Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-29013 Out-of-Bounds Read in c (CVE-2026-29013)
vulnerability in c (CVE-2026-29013). Successful exploitation can lead to full system takeover.
CVE-2026-40527 OS Command Injection in radare (CVE-2026-40527)
OS command injection in radare (CVE-2026-40527). Successful exploitation can lead to full system takeover.
CVE-2026-40293 Information Disclosure in openfga (CVE-2026-40293)
vulnerability in openfga (CVE-2026-40293). Risk of unauthorized operations or information disclosure.
CVE-2026-33436 Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
CVE-2026-40066 Vulnerability in anviz (CVE-2026-40066)
vulnerability in anviz (CVE-2026-40066). Successful exploitation can lead to full system takeover.
CVE-2026-31927 Vulnerability in path-traversal (CVE-2026-31927)
vulnerability in path-traversal (CVE-2026-31927). Data can be tampered with by attackers.
CVE-2026-5718 Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
CVE-2026-21733 Vulnerability in CVE-2026-21733 (CVE-2026-21733)
vulnerability in CVE-2026-21733 (CVE-2026-21733). Confidential information can be exposed externally.
CVE-2026-40515 Authorization Flaw in hkuds (CVE-2026-40515)
vulnerability in hkuds (CVE-2026-40515). Confidential information can be exposed externally.
CVE-2026-40516 SSRF (Server-Side Request Forgery) in hkuds (CVE-2026-40516)
SSRF in hkuds (CVE-2026-40516). Risk of unauthorized operations or information disclosure.
CVE-2026-40518 Path Traversal in path-traversal (CVE-2026-40518)
path traversal in path-traversal (CVE-2026-40518). Risk of unauthorized operations or information disclosure.
CVE-2026-35072 OS Command Injection in dell (CVE-2026-35072)
OS command injection in dell (CVE-2026-35072). Successful exploitation can lead to full system takeover.
CVE-2026-35073 OS Command Injection in dell (CVE-2026-35073)
OS command injection in dell (CVE-2026-35073). Successful exploitation can lead to full system takeover.
CVE-2026-35074 OS Command Injection in dell (CVE-2026-35074)
OS command injection in dell (CVE-2026-35074). Successful exploitation can lead to full system takeover.
CVE-2026-35153 Vulnerability in dell (CVE-2026-35153)
vulnerability in dell (CVE-2026-35153). Successful exploitation can lead to full system takeover.
CVE-2025-15625 SQL Injection in sparxsystems (CVE-2025-15625)
SQL injection in sparxsystems (CVE-2025-15625). Successful exploitation can lead to full system takeover.
CVE-2025-15623 Vulnerability in sparxsystems (CVE-2025-15623)
vulnerability in sparxsystems (CVE-2025-15623). Confidential information can be exposed externally.
CVE-2026-40002 Privilege Escalation in zte (CVE-2026-40002)
vulnerability in zte (CVE-2026-40002). Risk of unauthorized operations or information disclosure.
CVE-2026-23853 Vulnerability in dell (CVE-2026-23853)
vulnerability in dell (CVE-2026-23853). Successful exploitation can lead to full system takeover.
CVE-2026-5807 Vulnerability in hashicorp (CVE-2026-5807)
vulnerability in hashicorp (CVE-2026-5807). Risk of unauthorized operations or information disclosure.
CVE-2026-3605 Vulnerability in hashicorp (CVE-2026-3605)
vulnerability in hashicorp (CVE-2026-3605). Data can be tampered with by attackers.
CVE-2026-6100 Use-After-Free in python (CVE-2026-6100)
vulnerability in python (CVE-2026-6100). Successful exploitation can lead to full system takeover. Exploitable via ``lzma.LZMADecompressor``. Mitigation: upgrade to `3.14.5` or later.
CVE-2026-4786 Command Injection in libpython (CVE-2026-4786)
command injection in libpython (CVE-2026-4786). Confidential information can be exposed externally. Mitigation: upgrade to `3.14.5` or later.
CVE-2026-41481 SSRF (Server-Side Request Forgery) in langchain-text-splitters (CVE-2026-41481)
SSRF in langchain-text-splitters (CVE-2026-41481). Confidential information can be exposed externally. Exploitable via ``Document``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-41113 OS Command Injection in c (CVE-2026-41113)
OS command injection in c (CVE-2026-41113). Successful exploitation can lead to full system takeover.
CVE-2026-40170 ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
CVE-2025-54502 Vulnerability in privilege-escalation (CVE-2025-54502)
vulnerability in privilege-escalation (CVE-2025-54502). Successful exploitation can lead to full system takeover.
CVE-2026-43995 SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-56269 Vulnerability in flowise (CVE-2026-56269)
vulnerability in flowise (CVE-2026-56269). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-56270 Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-41205 Path Traversal in Mako (CVE-2026-41205)
path traversal in Mako (CVE-2026-41205). Confidential information can be exposed externally. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.11` or later.
CVE-2026-35469 Vulnerability in github.com/moby/spdystream (CVE-2026-35469)
vulnerability in github.com/moby/spdystream (CVE-2026-35469). Risk of unauthorized operations or information disclosure. Exploitable via ``numSettings``. Mitigation: upgrade to `0.5.1` or later.
CVE-2026-41082 Vulnerability in ocaml (CVE-2026-41082)
vulnerability in ocaml (CVE-2026-41082). Data can be tampered with by attackers.
CVE-2026-27820 Vulnerability in zlib (CVE-2026-27820)
vulnerability in zlib (CVE-2026-27820). Successful exploitation can lead to full system takeover. Exploitable via ``zstream_buffer_ungets``. Mitigation: upgrade to `3.0.1` or later.
CVE-2026-5426 Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
CVE-2026-33804 Vulnerability in fastify (CVE-2026-33804)
vulnerability in fastify (CVE-2026-33804). Confidential information can be exposed externally.
CVE-2026-6270 Vulnerability in fastify (CVE-2026-6270)
vulnerability in fastify (CVE-2026-6270). Confidential information can be exposed externally.
CVE-2026-31843 Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
CVE-2026-3861 Vulnerability in linecorp (CVE-2026-3861)
vulnerability in linecorp (CVE-2026-3861). Risk of unauthorized operations or information disclosure.
CVE-2026-6351 Vulnerability in CVE-2026-6351 (CVE-2026-6351)
vulnerability in CVE-2026-6351 (CVE-2026-6351). Confidential information can be exposed externally.
CVE-2026-6348 Vulnerability in CVE-2026-6348 (CVE-2026-6348)
vulnerability in CVE-2026-6348 (CVE-2026-6348). Successful exploitation can lead to full system takeover.
CVE-2026-6350 Vulnerability in CVE-2026-6350 (CVE-2026-6350)
vulnerability in CVE-2026-6350 (CVE-2026-6350). Successful exploitation can lead to full system takeover.
CVE-2026-6349 OS Command Injection in CVE-2026-6349 (CVE-2026-6349)
OS command injection in CVE-2026-6349 (CVE-2026-6349). Successful exploitation can lead to full system takeover.
CVE-2026-40504 Vulnerability in CVE-2026-40504 (CVE-2026-40504)
vulnerability in CVE-2026-40504 (CVE-2026-40504). Successful exploitation can lead to full system takeover.
CVE-2026-40959 Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
CVE-2026-40502 Vulnerability in hkuds (CVE-2026-40502)
vulnerability in hkuds (CVE-2026-40502). Successful exploitation can lead to full system takeover.
CVE-2026-40503 Path Traversal in path-traversal (CVE-2026-40503)
path traversal in path-traversal (CVE-2026-40503). Confidential information can be exposed externally.
CVE-2026-32179 Vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179)
vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.18` or later.
CVE-2026-56761 Cross-Site Scripting (XSS) in hono (CVE-2026-56761)
cross-site scripting in hono (CVE-2026-56761). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.14` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →