Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-42593 Path Traversal in github.com/gotenberg/gotenberg/v8 (CVE-2026-42593)
path traversal in github.com/gotenberg/gotenberg/v8 (CVE-2026-42593). Risk of unauthorized operations or information disclosure. Exploitable via ``stamp``.
CVE-2026-42590 Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590). Data can be tampered with by attackers. Exploitable via ``FileName``.
CVE-2026-42283 Information Disclosure in github.com/loft-sh/devspace (CVE-2026-42283)
vulnerability in github.com/loft-sh/devspace (CVE-2026-42283). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.3.21` or later.
CVE-2026-42281 SSRF (Server-Side Request Forgery) in magicmirror (CVE-2026-42281)
SSRF in magicmirror (CVE-2026-42281). Confidential information can be exposed externally. Exploitable via `GET /cors`. Mitigation: upgrade to `2.36.0` or later.
CVE-2026-42589 OS Command Injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589)
OS command injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589). Successful exploitation can lead to full system takeover. Exploitable via ``dangerousTags``.
CVE-2026-42159 Cross-Site Scripting (XSS) in flowsint (CVE-2026-42159)
cross-site scripting in flowsint (CVE-2026-42159). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.3` or later.
CVE-2026-40893 Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893). Data can be tampered with by attackers. Exploitable via ``FileName``.
CVE-2026-42853 OS Command Injection in @apostrophecms/cli (CVE-2026-42853)
OS command injection in @apostrophecms/cli (CVE-2026-42853). Successful exploitation can lead to full system takeover.
CVE-2026-20182 KEV [KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-41937 Vulnerability in CVE-2026-41937 (CVE-2026-41937)
vulnerability in CVE-2026-41937 (CVE-2026-41937). Successful exploitation can lead to full system takeover.
CVE-2026-41935 Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
CVE-2025-62619 Vulnerability in CVE-2025-62619 (CVE-2025-62619)
vulnerability in CVE-2025-62619 (CVE-2025-62619). Risk of unauthorized operations or information disclosure.
CVE-2026-6477 Vulnerability in postgresql (CVE-2026-6477)
vulnerability in postgresql (CVE-2026-6477). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2025-62625 Privilege Escalation in CVE-2025-62625 (CVE-2025-62625)
vulnerability in CVE-2025-62625 (CVE-2025-62625). Risk of unauthorized operations or information disclosure.
CVE-2026-6474 Vulnerability in postgresql (CVE-2026-6474)
vulnerability in postgresql (CVE-2026-6474). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2025-69443 Code Injection in CVE-2025-69443 (CVE-2025-69443)
code injection in CVE-2025-69443 (CVE-2025-69443). Risk of unauthorized operations or information disclosure.
CVE-2026-6472 Vulnerability in postgresql (CVE-2026-6472)
vulnerability in postgresql (CVE-2026-6472). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-24711 Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 has Incorrect Access Control.
CVE-2025-62628 Vulnerability in CVE-2025-62628 (CVE-2025-62628)
vulnerability in CVE-2025-62628 (CVE-2025-62628). Risk of unauthorized operations or information disclosure.
CVE-2026-6637 SQL Injection in postgresql (CVE-2026-6637)
SQL injection in postgresql (CVE-2026-6637). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-6476 SQL Injection in postgresql (CVE-2026-6476)
SQL injection in postgresql (CVE-2026-6476). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.10.0, 18.4.0` or later.
CVE-2026-6638 SQL Injection in postgresql (CVE-2026-6638)
SQL injection in postgresql (CVE-2026-6638). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-24712 Command Injection in northerntech (CVE-2026-24712)
command injection in northerntech (CVE-2026-24712). Risk of unauthorized operations or information disclosure.
CVE-2026-1630 Cross-Site Scripting (XSS) in CVE-2026-1630 (CVE-2026-1630)
cross-site scripting in CVE-2026-1630 (CVE-2026-1630). Risk of unauthorized operations or information disclosure.
CVE-2026-41932 Cross-Site Scripting (XSS) in CVE-2026-41932 (CVE-2026-41932)
cross-site scripting in CVE-2026-41932 (CVE-2026-41932). Risk of unauthorized operations or information disclosure.
CVE-2026-21730 Cross-Site Scripting (XSS) in verint (CVE-2026-21730)
cross-site scripting in verint (CVE-2026-21730). Risk of unauthorized operations or information disclosure.
CVE-2026-24710 Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS.
CVE-2026-6473 Vulnerability in postgresql (CVE-2026-6473)
vulnerability in postgresql (CVE-2026-6473). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
CVE-2026-44482 Vulnerability in CVE-2026-44482 (CVE-2026-44482)
vulnerability in CVE-2026-44482 (CVE-2026-44482). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.8` or later.
CVE-2026-44371 Cross-Site Scripting (XSS) in CVE-2026-44371 (CVE-2026-44371)
cross-site scripting in CVE-2026-44371 (CVE-2026-44371). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.11` or later.
CVE-2026-44374 Authorization Flaw in @backstage/plugin-catalog-unprocessed-entities-common (CVE-2026-44374)
vulnerability in @backstage/plugin-catalog-unprocessed-entities-common (CVE-2026-44374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.15` or later.
CVE-2026-44216 Vulnerability in wasmtime (CVE-2026-44216)
vulnerability in wasmtime (CVE-2026-44216). Risk of unauthorized operations or information disclosure. Exploitable via ``memory64``. Mitigation: upgrade to `43.0.2` or later.
CVE-2026-42457 Cross-Site Scripting (XSS) in CVE-2026-42457 (CVE-2026-42457)
cross-site scripting in CVE-2026-42457 (CVE-2026-42457). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.4.3` or later.
CVE-2026-42881 Path Traversal in CVE-2026-42881 (CVE-2026-42881)
path traversal in CVE-2026-42881 (CVE-2026-42881). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.7` or later.
CVE-2026-46443 Information Disclosure in flowise (CVE-2026-46443)
vulnerability in flowise (CVE-2026-46443). Confidential information can be exposed externally. Exploitable via ``credentialName``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46442 Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46441 Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46440 Vulnerability in flowise (CVE-2026-46440)
vulnerability in flowise (CVE-2026-46440). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42863 Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42862 Vulnerability in flowise (CVE-2026-42862)
vulnerability in flowise (CVE-2026-42862). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/tools/{toolId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42861 Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46356 Vulnerability in github.com/fleetdm/fleet (CVE-2026-46356)
vulnerability in github.com/fleetdm/fleet (CVE-2026-46356). Data can be tampered with by attackers. Mitigation: upgrade to `4.80.1` or later.
CVE-2026-41249 Code Injection in coreshop/core-shop (CVE-2026-41249)
code injection in coreshop/core-shop (CVE-2026-41249). Confidential information can be exposed externally. Exploitable via ``pull_request_target``.
CVE-2026-27886 Path Traversal in @strapi/strapi (CVE-2026-27886)
path traversal in @strapi/strapi (CVE-2026-27886). Confidential information can be exposed externally. Exploitable via `POST /admin/reset-password`. Mitigation: upgrade to `5.37.0` or later.
CVE-2026-26191 OS Command Injection in github.com/fleetdm/fleet/v4 (CVE-2026-26191)
OS command injection in github.com/fleetdm/fleet/v4 (CVE-2026-26191). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.81.1` or later.
CVE-2026-26062 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-26062). Risk of unauthorized operations or information disclosure. Exploitable via ``PublishLogs``. Mitigation: upgrade to `4.81.0` or later.
CVE-2026-5790 Cross-Site Scripting (XSS) in CVE-2026-5790 (CVE-2026-5790)
cross-site scripting in CVE-2026-5790 (CVE-2026-5790). Risk of unauthorized operations or information disclosure.
CVE-2026-4029 Vulnerability in wordpress (CVE-2026-4029)
vulnerability in wordpress (CVE-2026-4029). Confidential information can be exposed externally.
CVE-2026-4030 Vulnerability in wordpress (CVE-2026-4030)
vulnerability in wordpress (CVE-2026-4030). Successful exploitation can lead to full system takeover.
CVE-2026-4031 Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →