Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8051 |
|
OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8110 |
|
Vulnerability in ivanti (CVE-2026-8110)
vulnerability in ivanti (CVE-2026-8110). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8043 |
|
Vulnerability in ivanti (CVE-2026-8043)
vulnerability in ivanti (CVE-2026-8043). Confidential information can be exposed externally.
|
| CVE-2026-8109 |
|
Vulnerability in ivanti (CVE-2026-8109)
vulnerability in ivanti (CVE-2026-8109). Confidential information can be exposed externally.
|
| CVE-2026-7432 |
|
Vulnerability in ivanti (CVE-2026-7432)
vulnerability in ivanti (CVE-2026-7432). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7431 |
|
Vulnerability in ivanti (CVE-2026-7431)
vulnerability in ivanti (CVE-2026-7431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6866 |
|
Vulnerability in schneider-electric (CVE-2026-6866)
vulnerability in schneider-electric (CVE-2026-6866). Confidential information can be exposed externally.
|
| CVE-2026-5061 |
|
Vulnerability in consul (CVE-2026-5061)
vulnerability in consul (CVE-2026-5061). Confidential information can be exposed externally. Mitigation: upgrade to `0.42.0` or later.
|
| CVE-2026-43937 |
|
Vulnerability in YAFNET.Core (CVE-2026-43937)
vulnerability in YAFNET.Core (CVE-2026-43937). Successful exploitation can lead to full system takeover. Exploitable via ``PageSecurityCheckAttribute``. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-43938 |
|
Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-43939 |
|
Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-42260 |
|
SSRF (Server-Side Request Forgery) in open-websearch (CVE-2026-42260)
SSRF in open-websearch (CVE-2026-42260). Confidential information can be exposed externally. Exploitable via `GET /internal`. Mitigation: upgrade to `2.1.7` or later.
|
| CVE-2026-43983 |
|
Vulnerability in pocket-id (CVE-2026-43983)
vulnerability in pocket-id (CVE-2026-43983). Confidential information can be exposed externally. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-32687 |
|
SQL Injection in postgrex (CVE-2026-32687)
SQL injection in postgrex (CVE-2026-32687). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.2` or later.
|
| CVE-2025-70842 |
|
Cross-Site Scripting (XSS) in CVE-2025-70842 (CVE-2025-70842)
cross-site scripting in CVE-2025-70842 (CVE-2025-70842). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45091 |
|
Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
|
| CVE-2026-45090 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090). Risk of unauthorized operations or information disclosure. Exploitable via ``ParameterAnalysis``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45089 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089). Data can be tampered with by attackers. Exploitable via ``output``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45088 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088). Confidential information can be exposed externally. Exploitable via ``model.Options``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45087 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087). Successful exploitation can lead to full system takeover. Exploitable via `POST /scan`. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-44295 |
|
Code Injection in protobufjs-cli (CVE-2026-44295)
code injection in protobufjs-cli (CVE-2026-44295). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.0.2` or later.
|
| CVE-2026-44294 |
|
Vulnerability in protobufjs (CVE-2026-44294)
vulnerability in protobufjs (CVE-2026-44294). Risk of unauthorized operations or information disclosure. Exploitable via ``fromObject``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44293 |
|
Code Injection in protobufjs (CVE-2026-44293)
code injection in protobufjs (CVE-2026-44293). Successful exploitation can lead to full system takeover. Exploitable via ``toObject``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44292 |
|
Vulnerability in protobufjs (CVE-2026-44292)
vulnerability in protobufjs (CVE-2026-44292). Risk of unauthorized operations or information disclosure. Exploitable via ``__proto__``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44291 |
|
Vulnerability in protobufjs (CVE-2026-44291)
vulnerability in protobufjs (CVE-2026-44291). Successful exploitation can lead to full system takeover. Exploitable via ``Object.prototype``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44290 |
|
Vulnerability in protobufjs (CVE-2026-44290)
vulnerability in protobufjs (CVE-2026-44290). Risk of unauthorized operations or information disclosure. Exploitable via ``parse``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-42290 |
|
OS Command Injection in protobufjs-cli (CVE-2026-42290)
OS command injection in protobufjs-cli (CVE-2026-42290). Successful exploitation can lead to full system takeover. Exploitable via ``pbts``. Mitigation: upgrade to `2.0.2` or later.
|
| CVE-2026-8391 |
|
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
|
| CVE-2026-8390 |
|
Use-After-Free in mozilla (CVE-2026-8390)
vulnerability in mozilla (CVE-2026-8390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8388 |
|
Buffer Overflow in mozilla (CVE-2026-8388)
vulnerability in mozilla (CVE-2026-8388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8389 |
|
Buffer Overflow in mozilla (CVE-2026-8389)
vulnerability in mozilla (CVE-2026-8389). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6865 |
|
Path Traversal in path-traversal (CVE-2026-6865)
path traversal in path-traversal (CVE-2026-6865). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43930 |
|
Vulnerability in parse-server (CVE-2026-43930)
vulnerability in parse-server (CVE-2026-43930). Data can be tampered with by attackers. Exploitable via ``applyAuthDataOptimisticLock``. Mitigation: upgrade to `8.6.76` or later.
|
| CVE-2026-43916 |
|
Out-of-Bounds Read in c (CVE-2026-43916)
vulnerability in c (CVE-2026-43916). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.0-alpha` or later.
|
| CVE-2026-42006 |
|
Vulnerability in dovecot (CVE-2026-42006)
vulnerability in dovecot (CVE-2026-42006). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40638 |
|
Vulnerability in dell (CVE-2026-40638)
vulnerability in dell (CVE-2026-40638). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40016 |
|
Vulnerability in dovecot (CVE-2026-40016)
vulnerability in dovecot (CVE-2026-40016). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40020 |
|
Vulnerability in dovecot (CVE-2026-40020)
vulnerability in dovecot (CVE-2026-40020). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35071 |
|
OS Command Injection in dell (CVE-2026-35071)
OS command injection in dell (CVE-2026-35071). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27851 |
|
Vulnerability in dovecot (CVE-2026-27851)
vulnerability in dovecot (CVE-2026-27851). Confidential information can be exposed externally.
|
| CVE-2025-12659 |
|
Vulnerability in CVE-2025-12659 (CVE-2025-12659)
vulnerability in CVE-2025-12659 (CVE-2025-12659). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45218 |
|
SQL Injection in wordpress (CVE-2026-45218)
SQL injection in wordpress (CVE-2026-45218). Confidential information can be exposed externally.
|
| CVE-2026-42741 |
|
SQL Injection in sqli (CVE-2026-42741)
SQL injection in sqli (CVE-2026-42741). Confidential information can be exposed externally.
|
| CVE-2026-42742 |
|
SQL Injection in sqli (CVE-2026-42742)
SQL injection in sqli (CVE-2026-42742). Confidential information can be exposed externally.
|
| CVE-2026-45211 |
|
SQL Injection in sqli (CVE-2026-45211)
SQL injection in sqli (CVE-2026-45211). Confidential information can be exposed externally.
|
| CVE-2026-45213 |
|
SQL Injection in sqli (CVE-2026-45213)
SQL injection in sqli (CVE-2026-45213). Confidential information can be exposed externally.
|
| CVE-2026-45214 |
|
SQL Injection in sqli (CVE-2026-45214)
SQL injection in sqli (CVE-2026-45214). Confidential information can be exposed externally.
|
| CVE-2026-45210 |
|
Vulnerability in CVE-2026-45210 (CVE-2026-45210)
vulnerability in CVE-2026-45210 (CVE-2026-45210). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45212 |
|
Vulnerability in c (CVE-2026-45212)
vulnerability in c (CVE-2026-45212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2465 |
|
Authorization Flaw in privilege-escalation (CVE-2026-2465)
vulnerability in privilege-escalation (CVE-2026-2465). Successful exploitation can lead to full system takeover.
|