Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44513 |
|
Code Injection in diffusers (CVE-2026-44513)
code injection in diffusers (CVE-2026-44513). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``. Mitigation: upgrade to `0.38.0` or later.
|
| CVE-2026-44248 |
|
Vulnerability in io.netty:netty-codec-mqtt (CVE-2026-44248)
vulnerability in io.netty:netty-codec-mqtt (CVE-2026-44248). Risk of unauthorized operations or information disclosure. Exploitable via ``MqttDecoder``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-44602 |
|
Vulnerability in torproject (CVE-2026-44602)
vulnerability in torproject (CVE-2026-44602). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42216 |
|
Out-of-Bounds Read in openexr (CVE-2026-42216)
vulnerability in openexr (CVE-2026-42216). Confidential information can be exposed externally. Exploitable via ``c13e0e1320a6652e02c5c90c6dbd984d532efe44``.
|
| CVE-2026-42217 |
|
Vulnerability in openexr (CVE-2026-42217)
vulnerability in openexr (CVE-2026-42217). Successful exploitation can lead to full system takeover. Exploitable via ``ImfIDManifest.cpp``.
|
| CVE-2026-41142 |
|
Vulnerability in openexr (CVE-2026-41142)
vulnerability in openexr (CVE-2026-41142). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40004 |
|
Vulnerability in privilege-escalation (CVE-2026-40004)
vulnerability in privilege-escalation (CVE-2026-40004). Confidential information can be exposed externally.
|
| CVE-2026-44283 |
|
Authorization Flaw in go.etcd.io/etcd/v3 (CVE-2026-44283)
vulnerability in go.etcd.io/etcd/v3 (CVE-2026-44283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.5.30` or later.
|
| CVE-2026-44827 |
|
Code Injection in diffusers (CVE-2026-44827)
code injection in diffusers (CVE-2026-44827). Successful exploitation can lead to full system takeover. Exploitable via ``DiffusionPipeline.from_pretrained``. Mitigation: upgrade to `0.38.0` or later.
|
| CVE-2026-40003 |
|
Out-of-Bounds Write in zte (CVE-2026-40003)
out-of-bounds write in zte (CVE-2026-40003). Data can be tampered with by attackers.
|
| CVE-2026-44312 |
|
Vulnerability in css_parser (CVE-2026-44312)
vulnerability in css_parser (CVE-2026-44312). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.22.0` or later.
|
| CVE-2026-44484 |
|
Vulnerability in pytorch-lightning (CVE-2026-44484)
vulnerability in pytorch-lightning (CVE-2026-44484). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42586 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-42586)
vulnerability in io.netty:netty-codec-redis (CVE-2026-42586). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.codec.redis.RedisEncoder``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42582 |
|
Vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-44264 |
|
Cross-Site Scripting (XSS) in weblate (CVE-2026-44264)
cross-site scripting in weblate (CVE-2026-44264). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.17.1` or later.
|
| CVE-2026-44263 |
|
Vulnerability in weblate (CVE-2026-44263)
vulnerability in weblate (CVE-2026-44263). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.17.1` or later.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-46689 |
|
Vulnerability in scim_proto (CVE-2026-46689)
vulnerability in scim_proto (CVE-2026-46689). Risk of unauthorized operations or information disclosure. Exploitable via ``GET``. Mitigation: upgrade to `1.9.3` or later.
|
| CVE-2026-44244 |
|
Code Injection in GitPython (CVE-2026-44244)
code injection in GitPython (CVE-2026-44244). Successful exploitation can lead to full system takeover. Exploitable via ``configparser``. Mitigation: upgrade to `3.1.49` or later.
|
| CVE-2026-44223 |
|
Vulnerability in vllm (CVE-2026-44223)
vulnerability in vllm (CVE-2026-44223). Risk of unauthorized operations or information disclosure. Exploitable via ``extract_hidden_states``. Mitigation: upgrade to `0.20.0` or later.
|
| CVE-2026-40243 |
|
Authentication Bypass in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-40243)
authentication bypass in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-40243). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.0` or later.
|
| CVE-2026-44240 |
|
Vulnerability in basic-ftp (CVE-2026-44240)
vulnerability in basic-ftp (CVE-2026-44240). Risk of unauthorized operations or information disclosure. Exploitable via ``FtpContext._partialResponse``. Mitigation: upgrade to `5.3.1` or later.
|
| CVE-2026-8018 |
|
Vulnerability in google (CVE-2026-8018)
vulnerability in google (CVE-2026-8018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7989 |
|
Vulnerability in google (CVE-2026-7989)
vulnerability in google (CVE-2026-7989). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7959 |
|
Vulnerability in google (CVE-2026-7959)
vulnerability in google (CVE-2026-7959). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7946 |
|
Vulnerability in google (CVE-2026-7946)
vulnerability in google (CVE-2026-7946). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7932 |
|
Vulnerability in chromium (CVE-2026-7932)
vulnerability in chromium (CVE-2026-7932). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `148.0.7778.96-1~deb12u1` or later.
|
| CVE-2026-7916 |
|
Vulnerability in google (CVE-2026-7916)
vulnerability in google (CVE-2026-7916). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7915 |
|
Vulnerability in google (CVE-2026-7915)
vulnerability in google (CVE-2026-7915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7910 |
|
Use-After-Free in google (CVE-2026-7910)
vulnerability in google (CVE-2026-7910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7902 |
|
Out-of-Bounds Read in google (CVE-2026-7902)
vulnerability in google (CVE-2026-7902). Successful exploitation can lead to full system takeover.
|
| CVE-2025-31974 |
|
Vulnerability in hcltech (CVE-2025-31974)
vulnerability in hcltech (CVE-2025-31974). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6691 |
|
Vulnerability in c (CVE-2026-6691)
vulnerability in c (CVE-2026-6691). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7875 |
|
Path Traversal in nanoco (CVE-2026-7875)
path traversal in nanoco (CVE-2026-7875). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29080 |
|
SQL Injection in rucio (CVE-2026-29080)
SQL injection in rucio (CVE-2026-29080). Successful exploitation can lead to full system takeover. Exploitable via `GET /dids/`. Mitigation: upgrade to `40.1.1` or later.
|
| CVE-2026-20169 |
|
Command Injection in cisco (CVE-2026-20169)
command injection in cisco (CVE-2026-20169). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20035 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-20035)
SSRF in ssrf (CVE-2026-20035). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20168 |
|
Vulnerability in cisco (CVE-2026-20168)
vulnerability in cisco (CVE-2026-20168). Confidential information can be exposed externally.
|
| CVE-2026-29090 |
|
SQL Injection in rucio (CVE-2026-29090)
SQL injection in rucio (CVE-2026-29090). Successful exploitation can lead to full system takeover. Exploitable via `GET /dids/`. Mitigation: upgrade to `40.1.1` or later.
|
| CVE-2026-6787 |
|
Vulnerability in watchguard (CVE-2026-6787)
vulnerability in watchguard (CVE-2026-6787). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6788 |
|
Vulnerability in watchguard (CVE-2026-6788)
vulnerability in watchguard (CVE-2026-6788). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41288 |
|
Vulnerability in watchguard (CVE-2026-41288)
vulnerability in watchguard (CVE-2026-41288). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41286 |
|
Vulnerability in watchguard (CVE-2026-41286)
vulnerability in watchguard (CVE-2026-41286). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41287 |
|
Vulnerability in watchguard (CVE-2026-41287)
vulnerability in watchguard (CVE-2026-41287). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-31976 |
|
Information Disclosure in hcltech (CVE-2025-31976)
vulnerability in hcltech (CVE-2025-31976). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34282 |
|
Vulnerability in java (CVE-2026-34282)
vulnerability in java (CVE-2026-34282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-21947 |
|
Cross-Site Scripting (XSS) in java (CVE-2026-21947)
cross-site scripting in java (CVE-2026-21947). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2026-21945 |
|
Vulnerability in java (CVE-2026-21945)
vulnerability in java (CVE-2026-21945). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
|
| CVE-2026-21932 |
|
Vulnerability in java (CVE-2026-21932)
vulnerability in java (CVE-2026-21932). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
|
| CVE-2026-20652 |
|
Vulnerability in java (CVE-2026-20652)
vulnerability in java (CVE-2026-20652). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|