Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-42295 Vulnerability in argo-workflows (CVE-2026-42295)
vulnerability in argo-workflows (CVE-2026-42295). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.5` or later.
CVE-2026-42294 Vulnerability in argo-workflows (CVE-2026-42294)
vulnerability in argo-workflows (CVE-2026-42294). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/events/some-namespace`. Mitigation: upgrade to `3.7.14, 4.0.5` or later.
CVE-2026-42183 Vulnerability in argo-workflows (CVE-2026-42183)
vulnerability in argo-workflows (CVE-2026-42183). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/workflows/target-ns`. Mitigation: upgrade to `4.0.5` or later.
CVE-2026-42174 Vulnerability in getkirby/cms (CVE-2026-42174)
vulnerability in getkirby/cms (CVE-2026-42174). Risk of unauthorized operations or information disclosure. Exploitable via ``user.update``. Mitigation: upgrade to `5.4.0` or later.
CVE-2026-42051 Vulnerability in getkirby/cms (CVE-2026-42051)
vulnerability in getkirby/cms (CVE-2026-42051). Risk of unauthorized operations or information disclosure. Exploitable via ``access.system``. Mitigation: upgrade to `5.4.0` or later.
CVE-2026-42069 Vulnerability in getkirby/cms (CVE-2026-42069)
vulnerability in getkirby/cms (CVE-2026-42069). Confidential information can be exposed externally. Exploitable via ``options``. Mitigation: upgrade to `5.4.0` or later.
CVE-2026-42137 Vulnerability in getkirby (CVE-2026-42137)
vulnerability in getkirby (CVE-2026-42137). Confidential information can be exposed externally.
CVE-2026-41163 Privilege Escalation in CVE-2026-41163 (CVE-2026-41163)
vulnerability in CVE-2026-41163 (CVE-2026-41163). Successful exploitation can lead to full system takeover.
CVE-2026-8207 SQL Injection in sqli (CVE-2026-8207)
SQL injection in sqli (CVE-2026-8207). Risk of unauthorized operations or information disclosure.
CVE-2026-6666 Vulnerability in pgbouncer (CVE-2026-6666)
vulnerability in pgbouncer (CVE-2026-6666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.2` or later.
CVE-2026-6667 Vulnerability in pgbouncer (CVE-2026-6667)
vulnerability in pgbouncer (CVE-2026-6667). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.2` or later.
CVE-2026-6665 Vulnerability in pgbouncer (CVE-2026-6665)
vulnerability in pgbouncer (CVE-2026-6665). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.2` or later.
CVE-2026-41705 Vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705)
vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705). Confidential information can be exposed externally. Mitigation: upgrade to `1.1.6` or later.
CVE-2026-6664 Vulnerability in pgbouncer (CVE-2026-6664)
vulnerability in pgbouncer (CVE-2026-6664). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.2` or later.
CVE-2026-44458 Vulnerability in hono (CVE-2026-44458)
vulnerability in hono (CVE-2026-44458). Risk of unauthorized operations or information disclosure. Exploitable via ``style``. Mitigation: upgrade to `4.12.18` or later.
CVE-2026-44966 Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
CVE-2026-6860 Vulnerability in io.vertx:vertx-core (CVE-2026-6860)
vulnerability in io.vertx:vertx-core (CVE-2026-6860). Risk of unauthorized operations or information disclosure. Exploitable via ``SslContext``. Mitigation: upgrade to `5.0.12` or later.
CVE-2026-44457 Vulnerability in hono (CVE-2026-44457)
vulnerability in hono (CVE-2026-44457). Risk of unauthorized operations or information disclosure. Exploitable via ``private``. Mitigation: upgrade to `4.12.18` or later.
CVE-2026-42455 Cross-Site Scripting (XSS) in CVE-2026-42455 (CVE-2026-42455)
cross-site scripting in CVE-2026-42455 (CVE-2026-42455). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/archives/`.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-44897 Cross-Site Scripting (XSS) in mistune (CVE-2026-44897)
cross-site scripting in mistune (CVE-2026-44897). Risk of unauthorized operations or information disclosure. Exploitable via ``toc_1``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-44895 Vulnerability in @yoda.digital/gitlab-mcp-server (CVE-2026-44895)
vulnerability in @yoda.digital/gitlab-mcp-server (CVE-2026-44895). Risk of unauthorized operations or information disclosure. Exploitable via `GET /sse`. Mitigation: upgrade to `0.6.0` or later.
CVE-2026-44983 Vulnerability in smallbitvec (CVE-2026-44983)
vulnerability in smallbitvec (CVE-2026-44983). Risk of unauthorized operations or information disclosure. Exploitable via ``smallbitvec``.
CVE-2026-44788 Path Traversal in SharpCompress (CVE-2026-44788)
path traversal in SharpCompress (CVE-2026-44788). Data can be tampered with by attackers. Exploitable via ``WriteToDirectoryInternal``.
CVE-2026-44900 Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
CVE-2026-44896 Cross-Site Scripting (XSS) in mistune (CVE-2026-44896)
cross-site scripting in mistune (CVE-2026-44896). Risk of unauthorized operations or information disclosure. Exploitable via ``figclass``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-44708 Cross-Site Scripting (XSS) in mistune (CVE-2026-44708)
cross-site scripting in mistune (CVE-2026-44708). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape``.
CVE-2026-44836 Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-44833 Open Redirect in snipe/snipe-it (CVE-2026-44833)
vulnerability in snipe/snipe-it (CVE-2026-44833). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-45130 Vulnerability in c (CVE-2026-45130)
vulnerability in c (CVE-2026-45130). Risk of unauthorized operations or information disclosure.
CVE-2026-42556 Cross-Site Scripting (XSS) in gitroom (CVE-2026-42556)
cross-site scripting in gitroom (CVE-2026-42556). Confidential information can be exposed externally.
CVE-2026-42454 OS Command Injection in docker (CVE-2026-42454)
OS command injection in docker (CVE-2026-42454). Successful exploitation can lead to full system takeover. Exploitable via `GET /docker/containers/`.
CVE-2026-44656 OS Command Injection in vim (CVE-2026-44656)
OS command injection in vim (CVE-2026-44656). Risk of unauthorized operations or information disclosure.
CVE-2026-42456 Information Disclosure in mintplexlabs (CVE-2026-42456)
vulnerability in mintplexlabs (CVE-2026-42456). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/workspace/`.
CVE-2026-44987 Privilege Escalation in django (CVE-2026-44987)
vulnerability in django (CVE-2026-44987). Risk of unauthorized operations or information disclosure.
CVE-2026-44284 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44284)
SSRF in ssrf (CVE-2026-44284). Risk of unauthorized operations or information disclosure.
CVE-2026-44286 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44286)
SSRF in ssrf (CVE-2026-44286). Risk of unauthorized operations or information disclosure.
CVE-2026-42352 SSRF (Server-Side Request Forgery) in pygeoapi (CVE-2026-42352)
SSRF in pygeoapi (CVE-2026-42352). Confidential information can be exposed externally. Exploitable via ``subscriber``. Mitigation: upgrade to `0.23.3` or later.
CVE-2026-42351 Path Traversal in pygeoapi (CVE-2026-42351)
path traversal in pygeoapi (CVE-2026-42351). Confidential information can be exposed externally. Mitigation: upgrade to `0.23.3` or later.
CVE-2026-42453 Command Injection in CVE-2026-42453 (CVE-2026-42453)
command injection in CVE-2026-42453 (CVE-2026-42453). Risk of unauthorized operations or information disclosure.
CVE-2026-42451 Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
CVE-2026-42350 Open Redirect in CVE-2026-42350 (CVE-2026-42350)
vulnerability in CVE-2026-42350 (CVE-2026-42350). Risk of unauthorized operations or information disclosure.
CVE-2026-42354 Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
CVE-2026-42344 Vulnerability in CVE-2026-42344 (CVE-2026-42344)
vulnerability in CVE-2026-42344 (CVE-2026-42344). Confidential information can be exposed externally.
CVE-2026-42343 Vulnerability in dos (CVE-2026-42343)
vulnerability in dos (CVE-2026-42343). Risk of unauthorized operations or information disclosure.
CVE-2026-42345 SSRF (Server-Side Request Forgery) in CVE-2026-42345 (CVE-2026-42345)
SSRF in CVE-2026-42345 (CVE-2026-42345). Confidential information can be exposed externally.
CVE-2026-42346 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42346)
SSRF in ssrf (CVE-2026-42346). Confidential information can be exposed externally.
CVE-2026-42298 Code Injection in docker (CVE-2026-42298)
code injection in docker (CVE-2026-42298). Successful exploitation can lead to full system takeover. Exploitable via ``GITHUB_TOKEN``. Mitigation: upgrade to `>= 0` or later.
CVE-2026-42339 SSRF (Server-Side Request Forgery) in github.com/QuantumNous/new-api (CVE-2026-42339)
SSRF in github.com/QuantumNous/new-api (CVE-2026-42339). Data can be tampered with by attackers. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.9.0.5` or later.
CVE-2026-42302 Vulnerability in openai-sdk (CVE-2026-42302)
vulnerability in openai-sdk (CVE-2026-42302). Successful exploitation can lead to full system takeover. Exploitable via ``entrypoint.sh``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →