Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44183 |
|
Vulnerability in CVE-2026-44183 (CVE-2026-44183)
vulnerability in CVE-2026-44183 (CVE-2026-44183). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.10` or later.
|
| CVE-2026-44166 |
|
Authentication Bypass in github.com/pocketbase/pocketbase (CVE-2026-44166)
authentication bypass in github.com/pocketbase/pocketbase (CVE-2026-44166). Data can be tampered with by attackers. Mitigation: upgrade to `0.37.4` or later.
|
| CVE-2026-44196 |
|
Authentication Bypass in CVE-2026-44196 (CVE-2026-44196)
authentication bypass in CVE-2026-44196 (CVE-2026-44196). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.3` or later.
|
| CVE-2026-43929 |
|
Vulnerability in ssrfcheck (CVE-2026-43929)
vulnerability in ssrfcheck (CVE-2026-43929). Confidential information can be exposed externally. Exploitable via ``ssrfcheck``.
|
| CVE-2026-43892 |
|
Cross-Site Scripting (XSS) in CVE-2026-43892 (CVE-2026-43892)
cross-site scripting in CVE-2026-43892 (CVE-2026-43892). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.16` or later.
|
| CVE-2026-43891 |
|
Vulnerability in changedetection.io (CVE-2026-43891)
vulnerability in changedetection.io (CVE-2026-43891). Confidential information can be exposed externally. Exploitable via ``history.txt``. Mitigation: upgrade to `0.55.1` or later.
|
| CVE-2026-42899 |
|
Vulnerability in dotnet (CVE-2026-42899)
vulnerability in dotnet (CVE-2026-42899). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.27, 9.0.16, 10.0.8` or later.
|
| CVE-2026-42303 |
|
Vulnerability in ethyca-fides (CVE-2026-42303)
vulnerability in ethyca-fides (CVE-2026-42303). Risk of unauthorized operations or information disclosure. Exploitable via ``true``. Mitigation: upgrade to `2.83.2` or later.
|
| CVE-2026-42300 |
|
Vulnerability in github.com/l3montree-dev/devguard (CVE-2026-42300)
vulnerability in github.com/l3montree-dev/devguard (CVE-2026-42300). Risk of unauthorized operations or information disclosure. Exploitable via ``SessionMiddleware``. Mitigation: upgrade to `1.2.2` or later.
|
| CVE-2026-42541 |
|
Vulnerability in github.com/kubewarden/kubewarden-controller (CVE-2026-42541)
vulnerability in github.com/kubewarden/kubewarden-controller (CVE-2026-42541). Risk of unauthorized operations or information disclosure. Exploitable via ``can_i``. Mitigation: upgrade to `1.35.0` or later.
|
| CVE-2026-42175 |
|
SSRF (Server-Side Request Forgery) in requests-hardened (CVE-2026-42175)
SSRF in requests-hardened (CVE-2026-42175). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
|
| CVE-2026-42177 |
|
Vulnerability in CVE-2026-42177 (CVE-2026-42177)
vulnerability in CVE-2026-42177 (CVE-2026-42177). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.1` or later.
|
| CVE-2026-41612 |
|
Path Traversal in path-traversal (CVE-2026-41612)
path traversal in path-traversal (CVE-2026-41612). Confidential information can be exposed externally.
|
| CVE-2026-42141 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42141)
SSRF in ssrf (CVE-2026-42141). Confidential information can be exposed externally. Mitigation: upgrade to `4.4.1` or later.
|
| CVE-2026-42048 |
|
Path Traversal in langflow (CVE-2026-42048)
path traversal in langflow (CVE-2026-42048). Data can be tampered with by attackers. Exploitable via `DELETE /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-42045 |
|
Cross-Site Scripting (XSS) in @lobehub/lobehub (CVE-2026-42045)
cross-site scripting in @lobehub/lobehub (CVE-2026-42045). Confidential information can be exposed externally. Exploitable via ``runCommand``.
|
| CVE-2026-41613 |
|
OS Command Injection in microsoft (CVE-2026-41613)
OS command injection in microsoft (CVE-2026-41613). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41611 |
|
Command Injection in microsoft (CVE-2026-41611)
command injection in microsoft (CVE-2026-41611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41610 |
|
Vulnerability in microsoft (CVE-2026-41610)
vulnerability in microsoft (CVE-2026-41610). Confidential information can be exposed externally.
|
| CVE-2026-41513 |
|
Open Redirect in CVE-2026-41513 (CVE-2026-41513)
vulnerability in CVE-2026-41513 (CVE-2026-41513). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41109 |
|
Vulnerability in microsoft (CVE-2026-41109)
vulnerability in microsoft (CVE-2026-41109). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35433 |
|
Vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433)
vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32177 |
|
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
|
| CVE-2026-32175 |
|
Vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175)
vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-8407 |
|
Vulnerability in devolutions (CVE-2026-8407)
vulnerability in devolutions (CVE-2026-8407). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43993 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43993)
SSRF in ssrf (CVE-2026-43993). Confidential information can be exposed externally. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-43992 |
|
Information Disclosure in CVE-2026-43992 (CVE-2026-43992)
vulnerability in CVE-2026-43992 (CVE-2026-43992). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-5089 |
|
Vulnerability in CVE-2026-5089 (CVE-2026-5089)
vulnerability in CVE-2026-5089 (CVE-2026-5089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43991 |
|
OS Command Injection in CVE-2026-43991 (CVE-2026-43991)
OS command injection in CVE-2026-43991 (CVE-2026-43991). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-43990 |
|
Command Injection in c (CVE-2026-43990)
command injection in c (CVE-2026-43990). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-43989 |
|
Vulnerability in CVE-2026-43989 (CVE-2026-43989)
vulnerability in CVE-2026-43989 (CVE-2026-43989). Confidential information can be exposed externally. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-25431 |
|
Vulnerability in CVE-2026-25431 (CVE-2026-25431)
vulnerability in CVE-2026-25431 (CVE-2026-25431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40300 |
|
Vulnerability in zulip (CVE-2026-40300)
vulnerability in zulip (CVE-2026-40300). Confidential information can be exposed externally. Mitigation: upgrade to `12.0` or later.
|
| CVE-2026-20914 |
|
Vulnerability in dos (CVE-2026-20914)
vulnerability in dos (CVE-2026-20914). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20879 |
|
Out-of-Bounds Write in dos (CVE-2026-20879)
out-of-bounds write in dos (CVE-2026-20879). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20887 |
|
Vulnerability in dos (CVE-2026-20887)
vulnerability in dos (CVE-2026-20887). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20905 |
|
Vulnerability in dos (CVE-2026-20905)
vulnerability in dos (CVE-2026-20905). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20794 |
|
Vulnerability in CVE-2026-20794 (CVE-2026-20794)
vulnerability in CVE-2026-20794 (CVE-2026-20794). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20782 |
|
Vulnerability in dos (CVE-2026-20782)
vulnerability in dos (CVE-2026-20782). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20771 |
|
Vulnerability in dos (CVE-2026-20771)
vulnerability in dos (CVE-2026-20771). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20772 |
|
Vulnerability in CVE-2026-20772 (CVE-2026-20772)
vulnerability in CVE-2026-20772 (CVE-2026-20772). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20754 |
|
Vulnerability in dos (CVE-2026-20754)
vulnerability in dos (CVE-2026-20754). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20751 |
|
Out-of-Bounds Read in dos (CVE-2026-20751)
vulnerability in dos (CVE-2026-20751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20753 |
|
Vulnerability in CVE-2026-20753 (CVE-2026-20753)
vulnerability in CVE-2026-20753 (CVE-2026-20753). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20718 |
|
Vulnerability in CVE-2026-20718 (CVE-2026-20718)
vulnerability in CVE-2026-20718 (CVE-2026-20718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20738 |
|
Vulnerability in CVE-2026-20738 (CVE-2026-20738)
vulnerability in CVE-2026-20738 (CVE-2026-20738). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20717 |
|
Vulnerability in dos (CVE-2026-20717)
vulnerability in dos (CVE-2026-20717). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65719 |
|
Code Injection in kubectl-mcp-server (CVE-2025-65719)
code injection in kubectl-mcp-server (CVE-2025-65719). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2025-36515 |
|
Vulnerability in CVE-2025-36515 (CVE-2025-36515)
vulnerability in CVE-2025-36515 (CVE-2025-36515). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-35969 |
|
Vulnerability in CVE-2025-35969 (CVE-2025-35969)
vulnerability in CVE-2025-35969 (CVE-2025-35969). Risk of unauthorized operations or information disclosure.
|