Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-32952 |
|
Vulnerability in microsoft (CVE-2026-32952)
vulnerability in microsoft (CVE-2026-32952). Risk of unauthorized operations or information disclosure. Exploitable via ``ntlmssp.Negotiator``.
|
| CVE-2026-25775 |
|
Vulnerability in CVE-2026-25775 (CVE-2026-25775)
vulnerability in CVE-2026-25775 (CVE-2026-25775). Successful exploitation can lead to full system takeover.
|
| CVE-2024-57726 KEV |
|
[KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7399 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57728 KEV |
|
[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-29635 KEV |
|
[KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6732 |
|
Vulnerability in dos (CVE-2026-6732)
vulnerability in dos (CVE-2026-6732). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41355 |
|
Vulnerability in openclaw (CVE-2026-41355)
vulnerability in openclaw (CVE-2026-41355). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26210 |
|
Unsafe Deserialization in deserialization (CVE-2026-26210)
vulnerability in deserialization (CVE-2026-26210). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6942 |
|
OS Command Injection in radare (CVE-2026-6942)
OS command injection in radare (CVE-2026-6942). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6376 |
|
Vulnerability in CVE-2026-6376 (CVE-2026-6376)
vulnerability in CVE-2026-6376 (CVE-2026-6376). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28525 |
|
Out-of-Bounds Read in c (CVE-2026-28525)
vulnerability in c (CVE-2026-28525). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25874 |
|
Unsafe Deserialization in deserialization (CVE-2026-25874)
vulnerability in deserialization (CVE-2026-25874). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40886 |
|
Vulnerability in argoproj (CVE-2026-40886)
vulnerability in argoproj (CVE-2026-40886). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-39087 |
|
Vulnerability in heckel.io/ntfy/v2 (CVE-2026-39087)
vulnerability in heckel.io/ntfy/v2 (CVE-2026-39087). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.22.0` or later.
|
| CVE-2026-6921 |
|
Vulnerability in google (CVE-2026-6921)
vulnerability in google (CVE-2026-6921). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6920 |
|
Out-of-Bounds Read in google (CVE-2026-6920)
vulnerability in google (CVE-2026-6920). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6919 |
|
Use-After-Free in google (CVE-2026-6919)
vulnerability in google (CVE-2026-6919). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31533 |
|
Use-After-Free in linux (CVE-2026-31533)
vulnerability in linux (CVE-2026-31533). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34003 |
|
Out-of-Bounds Read in dos (CVE-2026-34003)
vulnerability in dos (CVE-2026-34003). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33999 |
|
Vulnerability in dos (CVE-2026-33999)
vulnerability in dos (CVE-2026-33999). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31532 |
|
Use-After-Free in linux (CVE-2026-31532)
vulnerability in linux (CVE-2026-31532). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6887 |
|
SQL Injection in sqli (CVE-2026-6887)
SQL injection in sqli (CVE-2026-6887). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6903 |
|
Path Traversal in CVE-2026-6903 (CVE-2026-6903)
path traversal in CVE-2026-6903 (CVE-2026-6903). Confidential information can be exposed externally.
|
| CVE-2026-6885 |
|
Unrestricted File Upload in CVE-2026-6885 (CVE-2026-6885)
vulnerability in CVE-2026-6885 (CVE-2026-6885). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6886 |
|
Vulnerability in CVE-2026-6886 (CVE-2026-6886)
vulnerability in CVE-2026-6886 (CVE-2026-6886). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3960 |
|
Code Injection in h2o (CVE-2026-3960)
code injection in h2o (CVE-2026-3960). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10549 |
|
Vulnerability in CVE-2025-10549 (CVE-2025-10549)
vulnerability in CVE-2025-10549 (CVE-2025-10549). Data can be tampered with by attackers.
|
| CVE-2026-41989 |
|
Out-of-Bounds Write in dos (CVE-2026-41989)
out-of-bounds write in dos (CVE-2026-41989). Data can be tampered with by attackers.
|
| CVE-2026-41988 |
|
Vulnerability in uuidjs (CVE-2026-41988)
vulnerability in uuidjs (CVE-2026-41988). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3007 |
|
Cross-Site Scripting (XSS) in CVE-2026-3007 (CVE-2026-3007)
cross-site scripting in CVE-2026-3007 (CVE-2026-3007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41196 |
|
Code Injection in minetest (CVE-2026-41196)
code injection in minetest (CVE-2026-41196). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41182 |
|
Information Disclosure in CVE-2026-41182 (CVE-2026-41182)
vulnerability in CVE-2026-41182 (CVE-2026-41182). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5935 |
|
OS Command Injection in ibm (CVE-2026-5935)
OS command injection in ibm (CVE-2026-5935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29198 |
|
SQL Injection in rocketchat (CVE-2026-29198)
SQL injection in rocketchat (CVE-2026-29198). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40062 |
|
Path Traversal in path-traversal (CVE-2026-40062)
path traversal in path-traversal (CVE-2026-40062). Confidential information can be exposed externally.
|
| CVE-2026-32679 |
|
Vulnerability in liveon (CVE-2026-32679)
vulnerability in liveon (CVE-2026-32679). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3621 |
|
Privilege Escalation in ibm (CVE-2026-3621)
vulnerability in ibm (CVE-2026-3621). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1726 |
|
Privilege Escalation in privilege-escalation (CVE-2026-1726)
vulnerability in privilege-escalation (CVE-2026-1726). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36074 |
|
Unrestricted File Upload in ibm (CVE-2025-36074)
vulnerability in ibm (CVE-2025-36074). Data can be tampered with by attackers.
|
| CVE-2026-39987 KEV |
|
[KEV] Vulnerability in Marimo remote-attack (CVE-2026-39987)
vulnerability in Marimo remote-attack (CVE-2026-39987). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41454 |
|
Vulnerability in CVE-2026-41454 (CVE-2026-41454)
vulnerability in CVE-2026-41454 (CVE-2026-41454). Confidential information can be exposed externally.
|
| CVE-2026-41455 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-41455 (CVE-2026-41455)
SSRF in CVE-2026-41455 (CVE-2026-41455). Confidential information can be exposed externally.
|
| CVE-2026-3837 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-3837)
cross-site scripting in frappe (CVE-2026-3837). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41134 |
|
Code Injection in deserialization (CVE-2026-41134)
code injection in deserialization (CVE-2026-41134). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41674 |
|
Vulnerability in @xmldom/xmldom (CVE-2026-41674)
vulnerability in @xmldom/xmldom (CVE-2026-41674). Data can be tampered with by attackers. Exploitable via ``DocumentType``. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-41675 |
|
Vulnerability in @xmldom/xmldom (CVE-2026-41675)
vulnerability in @xmldom/xmldom (CVE-2026-41675). Data can be tampered with by attackers. Exploitable via ``data``. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-6019 |
|
Vulnerability in libpython (CVE-2026-6019)
vulnerability in libpython (CVE-2026-6019). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-3673 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-3673)
cross-site scripting in frappe (CVE-2026-3673). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41672 |
|
Vulnerability in @xmldom/xmldom (CVE-2026-41672)
vulnerability in @xmldom/xmldom (CVE-2026-41672). Data can be tampered with by attackers. Exploitable via ``node.data``. Mitigation: upgrade to `0.9.10` or later.
|