Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-39823 Cross-Site Scripting (XSS) in golang (CVE-2026-39823)
cross-site scripting in golang (CVE-2026-39823). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39836 Vulnerability in golang (CVE-2026-39836)
vulnerability in golang (CVE-2026-39836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39820 Vulnerability in golang (CVE-2026-39820)
vulnerability in golang (CVE-2026-39820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-42225 Vulnerability in c (CVE-2026-42225)
vulnerability in c (CVE-2026-42225). Data can be tampered with by attackers.
CVE-2026-39817 Out-of-Bounds Write in golang (CVE-2026-39817)
out-of-bounds write in golang (CVE-2026-39817). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-33814 Vulnerability in golang (CVE-2026-33814)
vulnerability in golang (CVE-2026-33814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-33811 Vulnerability in golang (CVE-2026-33811)
vulnerability in golang (CVE-2026-33811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-42879 Unrestricted File Upload in facturascripts/facturascripts (CVE-2026-42879)
vulnerability in facturascripts/facturascripts (CVE-2026-42879). Risk of unauthorized operations or information disclosure. Exploitable via ``PHPSESSID``.
CVE-2026-8086 Buffer Overflow in gdal (CVE-2026-8086)
vulnerability in gdal (CVE-2026-8086). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-8084 Buffer Overflow in gdal (CVE-2026-8084)
vulnerability in gdal (CVE-2026-8084). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-42215 OS Command Injection in GitPython (CVE-2026-42215)
OS command injection in GitPython (CVE-2026-42215). Successful exploitation can lead to full system takeover. Exploitable via ``upload_pack``. Mitigation: upgrade to `3.1.47` or later.
CVE-2026-42284 Vulnerability in GitPython (CVE-2026-42284)
vulnerability in GitPython (CVE-2026-42284). Successful exploitation can lead to full system takeover. Exploitable via ``multi_options``. Mitigation: upgrade to `3.1.47` or later.
CVE-2026-42214 Code Injection in dail8859 (CVE-2026-42214)
code injection in dail8859 (CVE-2026-42214). Successful exploitation can lead to full system takeover.
CVE-2026-8081 SSRF (Server-Side Request Forgery) in router-for-me (CVE-2026-8081)
SSRF in router-for-me (CVE-2026-8081). Risk of unauthorized operations or information disclosure.
CVE-2026-7413 Vulnerability in yarbo (CVE-2026-7413)
vulnerability in yarbo (CVE-2026-7413). Successful exploitation can lead to full system takeover.
CVE-2026-7415 Vulnerability in yarbo (CVE-2026-7415)
vulnerability in yarbo (CVE-2026-7415). Successful exploitation can lead to full system takeover.
CVE-2026-7414 Vulnerability in yarbo (CVE-2026-7414)
vulnerability in yarbo (CVE-2026-7414). Successful exploitation can lead to full system takeover.
CVE-2026-36387 Unrestricted File Upload in CVE-2026-36387 (CVE-2026-36387)
vulnerability in CVE-2026-36387 (CVE-2026-36387). Risk of unauthorized operations or information disclosure.
CVE-2026-36388 Cross-Site Scripting (XSS) in CVE-2026-36388 (CVE-2026-36388)
cross-site scripting in CVE-2026-36388 (CVE-2026-36388). Risk of unauthorized operations or information disclosure.
CVE-2025-63703 Vulnerability in npm (CVE-2025-63703)
vulnerability in npm (CVE-2025-63703). Successful exploitation can lead to full system takeover.
CVE-2025-63704 Vulnerability in prototype-pollution (CVE-2025-63704)
vulnerability in prototype-pollution (CVE-2025-63704). Successful exploitation can lead to full system takeover.
CVE-2026-44349 SQL Injection in github.com/daptin/daptin (CVE-2026-44349)
SQL injection in github.com/daptin/daptin (CVE-2026-44349). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/`. Mitigation: upgrade to `0.11.5` or later.
CVE-2026-42011 Vulnerability in CVE-2026-42011 (CVE-2026-42011)
vulnerability in CVE-2026-42011 (CVE-2026-42011). Confidential information can be exposed externally.
CVE-2026-36458 Code Injection in sqli (CVE-2026-36458)
code injection in sqli (CVE-2026-36458). Successful exploitation can lead to full system takeover.
CVE-2026-32686 Vulnerability in decimal (CVE-2026-32686)
vulnerability in decimal (CVE-2026-32686). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0` or later.
CVE-2025-63706 Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
CVE-2025-67202 Cross-Site Scripting (XSS) in sidekiq-cron (CVE-2025-67202)
cross-site scripting in sidekiq-cron (CVE-2025-67202). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.0` or later.
CVE-2025-63705 OS Command Injection in node-ts-ocr (CVE-2025-63705)
OS command injection in node-ts-ocr (CVE-2025-63705). Successful exploitation can lead to full system takeover.
CVE-2026-30496 Vulnerability in android (CVE-2026-30496)
vulnerability in android (CVE-2026-30496). Successful exploitation can lead to full system takeover.
CVE-2026-30495 Vulnerability in CVE-2026-30495 (CVE-2026-30495)
vulnerability in CVE-2026-30495 (CVE-2026-30495). Successful exploitation can lead to full system takeover.
CVE-2026-8092 Out-of-Bounds Read in mozilla (CVE-2026-8092)
vulnerability in mozilla (CVE-2026-8092). Successful exploitation can lead to full system takeover.
CVE-2026-8094 Code Injection in firefox (CVE-2026-8094)
code injection in firefox (CVE-2026-8094). Successful exploitation can lead to full system takeover.
CVE-2026-8091 Vulnerability in firefox (CVE-2026-8091)
vulnerability in firefox (CVE-2026-8091). Successful exploitation can lead to full system takeover.
CVE-2026-8093 Buffer Overflow in mozilla (CVE-2026-8093)
vulnerability in mozilla (CVE-2026-8093). Successful exploitation can lead to full system takeover.
CVE-2026-5791 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-5791)
vulnerability in csrf (CVE-2026-5791). Data can be tampered with by attackers.
CVE-2026-8090 Use-After-Free in mozilla (CVE-2026-8090)
vulnerability in mozilla (CVE-2026-8090). Risk of unauthorized operations or information disclosure.
CVE-2026-8080 Cross-Site Scripting (XSS) in misp (CVE-2026-8080)
cross-site scripting in misp (CVE-2026-8080). Risk of unauthorized operations or information disclosure.
CVE-2026-6805 Vulnerability in thalesgroup (CVE-2026-6805)
vulnerability in thalesgroup (CVE-2026-6805). Confidential information can be exposed externally.
CVE-2026-44407 Vulnerability in dos (CVE-2026-44407)
vulnerability in dos (CVE-2026-44407). Risk of unauthorized operations or information disclosure.
CVE-2025-1978 Code Injection in hitachi (CVE-2025-1978)
code injection in hitachi (CVE-2025-1978). Risk of unauthorized operations or information disclosure.
CVE-2026-4430 Out-of-Bounds Write in libreoffice (CVE-2026-4430)
out-of-bounds write in libreoffice (CVE-2026-4430). Successful exploitation can lead to full system takeover.
CVE-2026-44406 Vulnerability in privilege-escalation (CVE-2026-44406)
vulnerability in privilege-escalation (CVE-2026-44406). Risk of unauthorized operations or information disclosure.
CVE-2025-9661 OS Command Injection in hitachi (CVE-2025-9661)
OS command injection in hitachi (CVE-2025-9661). Successful exploitation can lead to full system takeover.
CVE-2026-41002 Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002). Confidential information can be exposed externally. Exploitable via ``spring.cloud.config.server.git.basedir``.
CVE-2026-41004 Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41004)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41004). Confidential information can be exposed externally.
CVE-2026-40981 Vulnerability in org.springframework.cloud:spring-cloud-config (CVE-2026-40981)
vulnerability in org.springframework.cloud:spring-cloud-config (CVE-2026-40981). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
CVE-2026-40982 Path Traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982)
path traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
CVE-2026-8063 Vulnerability in mongodb (CVE-2026-8063)
vulnerability in mongodb (CVE-2026-8063). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.7` or later.
CVE-2026-41139 Vulnerability in mathjs (CVE-2026-41139)
vulnerability in mathjs (CVE-2026-41139). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
CVE-2026-41413 SSRF (Server-Side Request Forgery) in istio.io/istio (CVE-2026-41413)
SSRF in istio.io/istio (CVE-2026-41413). Risk of unauthorized operations or information disclosure. Exploitable via ``ValidatingAdmissionPolicy``. Mitigation: upgrade to `0.0.0-20260410004459-189832a289c1` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →