Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8130 |
|
Vulnerability in sqli (CVE-2026-8130)
vulnerability in sqli (CVE-2026-8130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8131 |
|
Vulnerability in sqli (CVE-2026-8131)
vulnerability in sqli (CVE-2026-8131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43944 |
|
Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
|
| CVE-2026-44298 |
|
Path Traversal in kimai/kimai (CVE-2026-44298)
path traversal in kimai/kimai (CVE-2026-44298). Risk of unauthorized operations or information disclosure. Exploitable via ``ROLE_SYSTE_ADMIN``. Mitigation: upgrade to `2.56` or later.
|
| CVE-2026-43940 |
|
Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
|
| CVE-2026-43943 |
|
OS Command Injection in electerm (CVE-2026-43943)
OS command injection in electerm (CVE-2026-43943). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.9` or later.
|
| CVE-2026-43941 |
|
Vulnerability in electerm (CVE-2026-43941)
vulnerability in electerm (CVE-2026-43941). Successful exploitation can lead to full system takeover. Exploitable via ``shell.openExternal``.
|
| CVE-2026-43942 |
|
Information Disclosure in electerm (CVE-2026-43942)
vulnerability in electerm (CVE-2026-43942). Confidential information can be exposed externally. Exploitable via ``process.env``.
|
| CVE-2026-42272 |
|
Vulnerability in github.com/dadrus/heimdall (CVE-2026-42272)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42272). Risk of unauthorized operations or information disclosure. Exploitable via ``allow_encoded_slashes``. Mitigation: upgrade to `0.17.14` or later.
|
| CVE-2026-42273 |
|
Vulnerability in github.com/dadrus/heimdall (CVE-2026-42273)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42273). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``. Mitigation: upgrade to `0.17.14` or later.
|
| CVE-2026-42274 |
|
Vulnerability in github.com/dadrus/heimdall (CVE-2026-42274)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42274). Risk of unauthorized operations or information disclosure. Exploitable via ``allow_encoded_slashes``. Mitigation: upgrade to `0.17.14` or later.
|
| CVE-2026-42275 |
|
Path Traversal in github.com/openziti/zrok (CVE-2026-42275)
path traversal in github.com/openziti/zrok (CVE-2026-42275). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.2` or later.
|
| CVE-2026-42271 KEV |
|
[KEV] Command Injection in Berriai litellm (CVE-2026-42271)
command injection in Berriai litellm (CVE-2026-42271). Successful exploitation can lead to full system takeover. Exploitable via `POST /mcp-rest/test/connection`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.83.7` or later.
|
| CVE-2026-42261 |
|
Vulnerability in ssrf (CVE-2026-42261)
vulnerability in ssrf (CVE-2026-42261). Confidential information can be exposed externally. Exploitable via `POST /api/skills/fetch-remote`.
|
| CVE-2026-42264 |
|
Vulnerability in axios (CVE-2026-42264)
vulnerability in axios (CVE-2026-42264). Confidential information can be exposed externally. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2026-42203 |
|
Vulnerability in litellm (CVE-2026-42203)
vulnerability in litellm (CVE-2026-42203). Successful exploitation can lead to full system takeover. Exploitable via `POST /prompts/test`. Mitigation: upgrade to `1.83.7` or later.
|
| CVE-2026-41645 |
|
Code Injection in github.com/projectdiscovery/nuclei/v3 (CVE-2026-41645)
code injection in github.com/projectdiscovery/nuclei/v3 (CVE-2026-41645). Confidential information can be exposed externally. Exploitable via ``EnvironmentVariables``. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-41646 |
|
Vulnerability in github.com/projectdiscovery/nuclei/v3 (CVE-2026-41646)
vulnerability in github.com/projectdiscovery/nuclei/v3 (CVE-2026-41646). Confidential information can be exposed externally. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-42150 |
|
Cross-Site Scripting (XSS) in wlc (CVE-2026-42150)
cross-site scripting in wlc (CVE-2026-42150). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.0` or later.
|
| CVE-2026-41900 |
|
OS Command Injection in openlearnx (CVE-2026-41900)
OS command injection in openlearnx (CVE-2026-41900). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.0.3` or later.
|
| CVE-2026-41500 |
|
Command Injection in electerm-project (CVE-2026-41500)
command injection in electerm-project (CVE-2026-41500). Successful exploitation can lead to full system takeover. Exploitable via ``releaseInfo.name``. Mitigation: upgrade to `> 3.2.0` or later.
|
| CVE-2026-41501 |
|
Command Injection in electerm (CVE-2026-41501)
command injection in electerm (CVE-2026-41501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `> 3.2.0` or later.
|
| CVE-2026-41498 |
|
Vulnerability in kimai/kimai (CVE-2026-41498)
vulnerability in kimai/kimai (CVE-2026-41498). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.54.0` or later.
|
| CVE-2026-8127 |
|
Vulnerability in CVE-2026-8127 (CVE-2026-8127)
vulnerability in CVE-2026-8127 (CVE-2026-8127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8126 |
|
Vulnerability in sqli (CVE-2026-8126)
vulnerability in sqli (CVE-2026-8126). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8128 |
|
Vulnerability in sqli (CVE-2026-8128)
vulnerability in sqli (CVE-2026-8128). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3508 |
|
Out-of-Bounds Read in CVE-2026-3508 (CVE-2026-3508)
vulnerability in CVE-2026-3508 (CVE-2026-3508). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6737 |
|
Vulnerability in CVE-2026-6737 (CVE-2026-6737)
vulnerability in CVE-2026-6737 (CVE-2026-6737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8124 |
|
Vulnerability in c (CVE-2026-8124)
vulnerability in c (CVE-2026-8124). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8125 |
|
Vulnerability in sqli (CVE-2026-8125)
vulnerability in sqli (CVE-2026-8125). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8123 |
|
Vulnerability in c (CVE-2026-8123)
vulnerability in c (CVE-2026-8123). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8122 |
|
Vulnerability in c (CVE-2026-8122)
vulnerability in c (CVE-2026-8122). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8120 |
|
Vulnerability in c (CVE-2026-8120)
vulnerability in c (CVE-2026-8120). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8121 |
|
Vulnerability in c (CVE-2026-8121)
vulnerability in c (CVE-2026-8121). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8119 |
|
Vulnerability in c (CVE-2026-8119)
vulnerability in c (CVE-2026-8119). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8117 |
|
Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)
cross-site scripting in CVE-2026-8117 (CVE-2026-8117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8116 |
|
Path Traversal in path-traversal (CVE-2026-8116)
path traversal in path-traversal (CVE-2026-8116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42208 KEV |
|
[KEV] SQL Injection in Berriai litellm (CVE-2026-42208)
SQL injection in Berriai litellm (CVE-2026-42208). Successful exploitation can lead to full system takeover. Exploitable via `POST /chat/completions`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `>=1.83.7` or later.
|
| CVE-2026-8115 |
|
Path Traversal in short-video-maker (CVE-2026-8115)
path traversal in short-video-maker (CVE-2026-8115). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42880 |
|
Information Disclosure in argo-cd (CVE-2026-42880)
vulnerability in argo-cd (CVE-2026-42880). Confidential information can be exposed externally.
|
| CVE-2026-44662 |
|
Vulnerability in openssl (CVE-2026-44662)
vulnerability in openssl (CVE-2026-44662). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.10.79` or later.
|
| CVE-2026-8034 |
|
Vulnerability in ssrf (CVE-2026-8034)
vulnerability in ssrf (CVE-2026-8034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8113 |
|
Path Traversal in path-traversal (CVE-2026-8113)
path traversal in path-traversal (CVE-2026-8113). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8114 |
|
Vulnerability in sqli (CVE-2026-8114)
vulnerability in sqli (CVE-2026-8114). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8112 |
|
Command Injection in 8421bit (CVE-2026-8112)
command injection in 8421bit (CVE-2026-8112). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8106 |
|
Cross-Site Scripting (XSS) in github (CVE-2026-8106)
cross-site scripting in github (CVE-2026-8106). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6736 |
|
Vulnerability in github (CVE-2026-6736)
vulnerability in github (CVE-2026-6736). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7541 |
|
Vulnerability in dos (CVE-2026-7541)
vulnerability in dos (CVE-2026-7541). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41105 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41105)
SSRF in ssrf (CVE-2026-41105). Confidential information can be exposed externally.
|
| CVE-2026-41929 |
|
Cross-Site Scripting (XSS) in CVE-2026-41929 (CVE-2026-41929)
cross-site scripting in CVE-2026-41929 (CVE-2026-41929). Risk of unauthorized operations or information disclosure.
|