Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42295 |
|
Vulnerability in argo-workflows (CVE-2026-42295)
vulnerability in argo-workflows (CVE-2026-42295). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-42294 |
|
Vulnerability in argo-workflows (CVE-2026-42294)
vulnerability in argo-workflows (CVE-2026-42294). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/events/some-namespace`. Mitigation: upgrade to `3.7.14, 4.0.5` or later.
|
| CVE-2026-42183 |
|
Vulnerability in argo-workflows (CVE-2026-42183)
vulnerability in argo-workflows (CVE-2026-42183). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/workflows/target-ns`. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-42174 |
|
Vulnerability in getkirby/cms (CVE-2026-42174)
vulnerability in getkirby/cms (CVE-2026-42174). Risk of unauthorized operations or information disclosure. Exploitable via ``user.update``. Mitigation: upgrade to `5.4.0` or later.
|
| CVE-2026-42051 |
|
Vulnerability in getkirby/cms (CVE-2026-42051)
vulnerability in getkirby/cms (CVE-2026-42051). Risk of unauthorized operations or information disclosure. Exploitable via ``access.system``. Mitigation: upgrade to `5.4.0` or later.
|
| CVE-2026-42069 |
|
Vulnerability in getkirby/cms (CVE-2026-42069)
vulnerability in getkirby/cms (CVE-2026-42069). Confidential information can be exposed externally. Exploitable via ``options``. Mitigation: upgrade to `5.4.0` or later.
|
| CVE-2026-42137 |
|
Vulnerability in getkirby (CVE-2026-42137)
vulnerability in getkirby (CVE-2026-42137). Confidential information can be exposed externally.
|
| CVE-2026-41163 |
|
Privilege Escalation in CVE-2026-41163 (CVE-2026-41163)
vulnerability in CVE-2026-41163 (CVE-2026-41163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8207 |
|
SQL Injection in sqli (CVE-2026-8207)
SQL injection in sqli (CVE-2026-8207). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6666 |
|
Vulnerability in pgbouncer (CVE-2026-6666)
vulnerability in pgbouncer (CVE-2026-6666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.2` or later.
|
| CVE-2026-6667 |
|
Vulnerability in pgbouncer (CVE-2026-6667)
vulnerability in pgbouncer (CVE-2026-6667). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.2` or later.
|
| CVE-2026-6665 |
|
Vulnerability in pgbouncer (CVE-2026-6665)
vulnerability in pgbouncer (CVE-2026-6665). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.2` or later.
|
| CVE-2026-41705 |
|
Vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705)
vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705). Confidential information can be exposed externally. Mitigation: upgrade to `1.1.6` or later.
|
| CVE-2026-6664 |
|
Vulnerability in pgbouncer (CVE-2026-6664)
vulnerability in pgbouncer (CVE-2026-6664). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.2` or later.
|
| CVE-2026-44458 |
|
Vulnerability in hono (CVE-2026-44458)
vulnerability in hono (CVE-2026-44458). Risk of unauthorized operations or information disclosure. Exploitable via ``style``. Mitigation: upgrade to `4.12.18` or later.
|
| CVE-2026-44966 |
|
Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6860 |
|
Vulnerability in io.vertx:vertx-core (CVE-2026-6860)
vulnerability in io.vertx:vertx-core (CVE-2026-6860). Risk of unauthorized operations or information disclosure. Exploitable via ``SslContext``. Mitigation: upgrade to `5.0.12` or later.
|
| CVE-2026-44457 |
|
Vulnerability in hono (CVE-2026-44457)
vulnerability in hono (CVE-2026-44457). Risk of unauthorized operations or information disclosure. Exploitable via ``private``. Mitigation: upgrade to `4.12.18` or later.
|
| CVE-2026-42455 |
|
Cross-Site Scripting (XSS) in CVE-2026-42455 (CVE-2026-42455)
cross-site scripting in CVE-2026-42455 (CVE-2026-42455). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/archives/`.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-44897 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44897)
cross-site scripting in mistune (CVE-2026-44897). Risk of unauthorized operations or information disclosure. Exploitable via ``toc_1``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-44895 |
|
Vulnerability in @yoda.digital/gitlab-mcp-server (CVE-2026-44895)
vulnerability in @yoda.digital/gitlab-mcp-server (CVE-2026-44895). Risk of unauthorized operations or information disclosure. Exploitable via `GET /sse`. Mitigation: upgrade to `0.6.0` or later.
|
| CVE-2026-44983 |
|
Vulnerability in smallbitvec (CVE-2026-44983)
vulnerability in smallbitvec (CVE-2026-44983). Risk of unauthorized operations or information disclosure. Exploitable via ``smallbitvec``.
|
| CVE-2026-44788 |
|
Path Traversal in SharpCompress (CVE-2026-44788)
path traversal in SharpCompress (CVE-2026-44788). Data can be tampered with by attackers. Exploitable via ``WriteToDirectoryInternal``.
|
| CVE-2026-44900 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
|
| CVE-2026-44896 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44896)
cross-site scripting in mistune (CVE-2026-44896). Risk of unauthorized operations or information disclosure. Exploitable via ``figclass``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-44708 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44708)
cross-site scripting in mistune (CVE-2026-44708). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape``.
|
| CVE-2026-44836 |
|
Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-44833 |
|
Open Redirect in snipe/snipe-it (CVE-2026-44833)
vulnerability in snipe/snipe-it (CVE-2026-44833). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-45130 |
|
Vulnerability in c (CVE-2026-45130)
vulnerability in c (CVE-2026-45130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42556 |
|
Cross-Site Scripting (XSS) in gitroom (CVE-2026-42556)
cross-site scripting in gitroom (CVE-2026-42556). Confidential information can be exposed externally.
|
| CVE-2026-42454 |
|
OS Command Injection in docker (CVE-2026-42454)
OS command injection in docker (CVE-2026-42454). Successful exploitation can lead to full system takeover. Exploitable via `GET /docker/containers/`.
|
| CVE-2026-44656 |
|
OS Command Injection in vim (CVE-2026-44656)
OS command injection in vim (CVE-2026-44656). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42456 |
|
Information Disclosure in mintplexlabs (CVE-2026-42456)
vulnerability in mintplexlabs (CVE-2026-42456). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/workspace/`.
|
| CVE-2026-44987 |
|
Privilege Escalation in django (CVE-2026-44987)
vulnerability in django (CVE-2026-44987). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44284 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44284)
SSRF in ssrf (CVE-2026-44284). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44286 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44286)
SSRF in ssrf (CVE-2026-44286). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42352 |
|
SSRF (Server-Side Request Forgery) in pygeoapi (CVE-2026-42352)
SSRF in pygeoapi (CVE-2026-42352). Confidential information can be exposed externally. Exploitable via ``subscriber``. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42351 |
|
Path Traversal in pygeoapi (CVE-2026-42351)
path traversal in pygeoapi (CVE-2026-42351). Confidential information can be exposed externally. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42453 |
|
Command Injection in CVE-2026-42453 (CVE-2026-42453)
command injection in CVE-2026-42453 (CVE-2026-42453). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42451 |
|
Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
|
| CVE-2026-42350 |
|
Open Redirect in CVE-2026-42350 (CVE-2026-42350)
vulnerability in CVE-2026-42350 (CVE-2026-42350). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42354 |
|
Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
|
| CVE-2026-42344 |
|
Vulnerability in CVE-2026-42344 (CVE-2026-42344)
vulnerability in CVE-2026-42344 (CVE-2026-42344). Confidential information can be exposed externally.
|
| CVE-2026-42343 |
|
Vulnerability in dos (CVE-2026-42343)
vulnerability in dos (CVE-2026-42343). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42345 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-42345 (CVE-2026-42345)
SSRF in CVE-2026-42345 (CVE-2026-42345). Confidential information can be exposed externally.
|
| CVE-2026-42346 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42346)
SSRF in ssrf (CVE-2026-42346). Confidential information can be exposed externally.
|
| CVE-2026-42298 |
|
Code Injection in docker (CVE-2026-42298)
code injection in docker (CVE-2026-42298). Successful exploitation can lead to full system takeover. Exploitable via ``GITHUB_TOKEN``. Mitigation: upgrade to `>= 0` or later.
|
| CVE-2026-42339 |
|
SSRF (Server-Side Request Forgery) in github.com/QuantumNous/new-api (CVE-2026-42339)
SSRF in github.com/QuantumNous/new-api (CVE-2026-42339). Data can be tampered with by attackers. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.9.0.5` or later.
|
| CVE-2026-42302 |
|
Vulnerability in openai-sdk (CVE-2026-42302)
vulnerability in openai-sdk (CVE-2026-42302). Successful exploitation can lead to full system takeover. Exploitable via ``entrypoint.sh``.
|