVE-2026-45539 |
|
Information Disclosure in apm (CVE-2026-45539)
vulnerability in apm (CVE-2026-45539). Confidential information can be exposed externally. Exploitable via ``content_hash``. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-44699 |
|
Vulnerability in c (CVE-2026-44699)
vulnerability in c (CVE-2026-44699). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.3` or later.
|
| CVE-2026-44641 |
|
Path Traversal in apm-cli (CVE-2026-44641)
path traversal in apm-cli (CVE-2026-44641). Confidential information can be exposed externally. Exploitable via ``agents``. Mitigation: upgrade to `0.8.12` or later.
|
| CVE-2026-41258 |
|
Code Injection in org.openmrs.api:openmrs-api (CVE-2026-41258)
code injection in org.openmrs.api:openmrs-api (CVE-2026-41258). Successful exploitation can lead to full system takeover. Exploitable via ``VelocityEngine``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-42207 |
|
Open Redirect in openmage/magento-lts (CVE-2026-42207)
vulnerability in openmage/magento-lts (CVE-2026-42207). Risk of unauthorized operations or information disclosure. Exploitable via `GET /productalert/add/stock/`. Mitigation: upgrade to `20.18.0` or later.
|
| CVE-2026-42155 |
|
Vulnerability in openmage/magento-lts (CVE-2026-42155)
vulnerability in openmage/magento-lts (CVE-2026-42155). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/xmlrpc/`. Mitigation: upgrade to `20.18.0` or later.
|
| CVE-2026-45106 |
|
Cross-Site Scripting (XSS) in weblate (CVE-2026-45106)
cross-site scripting in weblate (CVE-2026-45106). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `2026.5` or later.
|
| CVE-2026-45062 |
|
Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
|
| CVE-2026-44716 |
|
Path Traversal in pipecat-ai (CVE-2026-44716)
path traversal in pipecat-ai (CVE-2026-44716). Confidential information can be exposed externally. Exploitable via `GET /files/{filename`. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-41147 |
|
Cross-Site Scripting (XSS) in nukeviet/nukeviet (CVE-2026-41147)
cross-site scripting in nukeviet/nukeviet (CVE-2026-41147). Confidential information can be exposed externally. Exploitable via ``srcdoc``.
|
| CVE-2025-65954 |
|
Open Redirect in simplesamlphp/simplesamlphp-module-casserver (CVE-2025-65954)
vulnerability in simplesamlphp/simplesamlphp-module-casserver (CVE-2025-65954). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `6.3.1` or later.
|
| CVE-2026-45773 |
|
Cross-Site Request Forgery (CSRF) in turbo (CVE-2026-45773)
vulnerability in turbo (CVE-2026-45773). Data can be tampered with by attackers. Exploitable via ``turbo``. Mitigation: upgrade to `2.9.14` or later.
|
| CVE-2026-46508 |
|
Command Injection in vercel (CVE-2026-46508)
command injection in vercel (CVE-2026-46508). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.14000` or later.
|
| CVE-2026-35194 |
|
Code Injection in flink (CVE-2026-35194)
code injection in flink (CVE-2026-35194). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.4, 2.0.2, 2.1.1, 2.2.1` or later.
|
| CVE-2026-2031 |
|
Vulnerability in CVE-2026-2031 (CVE-2026-2031)
vulnerability in CVE-2026-2031 (CVE-2026-2031). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45772 |
|
Vulnerability in turbo (CVE-2026-45772)
vulnerability in turbo (CVE-2026-45772). Successful exploitation can lead to full system takeover. Exploitable via ``yarnPath``. Mitigation: upgrade to `2.9.14` or later.
|