Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-28860 |
|
Vulnerability in apple (CVE-2026-28860)
vulnerability in apple (CVE-2026-28860). Confidential information can be exposed externally.
|
| CVE-2026-28883 |
|
Use-After-Free in apple (CVE-2026-28883)
vulnerability in apple (CVE-2026-28883). Confidential information can be exposed externally.
|
| CVE-2026-28848 |
|
Vulnerability in apple (CVE-2026-28848)
vulnerability in apple (CVE-2026-28848). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28897 |
|
Vulnerability in apple (CVE-2026-28897)
vulnerability in apple (CVE-2026-28897). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28846 |
|
Vulnerability in apple (CVE-2026-28846)
vulnerability in apple (CVE-2026-28846). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28840 |
|
Privilege Escalation in apple (CVE-2026-28840)
vulnerability in apple (CVE-2026-28840). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28830 |
|
Vulnerability in apple (CVE-2026-28830)
vulnerability in apple (CVE-2026-28830). Confidential information can be exposed externally.
|
| CVE-2026-28819 |
|
Out-of-Bounds Write in apple (CVE-2026-28819)
out-of-bounds write in apple (CVE-2026-28819). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28914 |
|
Vulnerability in apple (CVE-2026-28914)
vulnerability in apple (CVE-2026-28914). Data can be tampered with by attackers.
|
| CVE-2026-28872 |
|
Vulnerability in apple (CVE-2026-28872)
vulnerability in apple (CVE-2026-28872). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28908 |
|
Vulnerability in dos (CVE-2026-28908)
vulnerability in dos (CVE-2026-28908). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20696 |
|
Vulnerability in apple (CVE-2026-20696)
vulnerability in apple (CVE-2026-20696). Confidential information can be exposed externally.
|
| CVE-2026-28873 |
|
Authorization Flaw in apple (CVE-2026-28873)
vulnerability in apple (CVE-2026-28873). Confidential information can be exposed externally.
|
| CVE-2026-28910 |
|
Vulnerability in apple (CVE-2026-28910)
vulnerability in apple (CVE-2026-28910). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28847 |
|
Buffer Overflow in apple (CVE-2026-28847)
vulnerability in apple (CVE-2026-28847). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28905 |
|
Buffer Overflow in apple (CVE-2026-28905)
vulnerability in apple (CVE-2026-28905). Confidential information can be exposed externally.
|
| CVE-2026-28913 |
|
Buffer Overflow in apple (CVE-2026-28913)
vulnerability in apple (CVE-2026-28913). Confidential information can be exposed externally.
|
| CVE-2026-28902 |
|
Buffer Overflow in apple (CVE-2026-28902)
vulnerability in apple (CVE-2026-28902). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28901 |
|
Buffer Overflow in apple (CVE-2026-28901)
vulnerability in apple (CVE-2026-28901). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28903 |
|
Buffer Overflow in apple (CVE-2026-28903)
vulnerability in apple (CVE-2026-28903). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28904 |
|
Buffer Overflow in apple (CVE-2026-28904)
vulnerability in apple (CVE-2026-28904). Confidential information can be exposed externally.
|
| CVE-2026-43874 |
|
Code Injection in wwbn/avideo (CVE-2026-43874)
code injection in wwbn/avideo (CVE-2026-43874). Risk of unauthorized operations or information disclosure. Exploitable via ``autoEvalCodeOnHTML``.
|
| CVE-2026-42888 |
|
Path Traversal in CVE-2026-42888 (CVE-2026-42888)
path traversal in CVE-2026-42888 (CVE-2026-42888). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.32.2` or later.
|
| CVE-2026-41489 |
|
Vulnerability in privilege-escalation (CVE-2026-41489)
vulnerability in privilege-escalation (CVE-2026-41489). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8319 |
|
Vulnerability in ai-agents (CVE-2026-8319)
vulnerability in ai-agents (CVE-2026-8319). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8320 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-8320 (CVE-2026-8320)
SSRF in CVE-2026-8320 (CVE-2026-8320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8321 |
|
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
|
| CVE-2026-45026 |
|
Cross-Site Scripting (XSS) in CVE-2026-45026 (CVE-2026-45026)
cross-site scripting in CVE-2026-45026 (CVE-2026-45026). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-45025 |
|
Cross-Site Scripting (XSS) in CVE-2026-45025 (CVE-2026-45025)
cross-site scripting in CVE-2026-45025 (CVE-2026-45025). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-42887 |
|
Cross-Site Scripting (XSS) in CVE-2026-42887 (CVE-2026-42887)
cross-site scripting in CVE-2026-42887 (CVE-2026-42887). Confidential information can be exposed externally. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2026-42882 |
|
Path Traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882)
path traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882). Confidential information can be exposed externally. Exploitable via `PUT /upload/foo/drafts/../restricted/`. Mitigation: upgrade to `0.0.0-20260424211602-1320e4abd46a` or later.
|
| CVE-2026-42883 |
|
Authorization Flaw in CVE-2026-42883 (CVE-2026-42883)
vulnerability in CVE-2026-42883 (CVE-2026-42883). Confidential information can be exposed externally. Exploitable via `GET /api/libraries/`. Mitigation: upgrade to `2.32.2` or later.
|
| CVE-2026-42884 |
|
Authorization Flaw in CVE-2026-42884 (CVE-2026-42884)
vulnerability in CVE-2026-42884 (CVE-2026-42884). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/collections`. Mitigation: upgrade to `2.32.2` or later.
|
| CVE-2026-42885 |
|
Path Traversal in CVE-2026-42885 (CVE-2026-42885)
path traversal in CVE-2026-42885 (CVE-2026-42885). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/filesystem/pathexists`. Mitigation: upgrade to `2.32.2` or later.
|
| CVE-2026-42875 |
|
Vulnerability in github.com/external-secrets/external-secrets (CVE-2026-42875)
vulnerability in github.com/external-secrets/external-secrets (CVE-2026-42875). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigMap``. Mitigation: upgrade to `2.4.0` or later.
|
| CVE-2026-42869 |
|
Authentication Bypass in CVE-2026-42869 (CVE-2026-42869)
authentication bypass in CVE-2026-42869 (CVE-2026-42869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.57` or later.
|
| CVE-2026-42870 |
|
Cross-Site Scripting (XSS) in CVE-2026-42870 (CVE-2026-42870)
cross-site scripting in CVE-2026-42870 (CVE-2026-42870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42872 |
|
Cross-Site Scripting (XSS) in CVE-2026-42872 (CVE-2026-42872)
cross-site scripting in CVE-2026-42872 (CVE-2026-42872). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42873 |
|
Information Disclosure in CVE-2026-42873 (CVE-2026-42873)
vulnerability in CVE-2026-42873 (CVE-2026-42873). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.10` or later.
|
| CVE-2026-42565 |
|
Open Redirect in @workos/authkit-session (CVE-2026-42565)
vulnerability in @workos/authkit-session (CVE-2026-42565). Risk of unauthorized operations or information disclosure. Exploitable via ``AuthService.handleCallback``. Mitigation: upgrade to `0.5.1` or later.
|
| CVE-2026-42050 |
|
Vulnerability in imagemagick (CVE-2026-42050)
vulnerability in imagemagick (CVE-2026-42050). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.1.2-21` or later.
|
| CVE-2026-2614 |
|
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
|
| CVE-2026-36734 |
|
Command Injection in CVE-2026-36734 (CVE-2026-36734)
command injection in CVE-2026-36734 (CVE-2026-36734). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44657 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44657)
cross-site scripting in mantisbt/mantisbt (CVE-2026-44657). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-44655 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44655)
cross-site scripting in mantisbt/mantisbt (CVE-2026-44655). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-44635 |
|
Vulnerability in kysely (CVE-2026-44635)
vulnerability in kysely (CVE-2026-44635). Confidential information can be exposed externally. Exploitable via ``DefaultQueryCompiler.visitJSONPathLeg``. Mitigation: upgrade to `0.28.17` or later.
|
| CVE-2026-43979 |
|
Cross-Site Scripting (XSS) in local-deep-research (CVE-2026-43979)
cross-site scripting in local-deep-research (CVE-2026-43979). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/start_research`. Mitigation: upgrade to `1.6.0` or later.
|
| CVE-2026-43898 |
|
Code Injection in @nyariv/sandboxjs (CVE-2026-43898)
code injection in @nyariv/sandboxjs (CVE-2026-43898). Successful exploitation can lead to full system takeover. Exploitable via ``Function.caller``. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-42071 |
|
Vulnerability in mantisbt/mantisbt (CVE-2026-42071)
vulnerability in mantisbt/mantisbt (CVE-2026-42071). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/rest/issues/{id}/files`. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-42070 |
|
Authorization Flaw in mantisbt/mantisbt (CVE-2026-42070)
vulnerability in mantisbt/mantisbt (CVE-2026-42070). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|