Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42307 |
|
OS Command Injection in vim (CVE-2026-42307)
OS command injection in vim (CVE-2026-42307). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42224 |
|
Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
cross-site scripting in ipl/web (CVE-2026-42224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.10.3` or later.
|
| CVE-2026-41432 |
|
Vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432)
vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432). Data can be tampered with by attackers. Exploitable via `POST /api/user/pay`. Mitigation: upgrade to `0.12.10` or later.
|
| CVE-2026-41682 |
|
Vulnerability in CVE-2026-41682 (CVE-2026-41682)
vulnerability in CVE-2026-41682 (CVE-2026-41682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41520 |
|
Information Disclosure in cilium (CVE-2026-41520)
vulnerability in cilium (CVE-2026-41520). Confidential information can be exposed externally. Mitigation: upgrade to `1.17.15, 1.18.9, 1.19.3` or later.
|
| CVE-2026-44843 |
|
Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
|
| CVE-2026-37709 |
|
Vulnerability in snipe/snipe-it (CVE-2026-37709)
vulnerability in snipe/snipe-it (CVE-2026-37709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-44330 |
|
Authorization Flaw in github.com/free5gc/nef (CVE-2026-44330)
vulnerability in github.com/free5gc/nef (CVE-2026-44330). Data can be tampered with by attackers. Exploitable via `GET /applications`.
|
| CVE-2026-44329 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44329)
vulnerability in github.com/free5gc/smf (CVE-2026-44329). Data can be tampered with by attackers. Exploitable via `GET /upi/v1/upNodesLinks`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44328 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44328)
vulnerability in github.com/free5gc/smf (CVE-2026-44328). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /upi/v1/upNodesLinks/{upNodeRef}`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44327 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44327)
vulnerability in github.com/free5gc/nef (CVE-2026-44327). Data can be tampered with by attackers. Exploitable via ``Authorization``.
|
| CVE-2026-44326 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44326)
vulnerability in github.com/free5gc/nef (CVE-2026-44326). Data can be tampered with by attackers. Exploitable via ``Authorization``.
|
| CVE-2026-44325 |
|
Vulnerability in github.com/free5gc/nrf (CVE-2026-44325)
vulnerability in github.com/free5gc/nrf (CVE-2026-44325). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44324 |
|
Vulnerability in github.com/free5gc/udr (CVE-2026-44324)
vulnerability in github.com/free5gc/udr (CVE-2026-44324). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscript`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44323 |
|
Vulnerability in github.com/free5gc/udr (CVE-2026-44323)
vulnerability in github.com/free5gc/udr (CVE-2026-44323). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscript`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44322 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44322)
vulnerability in github.com/free5gc/nef (CVE-2026-44322). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}`. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-44321 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44321)
vulnerability in github.com/free5gc/smf (CVE-2026-44321). Risk of unauthorized operations or information disclosure. Exploitable via `POST /upi/v1/upNodesLinks`.
|
| CVE-2026-44320 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44320)
vulnerability in github.com/free5gc/nef (CVE-2026-44320). Risk of unauthorized operations or information disclosure. Exploitable via ``NotifId``.
|
| CVE-2026-44319 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44319)
vulnerability in github.com/free5gc/nef (CVE-2026-44319). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-44318 |
|
Vulnerability in github.com/free5gc/bsf (CVE-2026-44318)
vulnerability in github.com/free5gc/bsf (CVE-2026-44318). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /nbsf-management/v1/subscriptions/{subId}`. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-44317 |
|
Vulnerability in github.com/free5gc/pcf (CVE-2026-44317)
vulnerability in github.com/free5gc/pcf (CVE-2026-44317). Risk of unauthorized operations or information disclosure. Exploitable via `POST /npcf-policyauthorization/v1/app-sessions`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44316 |
|
Vulnerability in github.com/free5gc/pcf (CVE-2026-44316)
vulnerability in github.com/free5gc/pcf (CVE-2026-44316). Risk of unauthorized operations or information disclosure. Exploitable via `POST /npcf-smpolicycontrol/v1/sm-policies`. Mitigation: upgrade to `1.4.2` or later.
|
| CVE-2026-44315 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44315)
vulnerability in github.com/free5gc/nef (CVE-2026-44315). Data can be tampered with by attackers. Exploitable via ``ServiceList``.
|
| CVE-2026-44309 |
|
Vulnerability in github.com/sigstore/gitsign (CVE-2026-44309)
vulnerability in github.com/sigstore/gitsign (CVE-2026-44309). Data can be tampered with by attackers. Exploitable via ``EncodeWithoutSignature``. Mitigation: upgrade to `0.16.0` or later.
|
| CVE-2026-44566 |
|
Path Traversal in open-webui (CVE-2026-44566)
path traversal in open-webui (CVE-2026-44566). Risk of unauthorized operations or information disclosure. Exploitable via ``file``. Mitigation: upgrade to `0.1.124` or later.
|
| CVE-2026-44567 |
|
Vulnerability in open-webui (CVE-2026-44567)
vulnerability in open-webui (CVE-2026-44567). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/auths/signup`. Mitigation: upgrade to `0.1.124` or later.
|
| CVE-2026-44549 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
cross-site scripting in open-webui (CVE-2026-44549). Confidential information can be exposed externally. Exploitable via ``XLSX.utils.sheet_to_html``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44832 |
|
Vulnerability in snipe/snipe-it (CVE-2026-44832)
vulnerability in snipe/snipe-it (CVE-2026-44832). Successful exploitation can lead to full system takeover. Exploitable via ``users.edit``. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-44831 |
|
Cross-Site Scripting (XSS) in snipe/snipe-it (CVE-2026-44831)
cross-site scripting in snipe/snipe-it (CVE-2026-44831). Risk of unauthorized operations or information disclosure. Exploitable via ``notes``. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-44568 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44568)
cross-site scripting in open-webui (CVE-2026-44568). Risk of unauthorized operations or information disclosure. Exploitable via ``AccountPending.svelte``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-42287 |
|
SQL Injection in sqli (CVE-2026-42287)
SQL injection in sqli (CVE-2026-42287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42212 |
|
Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42213 |
|
Path Traversal in CVE-2026-42213 (CVE-2026-42213)
path traversal in CVE-2026-42213 (CVE-2026-42213). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42286 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-42286)
vulnerability in csrf (CVE-2026-42286). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42202 |
|
Vulnerability in almirhodzic/nova-toggle-5 (CVE-2026-42202)
vulnerability in almirhodzic/nova-toggle-5 (CVE-2026-42202). Data can be tampered with by attackers. Exploitable via `POST /nova-vendor/nova-toggle/toggle/{resource}/{resourceId}`. Mitigation: upgrade to `1.3.0` or later.
|
| CVE-2026-42195 |
|
Information Disclosure in CVE-2026-42195 (CVE-2026-42195)
vulnerability in CVE-2026-42195 (CVE-2026-42195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42193 |
|
Vulnerability in aws (CVE-2026-42193)
vulnerability in aws (CVE-2026-42193). Data can be tampered with by attackers.
|
| CVE-2026-42192 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-42192)
cross-site scripting in react (CVE-2026-42192). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42199 |
|
Vulnerability in grid (CVE-2026-42199)
vulnerability in grid (CVE-2026-42199). Risk of unauthorized operations or information disclosure. Exploitable via ``get_unchecked``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-42205 |
|
Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
|
| CVE-2026-41517 |
|
Unrestricted File Upload in CVE-2026-41517 (CVE-2026-41517)
vulnerability in CVE-2026-41517 (CVE-2026-41517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41486 |
|
Code Injection in ray (CVE-2026-41486)
code injection in ray (CVE-2026-41486). Successful exploitation can lead to full system takeover. Exploitable via ``ray.data.arrow_tensor``. Mitigation: upgrade to `2.55.0` or later.
|
| CVE-2026-44214 |
|
Vulnerability in eventsource-encoder (CVE-2026-44214)
vulnerability in eventsource-encoder (CVE-2026-44214). Risk of unauthorized operations or information disclosure. Exploitable via ``event``. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-44213 |
|
Vulnerability in OpenTelemetry.Exporter.Instana (CVE-2026-44213)
vulnerability in OpenTelemetry.Exporter.Instana (CVE-2026-44213). Confidential information can be exposed externally. Exploitable via ``OpenTelemetry.Exporter.Instana``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-44247 |
|
Vulnerability in volcano.sh/volcano (CVE-2026-44247)
vulnerability in volcano.sh/volcano (CVE-2026-44247). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.14.2` or later.
|
| CVE-2026-44211 |
|
Vulnerability in cline (CVE-2026-44211)
vulnerability in cline (CVE-2026-44211). Successful exploitation can lead to full system takeover. Exploitable via ``kanban``.
|
| CVE-2026-44209 |
|
Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
|
| CVE-2026-44728 |
|
Vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728)
vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.0-alpha.13` or later.
|
| CVE-2026-44200 |
|
Vulnerability in wagtail (CVE-2026-44200)
vulnerability in wagtail (CVE-2026-44200). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44201 |
|
Vulnerability in wagtail (CVE-2026-44201)
vulnerability in wagtail (CVE-2026-44201). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
|