Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-10354 |
|
Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40520 |
|
OS Command Injection in freepbx (CVE-2026-40520)
OS command injection in freepbx (CVE-2026-40520). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32147 |
|
Path Traversal in path-traversal (CVE-2026-32147)
path traversal in path-traversal (CVE-2026-32147). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3317 |
|
Cross-Site Scripting (XSS) in CVE-2026-3317 (CVE-2026-3317)
cross-site scripting in CVE-2026-3317 (CVE-2026-3317). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13826 |
|
Vulnerability in dos (CVE-2025-13826)
vulnerability in dos (CVE-2025-13826). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31370 |
|
Information Disclosure in CVE-2026-31370 (CVE-2026-31370)
vulnerability in CVE-2026-31370 (CVE-2026-31370). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31368 |
|
Privilege Escalation in CVE-2026-31368 (CVE-2026-31368)
vulnerability in CVE-2026-31368 (CVE-2026-31368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5965 |
|
OS Command Injection in CVE-2026-5965 (CVE-2026-5965)
OS command injection in CVE-2026-5965 (CVE-2026-5965). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40244 |
|
Vulnerability in openexr (CVE-2026-40244)
vulnerability in openexr (CVE-2026-40244). Data can be tampered with by attackers. Exploitable via ``int32``.
|
| CVE-2026-6058 |
|
Vulnerability in c (CVE-2026-6058)
vulnerability in c (CVE-2026-6058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22051 |
|
Information Disclosure in netapp (CVE-2026-22051)
vulnerability in netapp (CVE-2026-22051). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5450 |
|
Vulnerability in c (CVE-2026-5450)
vulnerability in c (CVE-2026-5450). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32311 |
|
OS Command Injection in flowsint (CVE-2026-32311)
OS command injection in flowsint (CVE-2026-32311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41445 |
|
Vulnerability in c (CVE-2026-41445)
vulnerability in c (CVE-2026-41445). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35154 |
|
Privilege Escalation in dell (CVE-2026-35154)
vulnerability in dell (CVE-2026-35154). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41245 |
|
Path Traversal in path-traversal (CVE-2026-41245)
path traversal in path-traversal (CVE-2026-41245). Data can be tampered with by attackers. Exploitable via ``LocalFolderExtractor``.
|
| CVE-2026-39918 |
|
Code Injection in CVE-2026-39918 (CVE-2026-39918)
code injection in CVE-2026-39918 (CVE-2026-39918). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34428 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-34428 (CVE-2026-34428)
SSRF in CVE-2026-34428 (CVE-2026-34428). Confidential information can be exposed externally.
|
| CVE-2026-34429 |
|
Cross-Site Scripting (XSS) in CVE-2026-34429 (CVE-2026-34429)
cross-site scripting in CVE-2026-34429 (CVE-2026-34429). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6369 |
|
Vulnerability in canonical (CVE-2026-6369)
vulnerability in canonical (CVE-2026-6369). Confidential information can be exposed externally.
|
| CVE-2026-33557 |
|
Vulnerability in apache (CVE-2026-33557)
vulnerability in apache (CVE-2026-33557). Confidential information can be exposed externally. Exploitable via ``sasl.oauthbearer.jwt.validator.class``.
|
| CVE-2026-31430 |
|
Out-of-Bounds Read in linux (CVE-2026-31430)
vulnerability in linux (CVE-2026-31430). Confidential information can be exposed externally.
|
| CVE-2026-5958 |
|
Vulnerability in CVE-2026-5958 (CVE-2026-5958)
vulnerability in CVE-2026-5958 (CVE-2026-5958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6654 |
|
Vulnerability in mozilla (CVE-2026-6654)
vulnerability in mozilla (CVE-2026-6654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31429 |
|
Vulnerability in linux (CVE-2026-31429)
vulnerability in linux (CVE-2026-31429). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13480 |
|
Authorization Flaw in fudosecurity (CVE-2025-13480)
vulnerability in fudosecurity (CVE-2025-13480). Confidential information can be exposed externally.
|
| CVE-2026-5966 |
|
Vulnerability in path-traversal (CVE-2026-5966)
vulnerability in path-traversal (CVE-2026-5966). Data can be tampered with by attackers.
|
| CVE-2026-39454 |
|
Vulnerability in skygroup (CVE-2026-39454)
vulnerability in skygroup (CVE-2026-39454). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5967 |
|
OS Command Injection in privilege-escalation (CVE-2026-5967)
OS command injection in privilege-escalation (CVE-2026-5967). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5963 |
|
SQL Injection in csharp (CVE-2026-5963)
SQL injection in csharp (CVE-2026-5963). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5964 |
|
SQL Injection in csharp (CVE-2026-5964)
SQL injection in csharp (CVE-2026-5964). Successful exploitation can lead to full system takeover.
|
| CVE-2024-7083 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6587 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-6587 (CVE-2026-6587)
SSRF in CVE-2026-6587 (CVE-2026-6587). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-27199 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2749 KEV |
|
[KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27351 KEV |
|
[KEV] Authentication Bypass in Papercut ngmf (CVE-2023-27351)
authentication bypass in Papercut ngmf (CVE-2023-27351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32975 KEV |
|
[KEV] Authentication Bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975)
authentication bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48700 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20133 KEV |
|
[KEV] Information Disclosure in Cisco catalyst-sd-wan-manager (CVE-2026-20133)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20122 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122)
vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20128 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41242 |
|
Code Injection in protobufjs-project (CVE-2026-41242)
code injection in protobufjs-project (CVE-2026-41242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40948 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-40948)
vulnerability in apache (CVE-2026-40948). Risk of unauthorized operations or information disclosure. Exploitable via ``state``.
|
| CVE-2026-40192 |
|
Vulnerability in pillow (CVE-2026-40192)
vulnerability in pillow (CVE-2026-40192). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.2.0` or later.
|
| CVE-2026-41253 |
|
Vulnerability in c (CVE-2026-41253)
vulnerability in c (CVE-2026-41253). Confidential information can be exposed externally.
|
| CVE-2026-41589 |
|
Path Traversal in charm.land/wish/v2 (CVE-2026-41589)
path traversal in charm.land/wish/v2 (CVE-2026-41589). Confidential information can be exposed externally. Exploitable via ``main``. Mitigation: upgrade to `2.0.1` or later.
|
| CVE-2026-40346 |
|
SSRF (Server-Side Request Forgery) in @nocobase/plugin-workflow-request (CVE-2026-40346)
SSRF in @nocobase/plugin-workflow-request (CVE-2026-40346). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `2.0.37` or later.
|
| CVE-2026-40477 |
|
Vulnerability in thymeleaf (CVE-2026-40477)
vulnerability in thymeleaf (CVE-2026-40477). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40478 |
|
Vulnerability in thymeleaf (CVE-2026-40478)
vulnerability in thymeleaf (CVE-2026-40478). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5720 |
|
Out-of-Bounds Read in dos (CVE-2026-5720)
vulnerability in dos (CVE-2026-5720). Confidential information can be exposed externally.
|