Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8231 |
|
Vulnerability in sqli (CVE-2026-8231)
vulnerability in sqli (CVE-2026-8231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6104 |
|
Out-of-Bounds Read in libphp (CVE-2026-6104)
vulnerability in libphp (CVE-2026-6104). Confidential information can be exposed externally. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
|
| CVE-2026-8227 |
|
Command Injection in wavlink (CVE-2026-8227)
command injection in wavlink (CVE-2026-8227). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8228 |
|
Command Injection in wavlink (CVE-2026-8228)
command injection in wavlink (CVE-2026-8228). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8229 |
|
Command Injection in wavlink (CVE-2026-8229)
command injection in wavlink (CVE-2026-8229). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8230 |
|
Command Injection in wavlink (CVE-2026-8230)
command injection in wavlink (CVE-2026-8230). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8225 |
|
Vulnerability in c (CVE-2026-8225)
vulnerability in c (CVE-2026-8225). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8226 |
|
Vulnerability in c (CVE-2026-8226)
vulnerability in c (CVE-2026-8226). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7259 |
|
Vulnerability in libphp (CVE-2026-7259)
vulnerability in libphp (CVE-2026-7259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7262 |
|
Vulnerability in libphp (CVE-2026-7262)
vulnerability in libphp (CVE-2026-7262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-6735 |
|
Cross-Site Scripting (XSS) in libphp (CVE-2026-6735)
cross-site scripting in libphp (CVE-2026-6735). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7258 |
|
Out-of-Bounds Read in libphp (CVE-2026-7258)
vulnerability in libphp (CVE-2026-7258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7568 |
|
Out-of-Bounds Read in libphp (CVE-2026-7568)
vulnerability in libphp (CVE-2026-7568). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-6722 |
|
Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7261 |
|
Use-After-Free in libphp (CVE-2026-7261)
vulnerability in libphp (CVE-2026-7261). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2025-14179 |
|
SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-8217 |
|
Command Injection in CVE-2026-8217 (CVE-2026-8217)
command injection in CVE-2026-8217 (CVE-2026-8217). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8219 |
|
Cross-Site Scripting (XSS) in CVE-2026-8219 (CVE-2026-8219)
cross-site scripting in CVE-2026-8219 (CVE-2026-8219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8218 |
|
Cross-Site Scripting (XSS) in CVE-2026-8218 (CVE-2026-8218)
cross-site scripting in CVE-2026-8218 (CVE-2026-8218). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8221 |
|
Cross-Site Scripting (XSS) in CVE-2026-8221 (CVE-2026-8221)
cross-site scripting in CVE-2026-8221 (CVE-2026-8221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8220 |
|
Cross-Site Scripting (XSS) in CVE-2026-8220 (CVE-2026-8220)
cross-site scripting in CVE-2026-8220 (CVE-2026-8220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8224 |
|
Vulnerability in c (CVE-2026-8224)
vulnerability in c (CVE-2026-8224). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8222 |
|
Vulnerability in c (CVE-2026-8222)
vulnerability in c (CVE-2026-8222). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8223 |
|
Vulnerability in dos (CVE-2026-8223)
vulnerability in dos (CVE-2026-8223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8215 |
|
Path Traversal in path-traversal (CVE-2026-8215)
path traversal in path-traversal (CVE-2026-8215). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8216 |
|
Authentication Bypass in CVE-2026-8216 (CVE-2026-8216)
authentication bypass in CVE-2026-8216 (CVE-2026-8216). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8214 |
|
Authentication Bypass in CVE-2026-8214 (CVE-2026-8214)
authentication bypass in CVE-2026-8214 (CVE-2026-8214). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8212 |
|
Buffer Overflow in gdal (CVE-2026-8212)
vulnerability in gdal (CVE-2026-8212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8213 |
|
Buffer Overflow in gdal (CVE-2026-8213)
vulnerability in gdal (CVE-2026-8213). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8211 |
|
Vulnerability in CVE-2026-8211 (CVE-2026-8211)
vulnerability in CVE-2026-8211 (CVE-2026-8211). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45184 |
|
Vulnerability in CVE-2026-45184 (CVE-2026-45184)
vulnerability in CVE-2026-45184 (CVE-2026-45184). Confidential information can be exposed externally.
|
| CVE-2026-45182 |
|
Vulnerability in CVE-2026-45182 (CVE-2026-45182)
vulnerability in CVE-2026-45182 (CVE-2026-45182). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45181 |
|
Vulnerability in CVE-2026-45181 (CVE-2026-45181)
vulnerability in CVE-2026-45181 (CVE-2026-45181). Confidential information can be exposed externally.
|
| CVE-2026-8210 |
|
Vulnerability in CVE-2026-8210 (CVE-2026-8210)
vulnerability in CVE-2026-8210 (CVE-2026-8210). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8195 |
|
Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)
cross-site scripting in CVE-2026-8195 (CVE-2026-8195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8196 |
|
Vulnerability in CVE-2026-8196 (CVE-2026-8196)
vulnerability in CVE-2026-8196 (CVE-2026-8196). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8194 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-8194 (CVE-2026-8194)
vulnerability in CVE-2026-8194 (CVE-2026-8194). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42605 |
|
Path Traversal in azuracast/azuracast (CVE-2026-42605)
path traversal in azuracast/azuracast (CVE-2026-42605). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/station/{station_id}/files/upload`. Mitigation: upgrade to `0.23.6` or later.
|
| CVE-2026-42569 |
|
Vulnerability in nabeel/phpvms (CVE-2026-42569)
vulnerability in nabeel/phpvms (CVE-2026-42569). Data can be tampered with by attackers. Mitigation: upgrade to `7.0.6` or later.
|
| CVE-2026-42571 |
|
Authorization Flaw in github.com/pelicanplatform/pelican (CVE-2026-42571)
vulnerability in github.com/pelicanplatform/pelican (CVE-2026-42571). Risk of unauthorized operations or information disclosure. Exploitable via ``Issuer.GroupSource``. Mitigation: upgrade to `0.0.0-20260408120501-7f73b9c3e677` or later.
|
| CVE-2026-42574 |
|
Path Traversal in chainguard.dev/apko (CVE-2026-42574)
path traversal in chainguard.dev/apko (CVE-2026-42574). Data can be tampered with by attackers. Exploitable via ``TypeSymlink``. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-42601 |
|
Vulnerability in archivebox (CVE-2026-42601)
vulnerability in archivebox (CVE-2026-42601). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42575 |
|
Vulnerability in chainguard.dev/apko (CVE-2026-42575)
vulnerability in chainguard.dev/apko (CVE-2026-42575). Data can be tampered with by attackers. Exploitable via ``APKINDEX.tar.gz``. Mitigation: upgrade to `1.2.7` or later.
|
| CVE-2026-42576 |
|
Vulnerability in chainguard.dev/apko (CVE-2026-42576)
vulnerability in chainguard.dev/apko (CVE-2026-42576). Risk of unauthorized operations or information disclosure. Exploitable via ``DiscoverKeys``. Mitigation: upgrade to `1.2.7` or later.
|
| CVE-2026-42333 |
|
Information Disclosure in io.quarkiverse.openapi.generator:quarkus-openapi-generator (CVE-2026-42333)
vulnerability in io.quarkiverse.openapi.generator:quarkus-openapi-generator (CVE-2026-42333). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.17.0` or later.
|
| CVE-2026-42562 |
|
Privilege Escalation in CVE-2026-42562 (CVE-2026-42562)
vulnerability in CVE-2026-42562 (CVE-2026-42562). Confidential information can be exposed externally. Exploitable via `PUT /api.php/v1/users/{id}.`.
|
| CVE-2026-42256 |
|
Vulnerability in net-imap (CVE-2026-42256)
vulnerability in net-imap (CVE-2026-42256). Risk of unauthorized operations or information disclosure. Exploitable via ``Timeout``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-42246 |
|
Vulnerability in net-imap (CVE-2026-42246)
vulnerability in net-imap (CVE-2026-42246). Confidential information can be exposed externally. Exploitable via ``STARTTLS``. Mitigation: upgrade to `0.3.10` or later.
|
| CVE-2026-42257 |
|
Command Injection in net-imap (CVE-2026-42257)
command injection in net-imap (CVE-2026-42257). Successful exploitation can lead to full system takeover. Exploitable via ``CRLF``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-42258 |
|
Command Injection in net-imap (CVE-2026-42258)
command injection in net-imap (CVE-2026-42258). Data can be tampered with by attackers. Exploitable via ``flag``. Mitigation: upgrade to `0.4.24` or later.
|