Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44379 |
|
Vulnerability in misp (CVE-2026-44379)
vulnerability in misp (CVE-2026-44379). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.37` or later.
|
| CVE-2026-44376 |
|
Cross-Site Scripting (XSS) in CVE-2026-44376 (CVE-2026-44376)
cross-site scripting in CVE-2026-44376 (CVE-2026-44376). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-42602 |
|
Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602)
vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602). Data can be tampered with by attackers. Exploitable via `POST /v1/traces`.
|
| CVE-2026-44368 |
|
Vulnerability in pyquorum (CVE-2026-44368)
vulnerability in pyquorum (CVE-2026-44368). Risk of unauthorized operations or information disclosure. Exploitable via ``mul_mod``. Mitigation: upgrade to `0.2.1` or later.
|
| CVE-2026-44372 |
|
Open Redirect in nitro (CVE-2026-44372)
vulnerability in nitro (CVE-2026-44372). Risk of unauthorized operations or information disclosure. Exploitable via `GET /legacy//evil.com`. Mitigation: upgrade to `3.0.260429-beta` or later.
|
| CVE-2026-42561 |
|
Vulnerability in python-multipart (CVE-2026-42561)
vulnerability in python-multipart (CVE-2026-42561). Risk of unauthorized operations or information disclosure. Exploitable via ``MultipartParser``. Mitigation: upgrade to `0.0.27` or later.
|
| CVE-2026-42304 |
|
Vulnerability in Twisted (CVE-2026-42304)
vulnerability in Twisted (CVE-2026-42304). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.4.0rc2` or later.
|
| CVE-2026-39358 |
|
SQL Injection in sqli (CVE-2026-39358)
SQL injection in sqli (CVE-2026-39358). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.6.0` or later.
|
| CVE-2026-39428 |
|
Cross-Site Scripting (XSS) in CVE-2026-39428 (CVE-2026-39428)
cross-site scripting in CVE-2026-39428 (CVE-2026-39428). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.6.0` or later.
|
| CVE-2026-44363 |
|
Vulnerability in misp-modules (CVE-2026-44363)
vulnerability in misp-modules (CVE-2026-44363). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44364 |
|
Cross-Site Request Forgery (CSRF) in misp-modules (CVE-2026-44364)
vulnerability in misp-modules (CVE-2026-44364). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42551 |
|
Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42552 |
|
Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42550 |
|
SQL Injection in flightphp/core (CVE-2026-42550)
SQL injection in flightphp/core (CVE-2026-42550). Successful exploitation can lead to full system takeover. Exploitable via ``UPDATE``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-44351 |
|
Vulnerability in fast-jwt (CVE-2026-44351)
vulnerability in fast-jwt (CVE-2026-44351). Confidential information can be exposed externally. Exploitable via ``Buffer``. Mitigation: upgrade to `6.2.4` or later.
|
| CVE-2026-42548 |
|
Cross-Site Scripting (XSS) in flightphp/core (CVE-2026-42548)
cross-site scripting in flightphp/core (CVE-2026-42548). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42549 |
|
Path Traversal in flightphp/core (CVE-2026-42549)
path traversal in flightphp/core (CVE-2026-42549). Risk of unauthorized operations or information disclosure. Exploitable via ``b8dd23a``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-22599 |
|
SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
|
| CVE-2026-8466 |
|
Vulnerability in cowboy (CVE-2026-8466)
vulnerability in cowboy (CVE-2026-8466). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.15.0` or later.
|
| CVE-2026-42587 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42587)
vulnerability in io.netty:netty-codec-http (CVE-2026-42587). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpContentDecompressor``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42584 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42584)
vulnerability in io.netty:netty-codec-http (CVE-2026-42584). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42585 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42585)
vulnerability in io.netty:netty-codec-http (CVE-2026-42585). Risk of unauthorized operations or information disclosure. Exploitable via `GET /smuggled`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42578 |
|
Vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578)
vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.proxy.HttpProxyHandler``. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-42581 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42581)
vulnerability in io.netty:netty-codec-http (CVE-2026-42581). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42577 |
|
Vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-42577)
vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-42577). Risk of unauthorized operations or information disclosure. Exploitable via ``ALLOW_HALF_CLOSURE``. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-42583 |
|
Vulnerability in io.netty:netty-codec-compression (CVE-2026-42583)
vulnerability in io.netty:netty-codec-compression (CVE-2026-42583). Risk of unauthorized operations or information disclosure. Exploitable via ``decompressedLength``. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-42579 |
|
Vulnerability in io.netty:netty-codec-dns (CVE-2026-42579)
vulnerability in io.netty:netty-codec-dns (CVE-2026-42579). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.codec.dns.DnsCodecUtil``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42580 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42580)
vulnerability in io.netty:netty-codec-http (CVE-2026-42580). Risk of unauthorized operations or information disclosure. Exploitable via `GET /smuggled`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42031 |
|
SQL Injection in ckan (CVE-2026-42031)
SQL injection in ckan (CVE-2026-42031). Successful exploitation can lead to full system takeover. Exploitable via ``datastore_search_sql``. Mitigation: upgrade to `2.11.5` or later.
|
| CVE-2026-41255 |
|
Cross-Site Request Forgery (CSRF) in ckan (CVE-2026-41255)
vulnerability in ckan (CVE-2026-41255). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.11.5` or later.
|
| CVE-2026-42032 |
|
Authorization Flaw in ckan (CVE-2026-42032)
vulnerability in ckan (CVE-2026-42032). Confidential information can be exposed externally. Exploitable via ``datastore_search_sql``. Mitigation: upgrade to `2.11.5` or later.
|
| CVE-2026-41132 |
|
Vulnerability in ckan (CVE-2026-41132)
vulnerability in ckan (CVE-2026-41132). Confidential information can be exposed externally. Mitigation: upgrade to `2.10.10` or later.
|
| CVE-2026-33584 |
|
Vulnerability in CVE-2026-33584 (CVE-2026-33584)
vulnerability in CVE-2026-33584 (CVE-2026-33584). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33583 |
|
Vulnerability in CVE-2026-33583 (CVE-2026-33583)
vulnerability in CVE-2026-33583 (CVE-2026-33583). Confidential information can be exposed externally.
|
| CVE-2026-30905 |
|
Vulnerability in zoom (CVE-2026-30905)
vulnerability in zoom (CVE-2026-30905). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30906 |
|
Vulnerability in zoom (CVE-2026-30906)
vulnerability in zoom (CVE-2026-30906). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30904 |
|
Vulnerability in zoom (CVE-2026-30904)
vulnerability in zoom (CVE-2026-30904). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22677 |
|
Path Traversal in path-traversal (CVE-2026-22677)
path traversal in path-traversal (CVE-2026-22677). Confidential information can be exposed externally.
|
| CVE-2026-0262 |
|
Vulnerability in dos (CVE-2026-0262)
vulnerability in dos (CVE-2026-0262). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0261 |
|
OS Command Injection in CVE-2026-0261 (CVE-2026-0261)
OS command injection in CVE-2026-0261 (CVE-2026-0261). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0258 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-0258)
SSRF in ssrf (CVE-2026-0258). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0259 |
|
Vulnerability in CVE-2026-0259 (CVE-2026-0259)
vulnerability in CVE-2026-0259 (CVE-2026-0259). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0256 |
|
Cross-Site Scripting (XSS) in CVE-2026-0256 (CVE-2026-0256)
cross-site scripting in CVE-2026-0256 (CVE-2026-0256). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0251 |
|
Vulnerability in privilege-escalation (CVE-2026-0251)
vulnerability in privilege-escalation (CVE-2026-0251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0250 |
|
Out-of-Bounds Write in CVE-2026-0250 (CVE-2026-0250)
out-of-bounds write in CVE-2026-0250 (CVE-2026-0250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0249 |
|
Vulnerability in CVE-2026-0249 (CVE-2026-0249)
vulnerability in CVE-2026-0249 (CVE-2026-0249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0246 |
|
Vulnerability in CVE-2026-0246 (CVE-2026-0246)
vulnerability in CVE-2026-0246 (CVE-2026-0246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0244 |
|
Vulnerability in CVE-2026-0244 (CVE-2026-0244)
vulnerability in CVE-2026-0244 (CVE-2026-0244). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0248 |
|
Vulnerability in CVE-2026-0248 (CVE-2026-0248)
vulnerability in CVE-2026-0248 (CVE-2026-0248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0242 |
|
SQL Injection in sqli (CVE-2026-0242)
SQL injection in sqli (CVE-2026-0242). Risk of unauthorized operations or information disclosure.
|