Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43113 |
|
Vulnerability in linux (CVE-2026-43113)
vulnerability in linux (CVE-2026-43113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43116 |
|
Vulnerability in linux (CVE-2026-43116)
vulnerability in linux (CVE-2026-43116). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43117 |
|
Vulnerability in linux (CVE-2026-43117)
vulnerability in linux (CVE-2026-43117). Confidential information can be exposed externally.
|
| CVE-2026-43120 |
|
Vulnerability in linux (CVE-2026-43120)
vulnerability in linux (CVE-2026-43120). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43112 |
|
Out-of-Bounds Read in linux (CVE-2026-43112)
vulnerability in linux (CVE-2026-43112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43111 |
|
Use-After-Free in linux (CVE-2026-43111)
vulnerability in linux (CVE-2026-43111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43097 |
|
Vulnerability in c (CVE-2026-43097)
vulnerability in c (CVE-2026-43097). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43099 |
|
Vulnerability in linux (CVE-2026-43099)
vulnerability in linux (CVE-2026-43099). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43101 |
|
Vulnerability in linux (CVE-2026-43101)
vulnerability in linux (CVE-2026-43101). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43096 |
|
Vulnerability in dos (CVE-2026-43096)
vulnerability in dos (CVE-2026-43096). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43089 |
|
Vulnerability in linux (CVE-2026-43089)
vulnerability in linux (CVE-2026-43089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43086 |
|
Vulnerability in c (CVE-2026-43086)
vulnerability in c (CVE-2026-43086). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43083 |
|
Vulnerability in linux (CVE-2026-43083)
vulnerability in linux (CVE-2026-43083). Confidential information can be exposed externally.
|
| CVE-2026-43084 |
|
Use-After-Free in c (CVE-2026-43084)
vulnerability in c (CVE-2026-43084). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43076 |
|
Use-After-Free in linux (CVE-2026-43076)
vulnerability in linux (CVE-2026-43076). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43074 |
|
Vulnerability in c (CVE-2026-43074)
vulnerability in c (CVE-2026-43074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43075 |
|
Out-of-Bounds Write in c (CVE-2026-43075)
out-of-bounds write in c (CVE-2026-43075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43078 |
|
Out-of-Bounds Write in linux (CVE-2026-43078)
out-of-bounds write in linux (CVE-2026-43078). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7841 |
|
Code Injection in CVE-2026-7841 (CVE-2026-7841)
code injection in CVE-2026-7841 (CVE-2026-7841). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35253 |
|
Open Redirect in oracle (CVE-2026-35253)
vulnerability in oracle (CVE-2026-35253). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7572 |
|
Vulnerability in www.velocidex.com/golang/velociraptor (CVE-2026-7572)
vulnerability in www.velocidex.com/golang/velociraptor (CVE-2026-7572). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.76.5` or later.
|
| CVE-2026-28780 |
|
Vulnerability in apache (CVE-2026-28780)
vulnerability in apache (CVE-2026-28780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0300 KEV |
|
[KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-43882 |
|
Vulnerability in wwbn/avideo (CVE-2026-43882)
vulnerability in wwbn/avideo (CVE-2026-43882). Risk of unauthorized operations or information disclosure. Exploitable via ``title``.
|
| CVE-2026-44903 |
|
Cross-Site Scripting (XSS) in github.com/prometheus/prometheus (CVE-2026-44903)
cross-site scripting in github.com/prometheus/prometheus (CVE-2026-44903). Risk of unauthorized operations or information disclosure. Exploitable via ``label_replace``. Mitigation: upgrade to `2.7.2` or later.
|
| CVE-2026-42334 |
|
Vulnerability in mongoose (CVE-2026-42334)
vulnerability in mongoose (CVE-2026-42334). Confidential information can be exposed externally. Exploitable via ``sanitizeFilter``. Mitigation: upgrade to `9.1.6` or later.
|
| CVE-2026-42997 |
|
Vulnerability in ironic-python-agent (CVE-2026-42997)
vulnerability in ironic-python-agent (CVE-2026-42997). Confidential information can be exposed externally. Mitigation: upgrade to `26.1.6` or later.
|
| CVE-2026-44167 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-44167)
vulnerability in phpseclib/phpseclib (CVE-2026-44167). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.29` or later.
|
| CVE-2026-35579 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-39852 |
|
Authorization Flaw in io.quarkus:quarkus-vertx-http (CVE-2026-39852)
vulnerability in io.quarkus:quarkus-vertx-http (CVE-2026-39852). Confidential information can be exposed externally. Mitigation: upgrade to `3.35.1.1` or later.
|
| CVE-2026-39402 |
|
Authorization Flaw in dos (CVE-2026-39402)
vulnerability in dos (CVE-2026-39402). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39383 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383). Confidential information can be exposed externally. Exploitable via ``FilterDeadline``. Mitigation: upgrade to `8.31.0` or later.
|
| CVE-2026-39849 |
|
Vulnerability in pi-hole (CVE-2026-39849)
vulnerability in pi-hole (CVE-2026-39849). Successful exploitation can lead to full system takeover. Exploitable via ``dns.interface``.
|
| CVE-2026-42285 |
|
Vulnerability in github.com/osrg/gobgp/v4 (CVE-2026-42285)
vulnerability in github.com/osrg/gobgp/v4 (CVE-2026-42285). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.5.0` or later.
|
| CVE-2026-40280 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-40280)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-40280). Confidential information can be exposed externally. Exploitable via ``downloadFrom``. Mitigation: upgrade to `8.31.0` or later.
|
| CVE-2026-35397 |
|
Path Traversal in jupyter-server (CVE-2026-35397)
path traversal in jupyter-server (CVE-2026-35397). Successful exploitation can lead to full system takeover. Exploitable via ``root_dir``. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-35453 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-32936 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32936)
vulnerability in github.com/coredns/coredns (CVE-2026-32936). Risk of unauthorized operations or information disclosure. Exploitable via ``dns``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33190 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-33190)
authentication bypass in github.com/coredns/coredns (CVE-2026-33190). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33420 |
|
Vulnerability in dani-garcia (CVE-2026-33420)
vulnerability in dani-garcia (CVE-2026-33420). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/organizations/{org_id}/collections/details`.
|
| CVE-2026-33489 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-33489)
vulnerability in github.com/coredns/coredns (CVE-2026-33489). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33324 |
|
SQL Injection in fit2cloud (CVE-2026-33324)
SQL injection in fit2cloud (CVE-2026-33324). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32934 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32934)
vulnerability in github.com/coredns/coredns (CVE-2026-32934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-27960 |
|
Authentication Bypass in pycti (CVE-2026-27960)
authentication bypass in pycti (CVE-2026-27960). Successful exploitation can lead to full system takeover. Exploitable via ``APP__ADMIN__EXTERNALLY_MANAGED``. Mitigation: upgrade to `6.9.13` or later.
|
| CVE-2026-38428 |
|
SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.
|
| CVE-2026-43068 |
|
Vulnerability in linux (CVE-2026-43068)
vulnerability in linux (CVE-2026-43068). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43066 |
|
Vulnerability in linux (CVE-2026-43066)
vulnerability in linux (CVE-2026-43066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43069 |
|
Vulnerability in c (CVE-2026-43069)
vulnerability in c (CVE-2026-43069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43061 |
|
Vulnerability in linux (CVE-2026-43061)
vulnerability in linux (CVE-2026-43061). Risk of unauthorized operations or information disclosure. Exploitable via ``dmaengine_terminate_async``.
|