Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-5486 |
|
SQL Injection in wordpress (CVE-2026-5486)
SQL injection in wordpress (CVE-2026-5486). Confidential information can be exposed externally.
|
| CVE-2026-46300 |
|
Out-of-Bounds Write in Amazon aws (CVE-2026-46300)
out-of-bounds write in Amazon aws (CVE-2026-46300). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32991 |
|
Authorization Flaw in CVE-2026-32991 (CVE-2026-32991)
vulnerability in CVE-2026-32991 (CVE-2026-32991). Data can be tampered with by attackers.
|
| CVE-2026-8500 |
|
OS Command Injection in CVE-2026-8500 (CVE-2026-8500)
OS command injection in CVE-2026-8500 (CVE-2026-8500). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29206 |
|
SQL Injection in CVE-2026-29206 (CVE-2026-29206)
SQL injection in CVE-2026-29206 (CVE-2026-29206). Data can be tampered with by attackers. Exploitable via ``sqloptimizer``.
|
| CVE-2026-45158 |
|
Vulnerability in opnsense (CVE-2026-45158)
vulnerability in opnsense (CVE-2026-45158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
|
| CVE-2026-44471 |
|
Vulnerability in gix-fs (CVE-2026-44471)
vulnerability in gix-fs (CVE-2026-44471). Successful exploitation can lead to full system takeover. Exploitable via ``payload``. Mitigation: upgrade to `0.21.1` or later.
|
| CVE-2026-44478 |
|
Vulnerability in CVE-2026-44478 (CVE-2026-44478)
vulnerability in CVE-2026-44478 (CVE-2026-44478). Confidential information can be exposed externally. Exploitable via `POST /v1/onboarding/config`. Mitigation: upgrade to `2026.4.0` or later.
|
| CVE-2026-44442 |
|
Vulnerability in frappe (CVE-2026-44442)
vulnerability in frappe (CVE-2026-44442). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.1` or later.
|
| CVE-2026-44448 |
|
Vulnerability in frappe (CVE-2026-44448)
vulnerability in frappe (CVE-2026-44448). Confidential information can be exposed externally. Mitigation: upgrade to `15.102.0` or later.
|
| CVE-2026-44441 |
|
SSRF (Server-Side Request Forgery) in frappe (CVE-2026-44441)
SSRF in frappe (CVE-2026-44441). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.106.0` or later.
|
| CVE-2026-44440 |
|
Path Traversal in path-traversal (CVE-2026-44440)
path traversal in path-traversal (CVE-2026-44440). Confidential information can be exposed externally. Mitigation: upgrade to `15.101.1` or later.
|
| CVE-2026-44446 |
|
SQL Injection in sqli (CVE-2026-44446)
SQL injection in sqli (CVE-2026-44446). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.104.3` or later.
|
| CVE-2026-44447 |
|
SQL Injection in sqli (CVE-2026-44447)
SQL injection in sqli (CVE-2026-44447). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.0` or later.
|
| CVE-2026-44445 |
|
XXE (XML External Entity) in frappe (CVE-2026-44445)
vulnerability in frappe (CVE-2026-44445). Confidential information can be exposed externally. Mitigation: upgrade to `15.104.3` or later.
|
| CVE-2026-44425 |
|
Vulnerability in github.com/shellhub-io/shellhub (CVE-2026-44425)
vulnerability in github.com/shellhub-io/shellhub (CVE-2026-44425). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `0.24.2` or later.
|
| CVE-2026-44439 |
|
SSRF (Server-Side Request Forgery) in PlaywrightCapture (CVE-2026-44439)
SSRF in PlaywrightCapture (CVE-2026-44439). Confidential information can be exposed externally. Mitigation: upgrade to `1.39.6` or later.
|
| CVE-2026-44437 |
|
Path Traversal in @angular/ssr (CVE-2026-44437)
path traversal in @angular/ssr (CVE-2026-44437). Risk of unauthorized operations or information disclosure. Exploitable via ``redirectTo``. Mitigation: upgrade to `19.2.25` or later.
|
| CVE-2026-32992 |
|
Vulnerability in CVE-2026-32992 (CVE-2026-32992)
vulnerability in CVE-2026-32992 (CVE-2026-32992). Confidential information can be exposed externally.
|
| CVE-2026-44194 |
|
OS Command Injection in opnsense (CVE-2026-44194)
OS command injection in opnsense (CVE-2026-44194). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
|
| CVE-2026-44193 |
|
Vulnerability in opnsense (CVE-2026-44193)
vulnerability in opnsense (CVE-2026-44193). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.7` or later.
|
| CVE-2026-32993 |
|
Vulnerability in CVE-2026-32993 (CVE-2026-32993)
vulnerability in CVE-2026-32993 (CVE-2026-32993). Risk of unauthorized operations or information disclosure. Exploitable via ``status``.
|
| CVE-2026-44369 |
|
Vulnerability in CVE-2026-44369 (CVE-2026-44369)
vulnerability in CVE-2026-44369 (CVE-2026-44369). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.64.0` or later.
|
| CVE-2026-29205 |
|
Vulnerability in CVE-2026-29205 (CVE-2026-29205)
vulnerability in CVE-2026-29205 (CVE-2026-29205). Confidential information can be exposed externally.
|
| CVE-2026-8328 |
|
SSRF (Server-Side Request Forgery) in libpython (CVE-2026-8328)
SSRF in libpython (CVE-2026-8328). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-45228 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-45228)
cross-site scripting in vue (CVE-2026-45228). Risk of unauthorized operations or information disclosure. Exploitable via `POST /update`.
|
| CVE-2025-27852 |
|
Cross-Site Scripting (XSS) in garmin (CVE-2025-27852)
cross-site scripting in garmin (CVE-2025-27852). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-27853 |
|
Vulnerability in garmin (CVE-2025-27853)
vulnerability in garmin (CVE-2025-27853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33376 |
|
Vulnerability in grafana (CVE-2026-33376)
vulnerability in grafana (CVE-2026-33376). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2025-27850 |
|
Vulnerability in garmin (CVE-2025-27850)
vulnerability in garmin (CVE-2025-27850). Confidential information can be exposed externally.
|
| CVE-2025-27851 |
|
Cross-Site Request Forgery (CSRF) in garmin (CVE-2025-27851)
vulnerability in garmin (CVE-2025-27851). Confidential information can be exposed externally.
|
| CVE-2026-33380 |
|
Vulnerability in grafana (CVE-2026-33380)
vulnerability in grafana (CVE-2026-33380). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28379 |
|
Vulnerability in grafana (CVE-2026-28379)
vulnerability in grafana (CVE-2026-28379). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28383 |
|
Vulnerability in grafana (CVE-2026-28383)
vulnerability in grafana (CVE-2026-28383). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28376 |
|
Vulnerability in grafana (CVE-2026-28376)
vulnerability in grafana (CVE-2026-28376). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-33378 |
|
Vulnerability in grafana (CVE-2026-33378)
vulnerability in grafana (CVE-2026-33378). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28380 |
|
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
BAC in Snapshot API allows deletion of unauthorized dashboard snapshots
|
| CVE-2026-33377 |
|
Vulnerability in grafana (CVE-2026-33377)
vulnerability in grafana (CVE-2026-33377). Data can be tampered with by attackers. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-33381 |
|
Vulnerability in grafana (CVE-2026-33381)
vulnerability in grafana (CVE-2026-33381). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-28374 |
|
Vulnerability in grafana (CVE-2026-28374)
vulnerability in grafana (CVE-2026-28374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-45714 |
|
Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-45708 |
|
Code Injection in CVE-2026-45708 (CVE-2026-45708)
code injection in CVE-2026-45708 (CVE-2026-45708). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.3` or later.
|
| CVE-2026-45054 |
|
SQL Injection in CVE-2026-45054 (CVE-2026-45054)
SQL injection in CVE-2026-45054 (CVE-2026-45054). Confidential information can be exposed externally. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-45055 |
|
Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
|
| CVE-2026-45053 |
|
Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44377 |
|
Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44380 |
|
Authorization Flaw in misp (CVE-2026-44380)
vulnerability in misp (CVE-2026-44380). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.37` or later.
|
| CVE-2026-44373 |
|
Path Traversal in nitro (CVE-2026-44373)
path traversal in nitro (CVE-2026-44373). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/orders/..`. Mitigation: upgrade to `3.0.260429-beta` or later.
|
| CVE-2026-44381 |
|
SQL Injection in sqli (CVE-2026-44381)
SQL injection in sqli (CVE-2026-44381). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
|
| CVE-2026-44418 |
|
SQL Injection in sqli (CVE-2026-44418)
SQL injection in sqli (CVE-2026-44418). Risk of unauthorized operations or information disclosure.
|