Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-32425 |
|
Vulnerability in dos (CVE-2025-32425)
vulnerability in dos (CVE-2025-32425). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-29338 |
|
Vulnerability in CVE-2025-29338 (CVE-2025-29338)
vulnerability in CVE-2025-29338 (CVE-2025-29338). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-28344 |
|
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.
|
| CVE-2024-55045 |
|
Vulnerability in c (CVE-2024-55045)
vulnerability in c (CVE-2024-55045). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51395 |
|
Vulnerability in cpp (CVE-2024-51395)
vulnerability in cpp (CVE-2024-51395). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-28343 |
|
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.
|
| CVE-2020-37226 |
|
SQL Injection in sqli (CVE-2020-37226)
SQL injection in sqli (CVE-2020-37226). Confidential information can be exposed externally.
|
| CVE-2020-37225 |
|
Cross-Site Scripting (XSS) in CVE-2020-37225 (CVE-2020-37225)
cross-site scripting in CVE-2020-37225 (CVE-2020-37225). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37218 |
|
SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
|
| CVE-2020-37224 |
|
SQL Injection in sqli (CVE-2020-37224)
SQL injection in sqli (CVE-2020-37224). Confidential information can be exposed externally.
|
| CVE-2020-37222 |
|
Cross-Site Scripting (XSS) in c (CVE-2020-37222)
cross-site scripting in c (CVE-2020-37222). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37221 |
|
Vulnerability in CVE-2020-37221 (CVE-2020-37221)
vulnerability in CVE-2020-37221 (CVE-2020-37221). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37220 |
|
Vulnerability in CVE-2020-37220 (CVE-2020-37220)
vulnerability in CVE-2020-37220 (CVE-2020-37220). Confidential information can be exposed externally.
|
| CVE-2020-37217 |
|
Cross-Site Request Forgery (CSRF) in CVE-2020-37217 (CVE-2020-37217)
vulnerability in CVE-2020-37217 (CVE-2020-37217). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37219 |
|
Path Traversal in path-traversal (CVE-2020-37219)
path traversal in path-traversal (CVE-2020-37219). Confidential information can be exposed externally.
|
| CVE-2020-37174 |
|
Cross-Site Scripting (XSS) in CVE-2020-37174 (CVE-2020-37174)
cross-site scripting in CVE-2020-37174 (CVE-2020-37174). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37169 |
|
Vulnerability in wordpress (CVE-2020-37169)
vulnerability in wordpress (CVE-2020-37169). Confidential information can be exposed externally.
|
| CVE-2026-45375 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45375)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45375). Successful exploitation can lead to full system takeover. Exploitable via ``name``.
|
| CVE-2026-45371 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45371)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45371). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/graph/getGraph`. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
|
| CVE-2026-45083 |
|
Vulnerability in io.goobi.viewer:viewer-core (CVE-2026-45083)
vulnerability in io.goobi.viewer:viewer-core (CVE-2026-45083). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/index/stream`.
|
| CVE-2026-45152 |
|
OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
OS command injection in gitlab.com/uniget-org/cli (CVE-2026-45152). Successful exploitation can lead to full system takeover. Exploitable via ``check``. Mitigation: upgrade to `0.27.1` or later.
|
| CVE-2026-45148 |
|
Authorization Flaw in github.com/siyuan-note/siyuan/kernel (CVE-2026-45148)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45148). Risk of unauthorized operations or information disclosure. Exploitable via ``getBookmark``. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
|
| CVE-2026-45147 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45147)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45147). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/tag/getTag`. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
|
| CVE-2026-45137 |
|
Vulnerability in anchor-lang (CVE-2026-45137)
vulnerability in anchor-lang (CVE-2026-45137). Data can be tampered with by attackers. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-45136 |
|
OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
|
| CVE-2026-44798 |
|
Vulnerability in nautobot (CVE-2026-44798)
vulnerability in nautobot (CVE-2026-44798). Risk of unauthorized operations or information disclosure. Exploitable via ``current_head``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-44797 |
|
SSRF (Server-Side Request Forgery) in nautobot (CVE-2026-44797)
SSRF in nautobot (CVE-2026-44797). Confidential information can be exposed externally. Exploitable via ``Webhook``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-44796 |
|
Vulnerability in nautobot (CVE-2026-44796)
vulnerability in nautobot (CVE-2026-44796). Risk of unauthorized operations or information disclosure. Exploitable via ``find``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-44794 |
|
Vulnerability in nautobot (CVE-2026-44794)
vulnerability in nautobot (CVE-2026-44794). Risk of unauthorized operations or information disclosure. Exploitable via ``GenericForeignKey``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-44774 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-44774)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-44774). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/providers/rest`. Mitigation: upgrade to `3.6.17` or later.
|
| CVE-2026-44740 |
|
Vulnerability in github.com/go-git/go-billy/v5 (CVE-2026-44740)
vulnerability in github.com/go-git/go-billy/v5 (CVE-2026-44740). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.9.0` or later.
|
| CVE-2026-45134 |
|
Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44724 |
|
OS Command Injection in systeminformation (CVE-2026-44724)
OS command injection in systeminformation (CVE-2026-44724). Successful exploitation can lead to full system takeover. Exploitable via ``systeminformation``. Mitigation: upgrade to `5.31.6` or later.
|
| CVE-2026-8369 |
|
Vulnerability in CVE-2026-8369 (CVE-2026-8369)
vulnerability in CVE-2026-8369 (CVE-2026-8369). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4608 |
|
SQL Injection in wordpress (CVE-2026-4608)
SQL injection in wordpress (CVE-2026-4608). Confidential information can be exposed externally.
|
| CVE-2026-4607 |
|
Vulnerability in wordpress (CVE-2026-4607)
vulnerability in wordpress (CVE-2026-4607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4609 |
|
Vulnerability in wordpress (CVE-2026-4609)
vulnerability in wordpress (CVE-2026-4609). Data can be tampered with by attackers.
|
| CVE-2026-39806 |
|
Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-37430 |
|
Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37429 |
|
SQL Injection in sqli (CVE-2026-37429)
SQL injection in sqli (CVE-2026-37429). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39803 |
|
Vulnerability in bandit (CVE-2026-39803)
vulnerability in bandit (CVE-2026-39803). Risk of unauthorized operations or information disclosure. Exploitable via ``Plug.Parsers``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-37428 |
|
SQL Injection in sqli (CVE-2026-37428)
SQL injection in sqli (CVE-2026-37428). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42948 |
|
Cross-Site Scripting (XSS) in CVE-2026-42948 (CVE-2026-42948)
cross-site scripting in CVE-2026-42948 (CVE-2026-42948). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6177 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42950 |
|
Vulnerability in CVE-2026-42950 (CVE-2026-42950)
vulnerability in CVE-2026-42950 (CVE-2026-42950). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42062 |
|
OS Command Injection in CVE-2026-42062 (CVE-2026-42062)
OS command injection in CVE-2026-42062 (CVE-2026-42062). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40621 |
|
Vulnerability in CVE-2026-40621 (CVE-2026-40621)
vulnerability in CVE-2026-40621 (CVE-2026-40621). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3425 |
|
Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3426 |
|
Vulnerability in wordpress (CVE-2026-3426)
vulnerability in wordpress (CVE-2026-3426). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35506 |
|
OS Command Injection in CVE-2026-35506 (CVE-2026-35506)
OS command injection in CVE-2026-35506 (CVE-2026-35506). Successful exploitation can lead to full system takeover.
|