Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8292 |
|
Vulnerability in c (CVE-2026-8292)
vulnerability in c (CVE-2026-8292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7817 |
|
Vulnerability in pgadmin4 (CVE-2026-7817)
vulnerability in pgadmin4 (CVE-2026-7817). Confidential information can be exposed externally. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7818 |
|
Unsafe Deserialization in pgadmin4 (CVE-2026-7818)
vulnerability in pgadmin4 (CVE-2026-7818). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7816 |
|
OS Command Injection in pgadmin4 (CVE-2026-7816)
OS command injection in pgadmin4 (CVE-2026-7816). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7815 |
|
SQL Injection in pgadmin4 (CVE-2026-7815)
SQL injection in pgadmin4 (CVE-2026-7815). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7814 |
|
Cross-Site Scripting (XSS) in pgadmin4 (CVE-2026-7814)
cross-site scripting in pgadmin4 (CVE-2026-7814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-6815 |
|
Path Traversal in github.com/casdoor/casdoor (CVE-2026-6815)
path traversal in github.com/casdoor/casdoor (CVE-2026-6815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7813 |
|
Vulnerability in pgadmin4 (CVE-2026-7813)
vulnerability in pgadmin4 (CVE-2026-7813). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-6093 |
|
SQL Injection in sqli (CVE-2026-6093)
SQL injection in sqli (CVE-2026-6093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42613 |
|
Vulnerability in getgrav/grav (CVE-2026-42613)
vulnerability in getgrav/grav (CVE-2026-42613). Confidential information can be exposed externally. Exploitable via ``groups``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42611 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42611)
cross-site scripting in getgrav/grav (CVE-2026-42611). Confidential information can be exposed externally. Exploitable via `POST /grav-log`. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42612 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42612)
cross-site scripting in getgrav/grav (CVE-2026-42612). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42841 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42841)
cross-site scripting in getgrav/grav (CVE-2026-42841). Risk of unauthorized operations or information disclosure. Exploitable via ``onload``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42610 |
|
Authorization Flaw in getgrav/grav (CVE-2026-42610)
vulnerability in getgrav/grav (CVE-2026-42610). Confidential information can be exposed externally. Exploitable via ``editor_chen``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42608 |
|
Path Traversal in getgrav/grav (CVE-2026-42608)
path traversal in getgrav/grav (CVE-2026-42608). Confidential information can be exposed externally. Exploitable via `POST /contact`. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42609 |
|
Privilege Escalation in getgrav/grav (CVE-2026-42609)
vulnerability in getgrav/grav (CVE-2026-42609). Data can be tampered with by attackers. Exploitable via ``d904efc33``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42607 |
|
Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-3320 |
|
Cross-Site Scripting (XSS) in CVE-2026-3320 (CVE-2026-3320)
cross-site scripting in CVE-2026-3320 (CVE-2026-3320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34089 |
|
Cross-Site Scripting (XSS) in CVE-2026-34089 (CVE-2026-34089)
cross-site scripting in CVE-2026-34089 (CVE-2026-34089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3319 |
|
Cross-Site Scripting (XSS) in CVE-2026-3319 (CVE-2026-3319)
cross-site scripting in CVE-2026-3319 (CVE-2026-3319). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34087 |
|
Information Disclosure in mediawiki (CVE-2026-34087)
vulnerability in mediawiki (CVE-2026-34087). Confidential information can be exposed externally.
|
| CVE-2026-34088 |
|
Information Disclosure in mediawiki (CVE-2026-34088)
vulnerability in mediawiki (CVE-2026-34088). Confidential information can be exposed externally.
|
| CVE-2026-34090 |
|
Information Disclosure in mediawiki (CVE-2026-34090)
vulnerability in mediawiki (CVE-2026-34090). Confidential information can be exposed externally.
|
| CVE-2026-34091 |
|
Information Disclosure in mediawiki (CVE-2026-34091)
vulnerability in mediawiki (CVE-2026-34091). Confidential information can be exposed externally.
|
| CVE-2026-34092 |
|
Information Disclosure in mediawiki (CVE-2026-34092)
vulnerability in mediawiki (CVE-2026-34092). Confidential information can be exposed externally.
|
| CVE-2025-65416 |
|
Unrestricted File Upload in CVE-2025-65416 (CVE-2025-65416)
vulnerability in CVE-2025-65416 (CVE-2025-65416). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34086 |
|
Vulnerability in CVE-2026-34086 (CVE-2026-34086)
vulnerability in CVE-2026-34086 (CVE-2026-34086). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65417 |
|
Cross-Site Scripting (XSS) in CVE-2025-65417 (CVE-2025-65417)
cross-site scripting in CVE-2025-65417 (CVE-2025-65417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31246 |
|
OS Command Injection in gpt-pilot (CVE-2026-31246)
OS command injection in gpt-pilot (CVE-2026-31246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31247 |
|
Vulnerability in docling (CVE-2026-31247)
vulnerability in docling (CVE-2026-31247). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65418 |
|
Path Traversal in path-traversal (CVE-2025-65418)
path traversal in path-traversal (CVE-2025-65418). Confidential information can be exposed externally.
|
| CVE-2025-61308 |
|
Cross-Site Scripting (XSS) in CVE-2025-61308 (CVE-2025-61308)
cross-site scripting in CVE-2025-61308 (CVE-2025-61308). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61309 |
|
Cross-Site Scripting (XSS) in CVE-2025-61309 (CVE-2025-61309)
cross-site scripting in CVE-2025-61309 (CVE-2025-61309). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61310 |
|
Cross-Site Scripting (XSS) in CVE-2025-61310 (CVE-2025-61310)
cross-site scripting in CVE-2025-61310 (CVE-2025-61310). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61311 |
|
Cross-Site Scripting (XSS) in CVE-2025-61311 (CVE-2025-61311)
cross-site scripting in CVE-2025-61311 (CVE-2025-61311). Confidential information can be exposed externally.
|
| CVE-2025-61312 |
|
Cross-Site Scripting (XSS) in CVE-2025-61312 (CVE-2025-61312)
cross-site scripting in CVE-2025-61312 (CVE-2025-61312). Confidential information can be exposed externally.
|
| CVE-2025-61313 |
|
Cross-Site Scripting (XSS) in CVE-2025-61313 (CVE-2025-61313)
cross-site scripting in CVE-2025-61313 (CVE-2025-61313). Confidential information can be exposed externally.
|
| CVE-2025-61314 |
|
Cross-Site Scripting (XSS) in CVE-2025-61314 (CVE-2025-61314)
cross-site scripting in CVE-2025-61314 (CVE-2025-61314). Confidential information can be exposed externally.
|
| CVE-2025-61305 |
|
Cross-Site Scripting (XSS) in CVE-2025-61305 (CVE-2025-61305)
cross-site scripting in CVE-2025-61305 (CVE-2025-61305). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61306 |
|
Cross-Site Scripting (XSS) in CVE-2025-61306 (CVE-2025-61306)
cross-site scripting in CVE-2025-61306 (CVE-2025-61306). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61307 |
|
Cross-Site Scripting (XSS) in CVE-2025-61307 (CVE-2025-61307)
cross-site scripting in CVE-2025-61307 (CVE-2025-61307). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40217 |
|
Vulnerability in litellm (CVE-2026-40217)
vulnerability in litellm (CVE-2026-40217). Successful exploitation can lead to full system takeover. Exploitable via `POST /guardrails/test_custom_code`. Mitigation: upgrade to `1.83.10` or later.
|
| CVE-2026-44543 |
|
Vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543)
vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543). Confidential information can be exposed externally. Exploitable via ``helperPod.yaml``. Mitigation: upgrade to `0.0.36` or later.
|
| CVE-2026-44521 |
|
SQL Injection in studio-42/elfinder (CVE-2026-44521)
SQL injection in studio-42/elfinder (CVE-2026-44521). Successful exploitation can lead to full system takeover. Exploitable via ``elFinderVolumeMySQL``. Mitigation: upgrade to `2.1.68` or later.
|
| CVE-2026-44516 |
|
Vulnerability in com.ritense.valtimo:web (CVE-2026-44516)
vulnerability in com.ritense.valtimo:web (CVE-2026-44516). Confidential information can be exposed externally. Exploitable via ``LoggingRestClientCustomizer``. Mitigation: upgrade to `13.26.0` or later.
|
| CVE-2026-44483 |
|
Vulnerability in @rvf/set-get (CVE-2026-44483)
vulnerability in @rvf/set-get (CVE-2026-44483). Data can be tampered with by attackers. Exploitable via ``setPath``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-44477 |
|
Vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477)
vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477). Successful exploitation can lead to full system takeover. Exploitable via ``postgres``. Mitigation: upgrade to `1.29.1` or later.
|
| CVE-2026-44581 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44581)
cross-site scripting in next (CVE-2026-44581). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44580 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44580)
cross-site scripting in next (CVE-2026-44580). Risk of unauthorized operations or information disclosure. Exploitable via ``beforeInteractive``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44579 |
|
Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|