Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-42091 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-42091)
vulnerability in csrf (CVE-2026-42091). Data can be tampered with by attackers.
CVE-2026-42138 Cross-Site Scripting (XSS) in langgenius (CVE-2026-42138)
cross-site scripting in langgenius (CVE-2026-42138). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/files/upload`.
CVE-2026-42087 SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.
CVE-2026-42086 Cross-Site Scripting (XSS) in openc3 (CVE-2026-42086)
cross-site scripting in openc3 (CVE-2026-42086). Risk of unauthorized operations or information disclosure. Exploitable via ``convertToValue``. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-42052 Cross-Site Scripting (XSS) in beets (CVE-2026-42052)
cross-site scripting in beets (CVE-2026-42052). Risk of unauthorized operations or information disclosure. Exploitable via ``title``. Mitigation: upgrade to `2.10.0` or later.
CVE-2026-42085 Vulnerability in openc3 (CVE-2026-42085)
vulnerability in openc3 (CVE-2026-42085). Risk of unauthorized operations or information disclosure. Exploitable via ``OPENC3_LOCAL_MODE_PATH``. Mitigation: upgrade to `7.0.0-rc3` or later.
CVE-2026-32834 Vulnerability in wordpress (CVE-2026-32834)
vulnerability in wordpress (CVE-2026-32834). Confidential information can be exposed externally.
CVE-2026-40076 Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40076)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40076). Successful exploitation can lead to full system takeover. Exploitable via `POST /openmrs/ws/rest/v1/module`.
CVE-2026-40075 Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40075)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40075). Confidential information can be exposed externally. Exploitable via ``ModuleResourcesServlet``. Mitigation: upgrade to `2.8.6` or later.
CVE-2026-42376 Vulnerability in dlink (CVE-2026-42376)
vulnerability in dlink (CVE-2026-42376). Successful exploitation can lead to full system takeover.
CVE-2026-42090 Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
cross-site scripting in streetwriters (CVE-2026-42090). Successful exploitation can lead to full system takeover.
CVE-2026-26332 Code Injection in vm2-project (CVE-2026-26332)
code injection in vm2-project (CVE-2026-26332). Successful exploitation can lead to full system takeover.
CVE-2026-26956 Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
CVE-2026-24118 Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
CVE-2026-24120 Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
CVE-2026-24781 Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
CVE-2026-24082 Use-After-Free in qualcomm (CVE-2026-24082)
vulnerability in qualcomm (CVE-2026-24082). Successful exploitation can lead to full system takeover.
CVE-2026-35527 SSRF (Server-Side Request Forgery) in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527)
SSRF in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527). Risk of unauthorized operations or information disclosure. Exploitable via ``restricted.images.servers``. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-37458 Vulnerability in dos (CVE-2026-37458)
vulnerability in dos (CVE-2026-37458). Risk of unauthorized operations or information disclosure.
CVE-2026-6266 Vulnerability in CVE-2026-6266 (CVE-2026-6266)
vulnerability in CVE-2026-6266 (CVE-2026-6266). Confidential information can be exposed externally.
CVE-2026-7482 Out-of-Bounds Read in github.com/ollama/ollama (CVE-2026-7482)
vulnerability in github.com/ollama/ollama (CVE-2026-7482). Confidential information can be exposed externally. Mitigation: upgrade to `0.17.1` or later.
CVE-2025-70069 Vulnerability in cpp (CVE-2025-70069)
vulnerability in cpp (CVE-2025-70069). Risk of unauthorized operations or information disclosure.
CVE-2025-70070 Vulnerability in cpp (CVE-2025-70070)
vulnerability in cpp (CVE-2025-70070). Risk of unauthorized operations or information disclosure.
CVE-2025-70072 Out-of-Bounds Read in cpp (CVE-2025-70072)
vulnerability in cpp (CVE-2025-70072). Risk of unauthorized operations or information disclosure.
CVE-2025-70067 Vulnerability in CVE-2025-70067 (CVE-2025-70067)
vulnerability in CVE-2025-70067 (CVE-2025-70067). Successful exploitation can lead to full system takeover.
CVE-2025-58074 Vulnerability in privilege-escalation (CVE-2025-58074)
vulnerability in privilege-escalation (CVE-2025-58074). Successful exploitation can lead to full system takeover.
CVE-2026-3120 Code Injection in CVE-2026-3120 (CVE-2026-3120)
code injection in CVE-2026-3120 (CVE-2026-3120). Successful exploitation can lead to full system takeover.
CVE-2026-33846 A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of...
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of...
CVE-2025-14320 Cross-Site Scripting (XSS) in CVE-2025-14320 (CVE-2025-14320)
cross-site scripting in CVE-2025-14320 (CVE-2025-14320). Successful exploitation can lead to full system takeover.
CVE-2026-42364 OS Command Injection in geovision (CVE-2026-42364)
OS command injection in geovision (CVE-2026-42364). Successful exploitation can lead to full system takeover.
CVE-2026-42367 Vulnerability in c (CVE-2026-42367)
vulnerability in c (CVE-2026-42367). Confidential information can be exposed externally.
CVE-2026-42370 Out-of-Bounds Write in geovision (CVE-2026-42370)
out-of-bounds write in geovision (CVE-2026-42370). Successful exploitation can lead to full system takeover.
CVE-2026-42369 Out-of-Bounds Write in CVE-2026-42369 (CVE-2026-42369)
out-of-bounds write in CVE-2026-42369 (CVE-2026-42369). Successful exploitation can lead to full system takeover. Exploitable via ``gvapi``.
CVE-2026-7701 Vulnerability in cpp (CVE-2026-7701)
vulnerability in cpp (CVE-2026-7701). Risk of unauthorized operations or information disclosure.
CVE-2026-7668 Buffer Overflow in CVE-2026-7668 (CVE-2026-7668)
vulnerability in CVE-2026-7668 (CVE-2026-7668). Risk of unauthorized operations or information disclosure.
CVE-2026-7489 SQL Injection in sqli (CVE-2026-7489)
SQL injection in sqli (CVE-2026-7489). Successful exploitation can lead to full system takeover.
CVE-2026-7490 Unrestricted File Upload in sunnet (CVE-2026-7490)
vulnerability in sunnet (CVE-2026-7490). Successful exploitation can lead to full system takeover.
CVE-2026-43058 Vulnerability in linux (CVE-2026-43058)
vulnerability in linux (CVE-2026-43058). Risk of unauthorized operations or information disclosure.
CVE-2026-43824 Vulnerability in CVE-2026-43824 (CVE-2026-43824)
vulnerability in CVE-2026-43824 (CVE-2026-43824). Confidential information can be exposed externally.
CVE-2026-7598 Vulnerability in c (CVE-2026-7598)
vulnerability in c (CVE-2026-7598). Risk of unauthorized operations or information disclosure.
CVE-2026-37457 Out-of-Bounds Write in c (CVE-2026-37457)
out-of-bounds write in c (CVE-2026-37457). Risk of unauthorized operations or information disclosure.
CVE-2026-42468 Vulnerability in cpp (CVE-2026-42468)
vulnerability in cpp (CVE-2026-42468). Successful exploitation can lead to full system takeover.
CVE-2026-42469 Vulnerability in cpp (CVE-2026-42469)
vulnerability in cpp (CVE-2026-42469). Risk of unauthorized operations or information disclosure.
CVE-2026-37541 Vulnerability in cpp (CVE-2026-37541)
vulnerability in cpp (CVE-2026-37541). Successful exploitation can lead to full system takeover.
CVE-2026-37540 Vulnerability in c (CVE-2026-37540)
vulnerability in c (CVE-2026-37540). Successful exploitation can lead to full system takeover.
CVE-2026-37530 Vulnerability in c (CVE-2026-37530)
vulnerability in c (CVE-2026-37530). Risk of unauthorized operations or information disclosure.
CVE-2026-37525 Privilege Escalation in c (CVE-2026-37525)
vulnerability in c (CVE-2026-37525). Successful exploitation can lead to full system takeover.
CVE-2026-37531 Path Traversal in c (CVE-2026-37531)
path traversal in c (CVE-2026-37531). Successful exploitation can lead to full system takeover.
CVE-2026-37526 Vulnerability in c (CVE-2026-37526)
vulnerability in c (CVE-2026-37526). Successful exploitation can lead to full system takeover.
CVE-2026-42480 Out-of-Bounds Read in dos (CVE-2026-42480)
vulnerability in dos (CVE-2026-42480). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →