Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-8292 Vulnerability in c (CVE-2026-8292)
vulnerability in c (CVE-2026-8292). Risk of unauthorized operations or information disclosure.
CVE-2026-7817 Vulnerability in pgadmin4 (CVE-2026-7817)
vulnerability in pgadmin4 (CVE-2026-7817). Confidential information can be exposed externally. Mitigation: upgrade to `9.15` or later.
CVE-2026-7818 Unsafe Deserialization in pgadmin4 (CVE-2026-7818)
vulnerability in pgadmin4 (CVE-2026-7818). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
CVE-2026-7816 OS Command Injection in pgadmin4 (CVE-2026-7816)
OS command injection in pgadmin4 (CVE-2026-7816). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
CVE-2026-7815 SQL Injection in pgadmin4 (CVE-2026-7815)
SQL injection in pgadmin4 (CVE-2026-7815). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
CVE-2026-7814 Cross-Site Scripting (XSS) in pgadmin4 (CVE-2026-7814)
cross-site scripting in pgadmin4 (CVE-2026-7814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.15` or later.
CVE-2026-6815 Path Traversal in github.com/casdoor/casdoor (CVE-2026-6815)
path traversal in github.com/casdoor/casdoor (CVE-2026-6815). Risk of unauthorized operations or information disclosure.
CVE-2026-7813 Vulnerability in pgadmin4 (CVE-2026-7813)
vulnerability in pgadmin4 (CVE-2026-7813). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
CVE-2026-6093 SQL Injection in sqli (CVE-2026-6093)
SQL injection in sqli (CVE-2026-6093). Risk of unauthorized operations or information disclosure.
CVE-2026-42613 Vulnerability in getgrav/grav (CVE-2026-42613)
vulnerability in getgrav/grav (CVE-2026-42613). Confidential information can be exposed externally. Exploitable via ``groups``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42611 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42611)
cross-site scripting in getgrav/grav (CVE-2026-42611). Confidential information can be exposed externally. Exploitable via `POST /grav-log`. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42612 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42612)
cross-site scripting in getgrav/grav (CVE-2026-42612). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42841 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42841)
cross-site scripting in getgrav/grav (CVE-2026-42841). Risk of unauthorized operations or information disclosure. Exploitable via ``onload``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42610 Authorization Flaw in getgrav/grav (CVE-2026-42610)
vulnerability in getgrav/grav (CVE-2026-42610). Confidential information can be exposed externally. Exploitable via ``editor_chen``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42608 Path Traversal in getgrav/grav (CVE-2026-42608)
path traversal in getgrav/grav (CVE-2026-42608). Confidential information can be exposed externally. Exploitable via `POST /contact`. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42609 Privilege Escalation in getgrav/grav (CVE-2026-42609)
vulnerability in getgrav/grav (CVE-2026-42609). Data can be tampered with by attackers. Exploitable via ``d904efc33``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42607 Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-3320 Cross-Site Scripting (XSS) in CVE-2026-3320 (CVE-2026-3320)
cross-site scripting in CVE-2026-3320 (CVE-2026-3320). Risk of unauthorized operations or information disclosure.
CVE-2026-34089 Cross-Site Scripting (XSS) in CVE-2026-34089 (CVE-2026-34089)
cross-site scripting in CVE-2026-34089 (CVE-2026-34089). Risk of unauthorized operations or information disclosure.
CVE-2026-3319 Cross-Site Scripting (XSS) in CVE-2026-3319 (CVE-2026-3319)
cross-site scripting in CVE-2026-3319 (CVE-2026-3319). Risk of unauthorized operations or information disclosure.
CVE-2026-34087 Information Disclosure in mediawiki (CVE-2026-34087)
vulnerability in mediawiki (CVE-2026-34087). Confidential information can be exposed externally.
CVE-2026-34088 Information Disclosure in mediawiki (CVE-2026-34088)
vulnerability in mediawiki (CVE-2026-34088). Confidential information can be exposed externally.
CVE-2026-34090 Information Disclosure in mediawiki (CVE-2026-34090)
vulnerability in mediawiki (CVE-2026-34090). Confidential information can be exposed externally.
CVE-2026-34091 Information Disclosure in mediawiki (CVE-2026-34091)
vulnerability in mediawiki (CVE-2026-34091). Confidential information can be exposed externally.
CVE-2026-34092 Information Disclosure in mediawiki (CVE-2026-34092)
vulnerability in mediawiki (CVE-2026-34092). Confidential information can be exposed externally.
CVE-2025-65416 Unrestricted File Upload in CVE-2025-65416 (CVE-2025-65416)
vulnerability in CVE-2025-65416 (CVE-2025-65416). Risk of unauthorized operations or information disclosure.
CVE-2026-34086 Vulnerability in CVE-2026-34086 (CVE-2026-34086)
vulnerability in CVE-2026-34086 (CVE-2026-34086). Risk of unauthorized operations or information disclosure.
CVE-2025-65417 Cross-Site Scripting (XSS) in CVE-2025-65417 (CVE-2025-65417)
cross-site scripting in CVE-2025-65417 (CVE-2025-65417). Risk of unauthorized operations or information disclosure.
CVE-2026-31246 OS Command Injection in gpt-pilot (CVE-2026-31246)
OS command injection in gpt-pilot (CVE-2026-31246). Risk of unauthorized operations or information disclosure.
CVE-2026-31247 Vulnerability in docling (CVE-2026-31247)
vulnerability in docling (CVE-2026-31247). Risk of unauthorized operations or information disclosure.
CVE-2025-65418 Path Traversal in path-traversal (CVE-2025-65418)
path traversal in path-traversal (CVE-2025-65418). Confidential information can be exposed externally.
CVE-2025-61308 Cross-Site Scripting (XSS) in CVE-2025-61308 (CVE-2025-61308)
cross-site scripting in CVE-2025-61308 (CVE-2025-61308). Risk of unauthorized operations or information disclosure.
CVE-2025-61309 Cross-Site Scripting (XSS) in CVE-2025-61309 (CVE-2025-61309)
cross-site scripting in CVE-2025-61309 (CVE-2025-61309). Risk of unauthorized operations or information disclosure.
CVE-2025-61310 Cross-Site Scripting (XSS) in CVE-2025-61310 (CVE-2025-61310)
cross-site scripting in CVE-2025-61310 (CVE-2025-61310). Risk of unauthorized operations or information disclosure.
CVE-2025-61311 Cross-Site Scripting (XSS) in CVE-2025-61311 (CVE-2025-61311)
cross-site scripting in CVE-2025-61311 (CVE-2025-61311). Confidential information can be exposed externally.
CVE-2025-61312 Cross-Site Scripting (XSS) in CVE-2025-61312 (CVE-2025-61312)
cross-site scripting in CVE-2025-61312 (CVE-2025-61312). Confidential information can be exposed externally.
CVE-2025-61313 Cross-Site Scripting (XSS) in CVE-2025-61313 (CVE-2025-61313)
cross-site scripting in CVE-2025-61313 (CVE-2025-61313). Confidential information can be exposed externally.
CVE-2025-61314 Cross-Site Scripting (XSS) in CVE-2025-61314 (CVE-2025-61314)
cross-site scripting in CVE-2025-61314 (CVE-2025-61314). Confidential information can be exposed externally.
CVE-2025-61305 Cross-Site Scripting (XSS) in CVE-2025-61305 (CVE-2025-61305)
cross-site scripting in CVE-2025-61305 (CVE-2025-61305). Risk of unauthorized operations or information disclosure.
CVE-2025-61306 Cross-Site Scripting (XSS) in CVE-2025-61306 (CVE-2025-61306)
cross-site scripting in CVE-2025-61306 (CVE-2025-61306). Risk of unauthorized operations or information disclosure.
CVE-2025-61307 Cross-Site Scripting (XSS) in CVE-2025-61307 (CVE-2025-61307)
cross-site scripting in CVE-2025-61307 (CVE-2025-61307). Risk of unauthorized operations or information disclosure.
CVE-2026-40217 Vulnerability in litellm (CVE-2026-40217)
vulnerability in litellm (CVE-2026-40217). Successful exploitation can lead to full system takeover. Exploitable via `POST /guardrails/test_custom_code`. Mitigation: upgrade to `1.83.10` or later.
CVE-2026-44543 Vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543)
vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543). Confidential information can be exposed externally. Exploitable via ``helperPod.yaml``. Mitigation: upgrade to `0.0.36` or later.
CVE-2026-44521 SQL Injection in studio-42/elfinder (CVE-2026-44521)
SQL injection in studio-42/elfinder (CVE-2026-44521). Successful exploitation can lead to full system takeover. Exploitable via ``elFinderVolumeMySQL``. Mitigation: upgrade to `2.1.68` or later.
CVE-2026-44516 Vulnerability in com.ritense.valtimo:web (CVE-2026-44516)
vulnerability in com.ritense.valtimo:web (CVE-2026-44516). Confidential information can be exposed externally. Exploitable via ``LoggingRestClientCustomizer``. Mitigation: upgrade to `13.26.0` or later.
CVE-2026-44483 Vulnerability in @rvf/set-get (CVE-2026-44483)
vulnerability in @rvf/set-get (CVE-2026-44483). Data can be tampered with by attackers. Exploitable via ``setPath``. Mitigation: upgrade to `6.0.4` or later.
CVE-2026-44477 Vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477)
vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477). Successful exploitation can lead to full system takeover. Exploitable via ``postgres``. Mitigation: upgrade to `1.29.1` or later.
CVE-2026-44581 Cross-Site Scripting (XSS) in next (CVE-2026-44581)
cross-site scripting in next (CVE-2026-44581). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44580 Cross-Site Scripting (XSS) in next (CVE-2026-44580)
cross-site scripting in next (CVE-2026-44580). Risk of unauthorized operations or information disclosure. Exploitable via ``beforeInteractive``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44579 Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →