Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-29205 Vulnerability in CVE-2026-29205 (CVE-2026-29205)
vulnerability in CVE-2026-29205 (CVE-2026-29205). Confidential information can be exposed externally.
CVE-2026-8328 SSRF (Server-Side Request Forgery) in libpython (CVE-2026-8328)
SSRF in libpython (CVE-2026-8328). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.5` or later.
CVE-2026-45228 Cross-Site Scripting (XSS) in vue (CVE-2026-45228)
cross-site scripting in vue (CVE-2026-45228). Risk of unauthorized operations or information disclosure. Exploitable via `POST /update`.
CVE-2025-27852 Cross-Site Scripting (XSS) in garmin (CVE-2025-27852)
cross-site scripting in garmin (CVE-2025-27852). Risk of unauthorized operations or information disclosure.
CVE-2025-27853 Vulnerability in garmin (CVE-2025-27853)
vulnerability in garmin (CVE-2025-27853). Risk of unauthorized operations or information disclosure.
CVE-2026-33376 Vulnerability in grafana (CVE-2026-33376)
vulnerability in grafana (CVE-2026-33376). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2025-27850 Vulnerability in garmin (CVE-2025-27850)
vulnerability in garmin (CVE-2025-27850). Confidential information can be exposed externally.
CVE-2025-27851 Cross-Site Request Forgery (CSRF) in garmin (CVE-2025-27851)
vulnerability in garmin (CVE-2025-27851). Confidential information can be exposed externally.
CVE-2026-33380 Vulnerability in grafana (CVE-2026-33380)
vulnerability in grafana (CVE-2026-33380). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-28379 Vulnerability in grafana (CVE-2026-28379)
vulnerability in grafana (CVE-2026-28379). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-28383 Vulnerability in grafana (CVE-2026-28383)
vulnerability in grafana (CVE-2026-28383). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-28376 Vulnerability in grafana (CVE-2026-28376)
vulnerability in grafana (CVE-2026-28376). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-33378 Vulnerability in grafana (CVE-2026-33378)
vulnerability in grafana (CVE-2026-33378). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
CVE-2026-33377 Vulnerability in grafana (CVE-2026-33377)
vulnerability in grafana (CVE-2026-33377). Data can be tampered with by attackers. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-33381 Vulnerability in grafana (CVE-2026-33381)
vulnerability in grafana (CVE-2026-33381). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-28374 Vulnerability in grafana (CVE-2026-28374)
vulnerability in grafana (CVE-2026-28374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-45714 Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-45708 Code Injection in CVE-2026-45708 (CVE-2026-45708)
code injection in CVE-2026-45708 (CVE-2026-45708). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.3` or later.
CVE-2026-45054 SQL Injection in CVE-2026-45054 (CVE-2026-45054)
SQL injection in CVE-2026-45054 (CVE-2026-45054). Confidential information can be exposed externally. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-45055 Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
CVE-2026-45053 Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-44377 Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-44380 Authorization Flaw in misp (CVE-2026-44380)
vulnerability in misp (CVE-2026-44380). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.37` or later.
CVE-2026-44373 Path Traversal in nitro (CVE-2026-44373)
path traversal in nitro (CVE-2026-44373). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/orders/..`. Mitigation: upgrade to `3.0.260429-beta` or later.
CVE-2026-44381 SQL Injection in sqli (CVE-2026-44381)
SQL injection in sqli (CVE-2026-44381). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
CVE-2026-44418 SQL Injection in sqli (CVE-2026-44418)
SQL injection in sqli (CVE-2026-44418). Risk of unauthorized operations or information disclosure.
CVE-2026-44379 Vulnerability in misp (CVE-2026-44379)
vulnerability in misp (CVE-2026-44379). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
CVE-2026-44376 Cross-Site Scripting (XSS) in CVE-2026-44376 (CVE-2026-44376)
cross-site scripting in CVE-2026-44376 (CVE-2026-44376). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-42602 Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602)
vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602). Data can be tampered with by attackers. Exploitable via `POST /v1/traces`.
CVE-2026-44368 Vulnerability in pyquorum (CVE-2026-44368)
vulnerability in pyquorum (CVE-2026-44368). Risk of unauthorized operations or information disclosure. Exploitable via ``mul_mod``. Mitigation: upgrade to `0.2.1` or later.
CVE-2026-44372 Open Redirect in nitro (CVE-2026-44372)
vulnerability in nitro (CVE-2026-44372). Risk of unauthorized operations or information disclosure. Exploitable via `GET /legacy//evil.com`. Mitigation: upgrade to `3.0.260429-beta` or later.
CVE-2026-42561 Vulnerability in python-multipart (CVE-2026-42561)
vulnerability in python-multipart (CVE-2026-42561). Risk of unauthorized operations or information disclosure. Exploitable via ``MultipartParser``. Mitigation: upgrade to `0.0.27` or later.
CVE-2026-42304 Vulnerability in Twisted (CVE-2026-42304)
vulnerability in Twisted (CVE-2026-42304). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.4.0rc2` or later.
CVE-2026-39358 SQL Injection in sqli (CVE-2026-39358)
SQL injection in sqli (CVE-2026-39358). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.6.0` or later.
CVE-2026-39428 Cross-Site Scripting (XSS) in CVE-2026-39428 (CVE-2026-39428)
cross-site scripting in CVE-2026-39428 (CVE-2026-39428). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.6.0` or later.
CVE-2026-44363 Vulnerability in misp-modules (CVE-2026-44363)
vulnerability in misp-modules (CVE-2026-44363). Risk of unauthorized operations or information disclosure.
CVE-2026-44364 Cross-Site Request Forgery (CSRF) in misp-modules (CVE-2026-44364)
vulnerability in misp-modules (CVE-2026-44364). Risk of unauthorized operations or information disclosure.
CVE-2026-42551 Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-42552 Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-42550 SQL Injection in flightphp/core (CVE-2026-42550)
SQL injection in flightphp/core (CVE-2026-42550). Successful exploitation can lead to full system takeover. Exploitable via ``UPDATE``. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-44351 Vulnerability in fast-jwt (CVE-2026-44351)
vulnerability in fast-jwt (CVE-2026-44351). Confidential information can be exposed externally. Exploitable via ``Buffer``. Mitigation: upgrade to `6.2.4` or later.
CVE-2026-42548 Cross-Site Scripting (XSS) in flightphp/core (CVE-2026-42548)
cross-site scripting in flightphp/core (CVE-2026-42548). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api`. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-42549 Path Traversal in flightphp/core (CVE-2026-42549)
path traversal in flightphp/core (CVE-2026-42549). Risk of unauthorized operations or information disclosure. Exploitable via ``b8dd23a``. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-22599 SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
CVE-2026-8466 Vulnerability in cowboy (CVE-2026-8466)
vulnerability in cowboy (CVE-2026-8466). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.15.0` or later.
CVE-2026-42587 Vulnerability in io.netty:netty-codec-http (CVE-2026-42587)
vulnerability in io.netty:netty-codec-http (CVE-2026-42587). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpContentDecompressor``. Mitigation: upgrade to `4.1.133.Final` or later.
CVE-2026-42584 Vulnerability in io.netty:netty-codec-http (CVE-2026-42584)
vulnerability in io.netty:netty-codec-http (CVE-2026-42584). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.133.Final` or later.
CVE-2026-42585 Vulnerability in io.netty:netty-codec-http (CVE-2026-42585)
vulnerability in io.netty:netty-codec-http (CVE-2026-42585). Risk of unauthorized operations or information disclosure. Exploitable via `GET /smuggled`. Mitigation: upgrade to `4.1.133.Final` or later.
CVE-2026-42578 Vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578)
vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.proxy.HttpProxyHandler``. Mitigation: upgrade to `4.2.13.Final` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →