Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41417 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-41417)
vulnerability in io.netty:netty-codec-http (CVE-2026-41417). Risk of unauthorized operations or information disclosure. Exploitable via `POST /s2`. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-38431 |
|
Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38432 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25243 |
|
Vulnerability in redis (CVE-2026-25243)
vulnerability in redis (CVE-2026-25243). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23631 |
|
Use-After-Free in redis (CVE-2026-23631)
vulnerability in redis (CVE-2026-23631). Data can be tampered with by attackers.
|
| CVE-2026-23479 |
|
Use-After-Free in redis (CVE-2026-23479)
vulnerability in redis (CVE-2026-23479). Successful exploitation can lead to full system takeover. Exploitable via ``processCommandAndResetClient``.
|
| CVE-2025-61669 |
|
Open Redirect in jupyter-server (CVE-2025-61669)
vulnerability in jupyter-server (CVE-2025-61669). Risk of unauthorized operations or information disclosure. Exploitable via ``google.com``. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-43070 |
|
Out-of-Bounds Read in linux (CVE-2026-43070)
vulnerability in linux (CVE-2026-43070). Successful exploitation can lead to full system takeover. Exploitable via ``__mark_reg_known``.
|
| CVE-2026-43071 |
|
Vulnerability in c (CVE-2026-43071)
vulnerability in c (CVE-2026-43071). Confidential information can be exposed externally.
|
| CVE-2026-43067 |
|
Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39103 |
|
Vulnerability in c (CVE-2026-39103)
vulnerability in c (CVE-2026-39103). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34000 |
|
Out-of-Bounds Read in dos (CVE-2026-34000)
vulnerability in dos (CVE-2026-34000). Confidential information can be exposed externally. Exploitable via ``XkbAddGeomKeyAlias``.
|
| CVE-2026-31195 |
|
OS Command Injection in CVE-2026-31195 (CVE-2026-31195)
OS command injection in CVE-2026-31195 (CVE-2026-31195). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31196 |
|
OS Command Injection in CVE-2026-31196 (CVE-2026-31196)
OS command injection in CVE-2026-31196 (CVE-2026-31196). Successful exploitation can lead to full system takeover.
|
| CVE-2025-52206 |
|
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
|
| CVE-2026-36356 |
|
OS Command Injection in CVE-2026-36356 (CVE-2026-36356)
OS command injection in CVE-2026-36356 (CVE-2026-36356). Confidential information can be exposed externally.
|
| CVE-2026-36355 |
|
Information Disclosure in CVE-2026-36355 (CVE-2026-36355)
vulnerability in CVE-2026-36355 (CVE-2026-36355). Confidential information can be exposed externally.
|
| CVE-2026-6918 |
|
Out-of-Bounds Read in eclipse (CVE-2026-6918)
vulnerability in eclipse (CVE-2026-6918). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27694 |
|
Cross-Site Scripting (XSS) in traccar (CVE-2026-27694)
cross-site scripting in traccar (CVE-2026-27694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27693 |
|
Vulnerability in traccar (CVE-2026-27693)
vulnerability in traccar (CVE-2026-27693). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42437 |
|
Vulnerability in openclaw (CVE-2026-42437)
vulnerability in openclaw (CVE-2026-42437). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.10` or later.
|
| CVE-2026-43869 |
|
Vulnerability in org.apache.thrift:libthrift (CVE-2026-43869)
vulnerability in org.apache.thrift:libthrift (CVE-2026-43869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.0` or later.
|
| CVE-2026-43868 |
|
Vulnerability in thrift (CVE-2026-43868)
vulnerability in thrift (CVE-2026-43868). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.0` or later.
|
| CVE-2026-6418 |
|
Vulnerability in papercut (CVE-2026-6418)
vulnerability in papercut (CVE-2026-6418). Confidential information can be exposed externally.
|
| CVE-2026-6180 |
|
Vulnerability in papercut (CVE-2026-6180)
vulnerability in papercut (CVE-2026-6180). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42039 |
|
Vulnerability in axios (CVE-2026-42039)
vulnerability in axios (CVE-2026-42039). Risk of unauthorized operations or information disclosure. Exploitable via `POST /forward`. Mitigation: upgrade to `0.31.1` or later.
|
| CVE-2026-38751 |
|
Unrestricted File Upload in devcode-it/openstamanager (CVE-2026-38751)
vulnerability in devcode-it/openstamanager (CVE-2026-38751). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44113 |
|
Vulnerability in openclaw (CVE-2026-44113)
vulnerability in openclaw (CVE-2026-44113). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.22` or later.
|
| CVE-2026-44112 |
|
Vulnerability in openclaw (CVE-2026-44112)
vulnerability in openclaw (CVE-2026-44112). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.22` or later.
|
| CVE-2026-41895 |
|
XXE (XML External Entity) in changedetection.io (CVE-2026-41895)
vulnerability in changedetection.io (CVE-2026-41895). Confidential information can be exposed externally. Exploitable via ``XXE``.
|
| CVE-2026-41922 |
|
OS Command Injection in CVE-2026-41922 (CVE-2026-41922)
OS command injection in CVE-2026-41922 (CVE-2026-41922). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41326 |
|
Vulnerability in github.com/kata-containers/kata-containers (CVE-2026-41326)
vulnerability in github.com/kata-containers/kata-containers (CVE-2026-41326). Confidential information can be exposed externally. Exploitable via ``policy_data.common.cpath``. Mitigation: upgrade to `0.0.0-20260422180503-1b9e49eb2763` or later.
|
| CVE-2026-43964 |
|
Vulnerability in postfix (CVE-2026-43964)
vulnerability in postfix (CVE-2026-43964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42151 |
|
Information Disclosure in github.com/prometheus/prometheus (CVE-2026-42151)
vulnerability in github.com/prometheus/prometheus (CVE-2026-42151). Confidential information can be exposed externally. Exploitable via ``client_secret``. Mitigation: upgrade to `0.311.3` or later.
|
| CVE-2026-42154 |
|
Vulnerability in github.com/prometheus/prometheus (CVE-2026-42154)
vulnerability in github.com/prometheus/prometheus (CVE-2026-42154). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.11.3` or later.
|
| CVE-2026-41686 |
|
Vulnerability in @anthropic-ai/sdk (CVE-2026-41686)
vulnerability in @anthropic-ai/sdk (CVE-2026-41686). Risk of unauthorized operations or information disclosure. Exploitable via ``BetaLocalFilesystemMemoryTool``. Mitigation: upgrade to `0.91.1` or later.
|
| CVE-2026-29004 |
|
Vulnerability in c (CVE-2026-29004)
vulnerability in c (CVE-2026-29004). Data can be tampered with by attackers.
|
| CVE-2026-42440 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-37459 |
|
Vulnerability in dos (CVE-2026-37459)
vulnerability in dos (CVE-2026-37459). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42027 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-42809 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809). Successful exploitation can lead to full system takeover. Exploitable via ``location``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42810 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810). Successful exploitation can lead to full system takeover. Exploitable via ``TABLE_CREATE``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42811 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42812 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812). Successful exploitation can lead to full system takeover. Exploitable via ``write.metadata.path``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-37461 |
|
Out-of-Bounds Read in github.com/osrg/gobgp/v4 (CVE-2026-37461)
vulnerability in github.com/osrg/gobgp/v4 (CVE-2026-37461). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.4.0` or later.
|
| CVE-2025-70071 |
|
Vulnerability in cpp (CVE-2025-70071)
vulnerability in cpp (CVE-2025-70071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43616 |
|
Vulnerability in path-traversal (CVE-2026-43616)
vulnerability in path-traversal (CVE-2026-43616). Data can be tampered with by attackers.
|
| CVE-2026-42796 |
|
Vulnerability in workiva (CVE-2026-42796)
vulnerability in workiva (CVE-2026-42796). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42088 |
|
Vulnerability in openc3 (CVE-2026-42088)
vulnerability in openc3 (CVE-2026-42088). Confidential information can be exposed externally.
|