Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-43882 Vulnerability in wwbn/avideo (CVE-2026-43882)
vulnerability in wwbn/avideo (CVE-2026-43882). Risk of unauthorized operations or information disclosure. Exploitable via ``title``.
CVE-2026-44903 Cross-Site Scripting (XSS) in github.com/prometheus/prometheus (CVE-2026-44903)
cross-site scripting in github.com/prometheus/prometheus (CVE-2026-44903). Risk of unauthorized operations or information disclosure. Exploitable via ``label_replace``. Mitigation: upgrade to `2.7.2` or later.
CVE-2026-42334 Vulnerability in mongoose (CVE-2026-42334)
vulnerability in mongoose (CVE-2026-42334). Confidential information can be exposed externally. Exploitable via ``sanitizeFilter``. Mitigation: upgrade to `9.1.6` or later.
CVE-2026-42997 Vulnerability in ironic-python-agent (CVE-2026-42997)
vulnerability in ironic-python-agent (CVE-2026-42997). Confidential information can be exposed externally. Mitigation: upgrade to `26.1.6` or later.
CVE-2026-44167 Vulnerability in phpseclib/phpseclib (CVE-2026-44167)
vulnerability in phpseclib/phpseclib (CVE-2026-44167). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.29` or later.
CVE-2026-35579 Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-39852 Authorization Flaw in io.quarkus:quarkus-vertx-http (CVE-2026-39852)
vulnerability in io.quarkus:quarkus-vertx-http (CVE-2026-39852). Confidential information can be exposed externally. Mitigation: upgrade to `3.35.1.1` or later.
CVE-2026-39402 Authorization Flaw in dos (CVE-2026-39402)
vulnerability in dos (CVE-2026-39402). Risk of unauthorized operations or information disclosure.
CVE-2026-39383 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383). Confidential information can be exposed externally. Exploitable via ``FilterDeadline``. Mitigation: upgrade to `8.31.0` or later.
CVE-2026-39849 Vulnerability in pi-hole (CVE-2026-39849)
vulnerability in pi-hole (CVE-2026-39849). Successful exploitation can lead to full system takeover. Exploitable via ``dns.interface``.
CVE-2026-42285 Vulnerability in github.com/osrg/gobgp/v4 (CVE-2026-42285)
vulnerability in github.com/osrg/gobgp/v4 (CVE-2026-42285). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.5.0` or later.
CVE-2026-40280 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-40280)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-40280). Confidential information can be exposed externally. Exploitable via ``downloadFrom``. Mitigation: upgrade to `8.31.0` or later.
CVE-2026-35397 Path Traversal in jupyter-server (CVE-2026-35397)
path traversal in jupyter-server (CVE-2026-35397). Successful exploitation can lead to full system takeover. Exploitable via ``root_dir``. Mitigation: upgrade to `2.18.0` or later.
CVE-2026-35453 Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
CVE-2026-32936 Vulnerability in github.com/coredns/coredns (CVE-2026-32936)
vulnerability in github.com/coredns/coredns (CVE-2026-32936). Risk of unauthorized operations or information disclosure. Exploitable via ``dns``. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-33190 Authentication Bypass in github.com/coredns/coredns (CVE-2026-33190)
authentication bypass in github.com/coredns/coredns (CVE-2026-33190). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-33420 Vulnerability in dani-garcia (CVE-2026-33420)
vulnerability in dani-garcia (CVE-2026-33420). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/organizations/{org_id}/collections/details`.
CVE-2026-33489 Vulnerability in github.com/coredns/coredns (CVE-2026-33489)
vulnerability in github.com/coredns/coredns (CVE-2026-33489). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-33324 SQL Injection in fit2cloud (CVE-2026-33324)
SQL injection in fit2cloud (CVE-2026-33324). Successful exploitation can lead to full system takeover.
CVE-2026-32934 Vulnerability in github.com/coredns/coredns (CVE-2026-32934)
vulnerability in github.com/coredns/coredns (CVE-2026-32934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-27960 Authentication Bypass in pycti (CVE-2026-27960)
authentication bypass in pycti (CVE-2026-27960). Successful exploitation can lead to full system takeover. Exploitable via ``APP__ADMIN__EXTERNALLY_MANAGED``. Mitigation: upgrade to `6.9.13` or later.
CVE-2026-38428 SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.
CVE-2026-43068 Vulnerability in linux (CVE-2026-43068)
vulnerability in linux (CVE-2026-43068). Risk of unauthorized operations or information disclosure.
CVE-2026-43066 Vulnerability in linux (CVE-2026-43066)
vulnerability in linux (CVE-2026-43066). Risk of unauthorized operations or information disclosure.
CVE-2026-43069 Vulnerability in c (CVE-2026-43069)
vulnerability in c (CVE-2026-43069). Risk of unauthorized operations or information disclosure.
CVE-2026-43061 Vulnerability in linux (CVE-2026-43061)
vulnerability in linux (CVE-2026-43061). Risk of unauthorized operations or information disclosure. Exploitable via ``dmaengine_terminate_async``.
CVE-2026-41417 Vulnerability in io.netty:netty-codec-http (CVE-2026-41417)
vulnerability in io.netty:netty-codec-http (CVE-2026-41417). Risk of unauthorized operations or information disclosure. Exploitable via `POST /s2`. Mitigation: upgrade to `4.2.13.Final` or later.
CVE-2026-38431 Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
CVE-2026-38432 Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
CVE-2026-25243 Vulnerability in redis (CVE-2026-25243)
vulnerability in redis (CVE-2026-25243). Successful exploitation can lead to full system takeover.
CVE-2026-23631 Use-After-Free in redis (CVE-2026-23631)
vulnerability in redis (CVE-2026-23631). Data can be tampered with by attackers.
CVE-2026-23479 Use-After-Free in redis (CVE-2026-23479)
vulnerability in redis (CVE-2026-23479). Successful exploitation can lead to full system takeover. Exploitable via ``processCommandAndResetClient``.
CVE-2025-61669 Open Redirect in jupyter-server (CVE-2025-61669)
vulnerability in jupyter-server (CVE-2025-61669). Risk of unauthorized operations or information disclosure. Exploitable via ``google.com``. Mitigation: upgrade to `2.18.0` or later.
CVE-2026-43070 Out-of-Bounds Read in linux (CVE-2026-43070)
vulnerability in linux (CVE-2026-43070). Successful exploitation can lead to full system takeover. Exploitable via ``__mark_reg_known``.
CVE-2026-43071 Vulnerability in c (CVE-2026-43071)
vulnerability in c (CVE-2026-43071). Confidential information can be exposed externally.
CVE-2026-43067 Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
CVE-2026-39103 Vulnerability in c (CVE-2026-39103)
vulnerability in c (CVE-2026-39103). Risk of unauthorized operations or information disclosure.
CVE-2026-34000 Out-of-Bounds Read in dos (CVE-2026-34000)
vulnerability in dos (CVE-2026-34000). Confidential information can be exposed externally. Exploitable via ``XkbAddGeomKeyAlias``.
CVE-2026-31195 OS Command Injection in CVE-2026-31195 (CVE-2026-31195)
OS command injection in CVE-2026-31195 (CVE-2026-31195). Successful exploitation can lead to full system takeover.
CVE-2026-31196 OS Command Injection in CVE-2026-31196 (CVE-2026-31196)
OS command injection in CVE-2026-31196 (CVE-2026-31196). Successful exploitation can lead to full system takeover.
CVE-2025-52206 ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
CVE-2026-36356 OS Command Injection in CVE-2026-36356 (CVE-2026-36356)
OS command injection in CVE-2026-36356 (CVE-2026-36356). Confidential information can be exposed externally.
CVE-2026-36355 Information Disclosure in CVE-2026-36355 (CVE-2026-36355)
vulnerability in CVE-2026-36355 (CVE-2026-36355). Confidential information can be exposed externally.
CVE-2026-6918 Out-of-Bounds Read in eclipse (CVE-2026-6918)
vulnerability in eclipse (CVE-2026-6918). Risk of unauthorized operations or information disclosure.
CVE-2026-27694 Cross-Site Scripting (XSS) in traccar (CVE-2026-27694)
cross-site scripting in traccar (CVE-2026-27694). Risk of unauthorized operations or information disclosure.
CVE-2026-27693 Vulnerability in traccar (CVE-2026-27693)
vulnerability in traccar (CVE-2026-27693). Risk of unauthorized operations or information disclosure.
CVE-2026-42437 Vulnerability in openclaw (CVE-2026-42437)
vulnerability in openclaw (CVE-2026-42437). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.10` or later.
CVE-2026-43869 Vulnerability in org.apache.thrift:libthrift (CVE-2026-43869)
vulnerability in org.apache.thrift:libthrift (CVE-2026-43869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.0` or later.
CVE-2026-43868 Vulnerability in thrift (CVE-2026-43868)
vulnerability in thrift (CVE-2026-43868). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →