Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-44577 Vulnerability in next (CVE-2026-44577)
vulnerability in next (CVE-2026-44577). Risk of unauthorized operations or information disclosure. Exploitable via ``images.localPatterns``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44578 SSRF (Server-Side Request Forgery) in next (CVE-2026-44578)
SSRF in next (CVE-2026-44578). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44576 Vulnerability in next (CVE-2026-44576)
vulnerability in next (CVE-2026-44576). Risk of unauthorized operations or information disclosure. Exploitable via ``RSC``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44575 Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44574 Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44573 Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44474 Vulnerability in github.com/ellanetworks/core (CVE-2026-44474)
vulnerability in github.com/ellanetworks/core (CVE-2026-44474). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-44475 Vulnerability in github.com/ellanetworks/core (CVE-2026-44475)
vulnerability in github.com/ellanetworks/core (CVE-2026-44475). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-44473 Vulnerability in github.com/ellanetworks/core (CVE-2026-44473)
vulnerability in github.com/ellanetworks/core (CVE-2026-44473). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-45017 Path Traversal in python-liquid (CVE-2026-45017)
path traversal in python-liquid (CVE-2026-45017). Confidential information can be exposed externally. Exploitable via ``FileSystemLoader``. Mitigation: upgrade to `2.2.0` or later.
CVE-2026-44431 Information Disclosure in urllib3 (CVE-2026-44431)
vulnerability in urllib3 (CVE-2026-44431). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.7.0` or later.
CVE-2026-44971 SSRF (Server-Side Request Forgery) in guarddog (CVE-2026-44971)
SSRF in guarddog (CVE-2026-44971). Confidential information can be exposed externally. Exploitable via ``GH_TOKEN``.
CVE-2026-44972 Vulnerability in guarddog (CVE-2026-44972)
vulnerability in guarddog (CVE-2026-44972). Risk of unauthorized operations or information disclosure.
CVE-2026-44902 Vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902)
vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``. Mitigation: upgrade to `0.217.0` or later.
CVE-2026-44353 Path Traversal in streamlink (CVE-2026-44353)
path traversal in streamlink (CVE-2026-44353). Confidential information can be exposed externally. Exploitable via ``playlist.m3u8``. Mitigation: upgrade to `8.4.0` or later.
CVE-2026-44346 OS Command Injection in bentoml (CVE-2026-44346)
OS command injection in bentoml (CVE-2026-44346). Successful exploitation can lead to full system takeover. Exploitable via ``bentofile.yaml``. Mitigation: upgrade to `1.4.39` or later.
CVE-2026-44345 OS Command Injection in bentoml (CVE-2026-44345)
OS command injection in bentoml (CVE-2026-44345). Successful exploitation can lead to full system takeover. Exploitable via ``docker.base_image``. Mitigation: upgrade to `1.4.39` or later.
CVE-2026-8289 Vulnerability in c (CVE-2026-8289)
vulnerability in c (CVE-2026-8289). Risk of unauthorized operations or information disclosure.
CVE-2026-8290 Vulnerability in c (CVE-2026-8290)
vulnerability in c (CVE-2026-8290). Risk of unauthorized operations or information disclosure.
CVE-2026-4802 OS Command Injection in CVE-2026-4802 (CVE-2026-4802)
OS command injection in CVE-2026-4802 (CVE-2026-4802). Successful exploitation can lead to full system takeover.
CVE-2026-44571 Vulnerability in open-webui (CVE-2026-44571)
vulnerability in open-webui (CVE-2026-44571). Data can be tampered with by attackers. Exploitable via `POST /api/v1/channels/{channel_id}/messages/{message_id}/update`. Mitigation: upgrade to `0.8.6` or later.
CVE-2026-44569 Vulnerability in open-webui (CVE-2026-44569)
vulnerability in open-webui (CVE-2026-44569). Data can be tampered with by attackers. Exploitable via ``message_id``. Mitigation: upgrade to `0.6.19` or later.
CVE-2026-44565 Path Traversal in open-webui (CVE-2026-44565)
path traversal in open-webui (CVE-2026-44565). Data can be tampered with by attackers. Exploitable via ``DELETE_ME``. Mitigation: upgrade to `0.6.10` or later.
CVE-2026-42595 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42595)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42595). Confidential information can be exposed externally. Exploitable via ``downloadFrom``. Mitigation: upgrade to `8.32.0` or later.
CVE-2026-8288 Vulnerability in c (CVE-2026-8288)
vulnerability in c (CVE-2026-8288). Risk of unauthorized operations or information disclosure.
CVE-2025-10470 Vulnerability in wso2 (CVE-2025-10470)
vulnerability in wso2 (CVE-2025-10470). Risk of unauthorized operations or information disclosure.
CVE-2025-9973 Vulnerability in privilege-escalation (CVE-2025-9973)
vulnerability in privilege-escalation (CVE-2025-9973). Confidential information can be exposed externally.
CVE-2026-6909 Cross-Site Scripting (XSS) in CVE-2026-6909 (CVE-2026-6909)
cross-site scripting in CVE-2026-6909 (CVE-2026-6909). Risk of unauthorized operations or information disclosure.
CVE-2026-6956 Cross-Site Scripting (XSS) in CVE-2026-6956 (CVE-2026-6956)
cross-site scripting in CVE-2026-6956 (CVE-2026-6956). Risk of unauthorized operations or information disclosure.
CVE-2026-32658 Vulnerability in dell (CVE-2026-32658)
vulnerability in dell (CVE-2026-32658). Successful exploitation can lead to full system takeover.
CVE-2026-40636 Vulnerability in dell (CVE-2026-40636)
vulnerability in dell (CVE-2026-40636). Successful exploitation can lead to full system takeover.
CVE-2026-26946 Privilege Escalation in dell (CVE-2026-26946)
vulnerability in dell (CVE-2026-26946). Successful exploitation can lead to full system takeover.
CVE-2025-8325 Vulnerability in wso2 (CVE-2025-8325)
vulnerability in wso2 (CVE-2025-8325). Risk of unauthorized operations or information disclosure.
CVE-2025-8154 Vulnerability in wso2 (CVE-2025-8154)
vulnerability in wso2 (CVE-2025-8154). Risk of unauthorized operations or information disclosure.
CVE-2025-10908 Authorization Flaw in c (CVE-2025-10908)
vulnerability in c (CVE-2025-10908). Risk of unauthorized operations or information disclosure.
CVE-2026-43826 Vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826)
vulnerability in apache-airflow-providers-opensearch (CVE-2026-43826). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-41018 Vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018)
vulnerability in apache-airflow-providers-elasticsearch (CVE-2026-41018). Confidential information can be exposed externally. Exploitable via ``host``. Mitigation: upgrade to `6.5.3` or later.
CVE-2026-43500 Out-of-Bounds Write in linux (CVE-2026-43500)
out-of-bounds write in linux (CVE-2026-43500). Successful exploitation can lead to full system takeover.
CVE-2026-41951 Path Traversal in jvn (CVE-2026-41951)
path traversal in jvn (CVE-2026-41951). Successful exploitation can lead to full system takeover.
CVE-2026-41530 Path Traversal in jvn (CVE-2026-41530)
path traversal in jvn (CVE-2026-41530). Risk of unauthorized operations or information disclosure.
CVE-2026-41872 Vulnerability in jvn (CVE-2026-41872)
vulnerability in jvn (CVE-2026-41872). Confidential information can be exposed externally.
CVE-2026-4367 Out-of-Bounds Read in jvn (CVE-2026-4367)
vulnerability in jvn (CVE-2026-4367). Risk of unauthorized operations or information disclosure.
CVE-2026-23918 Vulnerability in jvn (CVE-2026-23918)
vulnerability in jvn (CVE-2026-23918). Successful exploitation can lead to full system takeover.
CVE-2026-8272 Command Injection in dlink (CVE-2026-8272)
command injection in dlink (CVE-2026-8272). Risk of unauthorized operations or information disclosure.
CVE-2026-8273 Command Injection in dlink (CVE-2026-8273)
command injection in dlink (CVE-2026-8273). Risk of unauthorized operations or information disclosure.
CVE-2026-8271 Command Injection in dlink (CVE-2026-8271)
command injection in dlink (CVE-2026-8271). Risk of unauthorized operations or information disclosure.
CVE-2026-8274 Path Traversal in c (CVE-2026-8274)
path traversal in c (CVE-2026-8274). Risk of unauthorized operations or information disclosure.
CVE-2026-8269 Vulnerability in dos (CVE-2026-8269)
vulnerability in dos (CVE-2026-8269). Risk of unauthorized operations or information disclosure.
CVE-2026-8270 Vulnerability in dos (CVE-2026-8270)
vulnerability in dos (CVE-2026-8270). Risk of unauthorized operations or information disclosure.
CVE-2026-8276 Vulnerability in github.com/bettercap/bettercap/v2 (CVE-2026-8276)
vulnerability in github.com/bettercap/bettercap/v2 (CVE-2026-8276). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.41.7` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →