Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-36458 Code Injection in sqli (CVE-2026-36458)
code injection in sqli (CVE-2026-36458). Successful exploitation can lead to full system takeover.
CVE-2026-32686 Vulnerability in decimal (CVE-2026-32686)
vulnerability in decimal (CVE-2026-32686). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0` or later.
CVE-2025-63706 Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
CVE-2025-67202 Cross-Site Scripting (XSS) in sidekiq-cron (CVE-2025-67202)
cross-site scripting in sidekiq-cron (CVE-2025-67202). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.0` or later.
CVE-2025-63705 OS Command Injection in node-ts-ocr (CVE-2025-63705)
OS command injection in node-ts-ocr (CVE-2025-63705). Successful exploitation can lead to full system takeover.
CVE-2026-30496 Vulnerability in android (CVE-2026-30496)
vulnerability in android (CVE-2026-30496). Successful exploitation can lead to full system takeover.
CVE-2026-30495 Vulnerability in CVE-2026-30495 (CVE-2026-30495)
vulnerability in CVE-2026-30495 (CVE-2026-30495). Successful exploitation can lead to full system takeover.
CVE-2026-8092 Out-of-Bounds Read in mozilla (CVE-2026-8092)
vulnerability in mozilla (CVE-2026-8092). Successful exploitation can lead to full system takeover.
CVE-2026-8094 Code Injection in firefox (CVE-2026-8094)
code injection in firefox (CVE-2026-8094). Successful exploitation can lead to full system takeover.
CVE-2026-8091 Vulnerability in firefox (CVE-2026-8091)
vulnerability in firefox (CVE-2026-8091). Successful exploitation can lead to full system takeover.
CVE-2026-8093 Buffer Overflow in mozilla (CVE-2026-8093)
vulnerability in mozilla (CVE-2026-8093). Successful exploitation can lead to full system takeover.
CVE-2026-5791 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-5791)
vulnerability in csrf (CVE-2026-5791). Data can be tampered with by attackers.
CVE-2026-8090 Use-After-Free in mozilla (CVE-2026-8090)
vulnerability in mozilla (CVE-2026-8090). Risk of unauthorized operations or information disclosure.
CVE-2026-8080 Cross-Site Scripting (XSS) in misp (CVE-2026-8080)
cross-site scripting in misp (CVE-2026-8080). Risk of unauthorized operations or information disclosure.
CVE-2026-6805 Vulnerability in thalesgroup (CVE-2026-6805)
vulnerability in thalesgroup (CVE-2026-6805). Confidential information can be exposed externally.
CVE-2026-44407 Vulnerability in dos (CVE-2026-44407)
vulnerability in dos (CVE-2026-44407). Risk of unauthorized operations or information disclosure.
CVE-2025-1978 Code Injection in hitachi (CVE-2025-1978)
code injection in hitachi (CVE-2025-1978). Risk of unauthorized operations or information disclosure.
CVE-2026-4430 Out-of-Bounds Write in libreoffice (CVE-2026-4430)
out-of-bounds write in libreoffice (CVE-2026-4430). Successful exploitation can lead to full system takeover.
CVE-2026-44406 Vulnerability in privilege-escalation (CVE-2026-44406)
vulnerability in privilege-escalation (CVE-2026-44406). Risk of unauthorized operations or information disclosure.
CVE-2025-9661 OS Command Injection in hitachi (CVE-2025-9661)
OS command injection in hitachi (CVE-2025-9661). Successful exploitation can lead to full system takeover.
CVE-2026-41002 Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002). Confidential information can be exposed externally. Exploitable via ``spring.cloud.config.server.git.basedir``.
CVE-2026-41004 Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41004)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41004). Confidential information can be exposed externally.
CVE-2026-40981 Vulnerability in org.springframework.cloud:spring-cloud-config (CVE-2026-40981)
vulnerability in org.springframework.cloud:spring-cloud-config (CVE-2026-40981). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
CVE-2026-40982 Path Traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982)
path traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
CVE-2026-8063 Vulnerability in mongodb (CVE-2026-8063)
vulnerability in mongodb (CVE-2026-8063). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.7` or later.
CVE-2026-41139 Vulnerability in mathjs (CVE-2026-41139)
vulnerability in mathjs (CVE-2026-41139). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
CVE-2026-41413 SSRF (Server-Side Request Forgery) in istio.io/istio (CVE-2026-41413)
SSRF in istio.io/istio (CVE-2026-41413). Risk of unauthorized operations or information disclosure. Exploitable via ``ValidatingAdmissionPolicy``. Mitigation: upgrade to `0.0.0-20260410004459-189832a289c1` or later.
CVE-2026-44513 Code Injection in diffusers (CVE-2026-44513)
code injection in diffusers (CVE-2026-44513). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-44248 Vulnerability in io.netty:netty-codec-mqtt (CVE-2026-44248)
vulnerability in io.netty:netty-codec-mqtt (CVE-2026-44248). Risk of unauthorized operations or information disclosure. Exploitable via ``MqttDecoder``. Mitigation: upgrade to `4.1.133.Final` or later.
CVE-2026-44602 Vulnerability in torproject (CVE-2026-44602)
vulnerability in torproject (CVE-2026-44602). Risk of unauthorized operations or information disclosure.
CVE-2026-42216 Out-of-Bounds Read in openexr (CVE-2026-42216)
vulnerability in openexr (CVE-2026-42216). Confidential information can be exposed externally. Exploitable via ``c13e0e1320a6652e02c5c90c6dbd984d532efe44``.
CVE-2026-42217 Vulnerability in openexr (CVE-2026-42217)
vulnerability in openexr (CVE-2026-42217). Successful exploitation can lead to full system takeover. Exploitable via ``ImfIDManifest.cpp``.
CVE-2026-41142 Vulnerability in openexr (CVE-2026-41142)
vulnerability in openexr (CVE-2026-41142). Successful exploitation can lead to full system takeover.
CVE-2026-40004 Vulnerability in privilege-escalation (CVE-2026-40004)
vulnerability in privilege-escalation (CVE-2026-40004). Confidential information can be exposed externally.
CVE-2026-44283 Authorization Flaw in go.etcd.io/etcd/v3 (CVE-2026-44283)
vulnerability in go.etcd.io/etcd/v3 (CVE-2026-44283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.5.30` or later.
CVE-2026-44827 Code Injection in diffusers (CVE-2026-44827)
code injection in diffusers (CVE-2026-44827). Successful exploitation can lead to full system takeover. Exploitable via ``DiffusionPipeline.from_pretrained``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-40003 Out-of-Bounds Write in zte (CVE-2026-40003)
out-of-bounds write in zte (CVE-2026-40003). Data can be tampered with by attackers.
CVE-2026-44312 Vulnerability in css_parser (CVE-2026-44312)
vulnerability in css_parser (CVE-2026-44312). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.22.0` or later.
CVE-2026-44484 Vulnerability in pytorch-lightning (CVE-2026-44484)
vulnerability in pytorch-lightning (CVE-2026-44484). Successful exploitation can lead to full system takeover.
CVE-2026-42586 Vulnerability in io.netty:netty-codec-redis (CVE-2026-42586)
vulnerability in io.netty:netty-codec-redis (CVE-2026-42586). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.codec.redis.RedisEncoder``. Mitigation: upgrade to `4.1.133.Final` or later.
CVE-2026-42582 Vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.13.Final` or later.
CVE-2026-44264 Cross-Site Scripting (XSS) in weblate (CVE-2026-44264)
cross-site scripting in weblate (CVE-2026-44264). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.17.1` or later.
CVE-2026-44263 Vulnerability in weblate (CVE-2026-44263)
vulnerability in weblate (CVE-2026-44263). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.17.1` or later.
CVE-2026-6973 KEV [KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-46689 Vulnerability in scim_proto (CVE-2026-46689)
vulnerability in scim_proto (CVE-2026-46689). Risk of unauthorized operations or information disclosure. Exploitable via ``GET``. Mitigation: upgrade to `1.9.3` or later.
CVE-2026-44244 Code Injection in GitPython (CVE-2026-44244)
code injection in GitPython (CVE-2026-44244). Successful exploitation can lead to full system takeover. Exploitable via ``configparser``. Mitigation: upgrade to `3.1.49` or later.
CVE-2026-44223 Vulnerability in vllm (CVE-2026-44223)
vulnerability in vllm (CVE-2026-44223). Risk of unauthorized operations or information disclosure. Exploitable via ``extract_hidden_states``. Mitigation: upgrade to `0.20.0` or later.
CVE-2026-40243 Authentication Bypass in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-40243)
authentication bypass in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-40243). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-44240 Vulnerability in basic-ftp (CVE-2026-44240)
vulnerability in basic-ftp (CVE-2026-44240). Risk of unauthorized operations or information disclosure. Exploitable via ``FtpContext._partialResponse``. Mitigation: upgrade to `5.3.1` or later.
CVE-2026-8018 Vulnerability in google (CVE-2026-8018)
vulnerability in google (CVE-2026-8018). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →