Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44881 |
|
Information Disclosure in github.com/portainer/portainer (CVE-2026-44881)
vulnerability in github.com/portainer/portainer (CVE-2026-44881). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/stacks/{id}/file`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44850 |
|
Authorization Flaw in github.com/portainer/portainer (CVE-2026-44850)
vulnerability in github.com/portainer/portainer (CVE-2026-44850). Confidential information can be exposed externally. Exploitable via `POST /containers/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44885 |
|
Path Traversal in github.com/portainer/portainer (CVE-2026-44885)
path traversal in github.com/portainer/portainer (CVE-2026-44885). Data can be tampered with by attackers. Exploitable via ``ExtractTarGz``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-44848 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44848)
vulnerability in github.com/portainer/portainer (CVE-2026-44848). Successful exploitation can lead to full system takeover. Exploitable via `POST /plugins/pull`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-46444 |
|
Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-45076 |
|
Vulnerability in matrix-synapse (CVE-2026-45076)
vulnerability in matrix-synapse (CVE-2026-45076). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.152.1` or later.
|
| CVE-2026-45078 |
|
Vulnerability in matrix-synapse (CVE-2026-45078)
vulnerability in matrix-synapse (CVE-2026-45078). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.152.1` or later.
|
| CVE-2026-44792 |
|
SQL Injection in n8n (CVE-2026-44792)
SQL injection in n8n (CVE-2026-44792). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44791 |
|
Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44790 |
|
Vulnerability in n8n (CVE-2026-44790)
vulnerability in n8n (CVE-2026-44790). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44789 |
|
Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44501 |
|
Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
|
| CVE-2026-44504 |
|
Vulnerability in aegra-api (CVE-2026-44504)
vulnerability in aegra-api (CVE-2026-44504). Risk of unauthorized operations or information disclosure. Exploitable via `POST /threads/{thread_id}/runs`. Mitigation: upgrade to `0.9.7` or later.
|
| CVE-2026-44503 |
|
Open Redirect in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503)
vulnerability in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-42597 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42597)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42597). Confidential information can be exposed externally. Exploitable via ``AllowedFilePrefixes``. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42594 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594). Risk of unauthorized operations or information disclosure. Exploitable via `GET /version`. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42591 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591). Confidential information can be exposed externally. Exploitable via `GET /GOTENBERG_SSRF`.
|
| CVE-2026-42592 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42592)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42592). Risk of unauthorized operations or information disclosure. Exploitable via ``FilterOutboundURL``.
|
| CVE-2026-42596 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596). Confidential information can be exposed externally. Exploitable via `POST /upload`. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42593 |
|
Path Traversal in github.com/gotenberg/gotenberg/v8 (CVE-2026-42593)
path traversal in github.com/gotenberg/gotenberg/v8 (CVE-2026-42593). Risk of unauthorized operations or information disclosure. Exploitable via ``stamp``.
|
| CVE-2026-42590 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590). Data can be tampered with by attackers. Exploitable via ``FileName``.
|
| CVE-2026-42283 |
|
Information Disclosure in github.com/loft-sh/devspace (CVE-2026-42283)
vulnerability in github.com/loft-sh/devspace (CVE-2026-42283). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.3.21` or later.
|
| CVE-2026-42589 |
|
OS Command Injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589)
OS command injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589). Successful exploitation can lead to full system takeover. Exploitable via ``dangerousTags``.
|
| CVE-2026-42281 |
|
SSRF (Server-Side Request Forgery) in magicmirror (CVE-2026-42281)
SSRF in magicmirror (CVE-2026-42281). Confidential information can be exposed externally. Exploitable via `GET /cors`. Mitigation: upgrade to `2.36.0` or later.
|
| CVE-2026-40893 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893). Data can be tampered with by attackers. Exploitable via ``FileName``.
|
| CVE-2026-42159 |
|
Cross-Site Scripting (XSS) in flowsint (CVE-2026-42159)
cross-site scripting in flowsint (CVE-2026-42159). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-42853 |
|
OS Command Injection in @apostrophecms/cli (CVE-2026-42853)
OS command injection in @apostrophecms/cli (CVE-2026-42853). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20182 KEV |
|
[KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41937 |
|
Vulnerability in CVE-2026-41937 (CVE-2026-41937)
vulnerability in CVE-2026-41937 (CVE-2026-41937). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41935 |
|
Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62619 |
|
Vulnerability in CVE-2025-62619 (CVE-2025-62619)
vulnerability in CVE-2025-62619 (CVE-2025-62619). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6477 |
|
Vulnerability in postgresql (CVE-2026-6477)
vulnerability in postgresql (CVE-2026-6477). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2025-62625 |
|
Privilege Escalation in CVE-2025-62625 (CVE-2025-62625)
vulnerability in CVE-2025-62625 (CVE-2025-62625). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6474 |
|
Vulnerability in postgresql (CVE-2026-6474)
vulnerability in postgresql (CVE-2026-6474). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-6637 |
|
SQL Injection in postgresql (CVE-2026-6637)
SQL injection in postgresql (CVE-2026-6637). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-6476 |
|
SQL Injection in postgresql (CVE-2026-6476)
SQL injection in postgresql (CVE-2026-6476). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.10.0, 18.4.0` or later.
|
| CVE-2026-6638 |
|
SQL Injection in postgresql (CVE-2026-6638)
SQL injection in postgresql (CVE-2026-6638). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-24712 |
|
Command Injection in northerntech (CVE-2026-24712)
command injection in northerntech (CVE-2026-24712). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1630 |
|
Cross-Site Scripting (XSS) in CVE-2026-1630 (CVE-2026-1630)
cross-site scripting in CVE-2026-1630 (CVE-2026-1630). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41932 |
|
Cross-Site Scripting (XSS) in CVE-2026-41932 (CVE-2026-41932)
cross-site scripting in CVE-2026-41932 (CVE-2026-41932). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21730 |
|
Cross-Site Scripting (XSS) in verint (CVE-2026-21730)
cross-site scripting in verint (CVE-2026-21730). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24710 |
|
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
|
| CVE-2026-6473 |
|
Vulnerability in postgresql (CVE-2026-6473)
vulnerability in postgresql (CVE-2026-6473). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2025-69443 |
|
Code Injection in CVE-2025-69443 (CVE-2025-69443)
code injection in CVE-2025-69443 (CVE-2025-69443). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6472 |
|
Vulnerability in postgresql (CVE-2026-6472)
vulnerability in postgresql (CVE-2026-6472). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-24711 |
|
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
|
| CVE-2025-62628 |
|
Vulnerability in CVE-2025-62628 (CVE-2025-62628)
vulnerability in CVE-2025-62628 (CVE-2025-62628). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44374 |
|
Authorization Flaw in @backstage/plugin-catalog-unprocessed-entities-common (CVE-2026-44374)
vulnerability in @backstage/plugin-catalog-unprocessed-entities-common (CVE-2026-44374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.15` or later.
|
| CVE-2026-44482 |
|
Vulnerability in CVE-2026-44482 (CVE-2026-44482)
vulnerability in CVE-2026-44482 (CVE-2026-44482). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.8` or later.
|
| CVE-2026-44371 |
|
Cross-Site Scripting (XSS) in CVE-2026-44371 (CVE-2026-44371)
cross-site scripting in CVE-2026-44371 (CVE-2026-44371). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.11` or later.
|