Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40355 |
|
Vulnerability in mit (CVE-2026-40355)
vulnerability in mit (CVE-2026-40355). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0711 |
|
OS Command Injection in zyxel (CVE-2026-0711)
OS command injection in zyxel (CVE-2026-0711). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1460 |
|
OS Command Injection in zyxel (CVE-2026-1460)
OS command injection in zyxel (CVE-2026-1460). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40976 |
|
Vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976)
vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.6` or later.
|
| CVE-2026-40974 |
|
Vulnerability in spring (CVE-2026-40974)
vulnerability in spring (CVE-2026-40974). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40975 |
|
Vulnerability in spring (CVE-2026-40975)
vulnerability in spring (CVE-2026-40975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32202 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2026-32202)
vulnerability in Microsoft windows (CVE-2026-32202). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-1708 KEV |
|
[KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40971 |
|
Vulnerability in spring (CVE-2026-40971)
vulnerability in spring (CVE-2026-40971). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3087 |
|
Path Traversal in libpython (CVE-2026-3087)
path traversal in libpython (CVE-2026-3087). Data can be tampered with by attackers. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-5362 |
|
Cross-Site Scripting (XSS) in pimcore (CVE-2026-5362)
cross-site scripting in pimcore (CVE-2026-5362). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40970 |
|
Vulnerability in spring (CVE-2026-40970)
vulnerability in spring (CVE-2026-40970). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31686 |
|
Vulnerability in linux (CVE-2026-31686)
vulnerability in linux (CVE-2026-31686). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38935 |
|
Cross-Site Scripting (XSS) in CVE-2026-38935 (CVE-2026-38935)
cross-site scripting in CVE-2026-38935 (CVE-2026-38935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38936 |
|
Cross-Site Scripting (XSS) in CVE-2026-38936 (CVE-2026-38936)
cross-site scripting in CVE-2026-38936 (CVE-2026-38936). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38934 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-38934 (CVE-2026-38934)
vulnerability in CVE-2026-38934 (CVE-2026-38934). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30462 |
|
Path Traversal in path-traversal (CVE-2026-30462)
path traversal in path-traversal (CVE-2026-30462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41465 |
|
Path Traversal in path-traversal (CVE-2026-41465)
path traversal in path-traversal (CVE-2026-41465). Confidential information can be exposed externally.
|
| CVE-2026-30352 |
|
Command Injection in CVE-2026-30352 (CVE-2026-30352)
command injection in CVE-2026-30352 (CVE-2026-30352). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32688 |
|
Vulnerability in dos (CVE-2026-32688)
vulnerability in dos (CVE-2026-32688). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40022 |
|
Vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022)
vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022). Confidential information can be exposed externally. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-27172 |
|
Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40858 |
|
Unsafe Deserialization in apache (CVE-2026-40858)
vulnerability in apache (CVE-2026-40858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33454 |
|
Unsafe Deserialization in apache (CVE-2026-33454)
vulnerability in apache (CVE-2026-33454). Confidential information can be exposed externally.
|
| CVE-2026-40860 |
|
Unsafe Deserialization in apache (CVE-2026-40860)
vulnerability in apache (CVE-2026-40860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40453 |
|
Vulnerability in org.apache.camel:camel-coap (CVE-2026-40453)
vulnerability in org.apache.camel:camel-coap (CVE-2026-40453). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-7101 |
|
Buffer Overflow in tenda (CVE-2026-7101)
vulnerability in tenda (CVE-2026-7101). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40048 |
|
Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
|
| CVE-2026-40473 |
|
Unsafe Deserialization in apache (CVE-2026-40473)
vulnerability in apache (CVE-2026-40473). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42371 |
|
Vulnerability in uriparser-project (CVE-2026-42371)
vulnerability in uriparser-project (CVE-2026-42371). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3006 |
|
Vulnerability in privilege-escalation (CVE-2026-3006)
vulnerability in privilege-escalation (CVE-2026-3006). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6786 |
|
Out-of-Bounds Read in mozilla (CVE-2026-6786)
vulnerability in mozilla (CVE-2026-6786). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6785 |
|
Out-of-Bounds Read in mozilla (CVE-2026-6785)
vulnerability in mozilla (CVE-2026-6785). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6999 |
|
Cross-Site Scripting (XSS) in CVE-2026-6999 (CVE-2026-6999)
cross-site scripting in CVE-2026-6999 (CVE-2026-6999). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6951 |
|
Code Injection in simple-git (CVE-2026-6951)
code injection in simple-git (CVE-2026-6951). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.36.0` or later.
|
| CVE-2026-42171 |
|
Vulnerability in nullsoft (CVE-2026-42171)
vulnerability in nullsoft (CVE-2026-42171). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41473 |
|
Vulnerability in dos (CVE-2026-41473)
vulnerability in dos (CVE-2026-41473). Data can be tampered with by attackers.
|
| CVE-2026-41472 |
|
Cross-Site Scripting (XSS) in cyberpanel (CVE-2026-41472)
cross-site scripting in cyberpanel (CVE-2026-41472). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/ai-scanner/callback`.
|
| CVE-2026-41427 |
|
Authorization Flaw in better-auth (CVE-2026-41427)
vulnerability in better-auth (CVE-2026-41427). Data can be tampered with by attackers. Mitigation: upgrade to `1.6.5` or later.
|
| CVE-2026-41433 |
|
Path Traversal in opentelemetry (CVE-2026-41433)
path traversal in opentelemetry (CVE-2026-41433). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-41907 |
|
Vulnerability in uuid (CVE-2026-41907)
vulnerability in uuid (CVE-2026-41907). Data can be tampered with by attackers. Exploitable via ``uuid``. Mitigation: upgrade to `13.0.1` or later.
|
| CVE-2026-33662 |
|
Vulnerability in c (CVE-2026-33662)
vulnerability in c (CVE-2026-33662). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42043 |
|
Vulnerability in axios (CVE-2026-42043)
vulnerability in axios (CVE-2026-42043). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-42041 |
|
Authentication Bypass in axios (CVE-2026-42041)
authentication bypass in axios (CVE-2026-42041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-42044 |
|
Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2026-42033 |
|
Vulnerability in axios (CVE-2026-42033)
vulnerability in axios (CVE-2026-42033). Confidential information can be exposed externally. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-41140 |
|
Path Traversal in path-traversal (CVE-2026-41140)
path traversal in path-traversal (CVE-2026-41140). Data can be tampered with by attackers. Mitigation: upgrade to `2.3.4` or later.
|
| CVE-2026-40897 |
|
Vulnerability in mathjs (CVE-2026-40897)
vulnerability in mathjs (CVE-2026-40897). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
|
| CVE-2026-6553 |
|
Vulnerability in typo3/cms-backend (CVE-2026-6553)
vulnerability in typo3/cms-backend (CVE-2026-6553). Confidential information can be exposed externally. Exploitable via ``SetupModuleController``. Mitigation: upgrade to `14.3.0` or later.
|
| CVE-2026-40068 |
|
Vulnerability in @anthropic-ai/claude-code (CVE-2026-40068)
vulnerability in @anthropic-ai/claude-code (CVE-2026-40068). Successful exploitation can lead to full system takeover. Exploitable via ``commondir``. Mitigation: upgrade to `2.1.84` or later.
|