Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-29013 |
|
Out-of-Bounds Read in c (CVE-2026-29013)
vulnerability in c (CVE-2026-29013). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40527 |
|
OS Command Injection in radare (CVE-2026-40527)
OS command injection in radare (CVE-2026-40527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40293 |
|
Information Disclosure in openfga (CVE-2026-40293)
vulnerability in openfga (CVE-2026-40293). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33436 |
|
Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40066 |
|
Vulnerability in anviz (CVE-2026-40066)
vulnerability in anviz (CVE-2026-40066). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31927 |
|
Vulnerability in path-traversal (CVE-2026-31927)
vulnerability in path-traversal (CVE-2026-31927). Data can be tampered with by attackers.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21733 |
|
Vulnerability in CVE-2026-21733 (CVE-2026-21733)
vulnerability in CVE-2026-21733 (CVE-2026-21733). Confidential information can be exposed externally.
|
| CVE-2026-40515 |
|
Authorization Flaw in hkuds (CVE-2026-40515)
vulnerability in hkuds (CVE-2026-40515). Confidential information can be exposed externally.
|
| CVE-2026-40516 |
|
SSRF (Server-Side Request Forgery) in hkuds (CVE-2026-40516)
SSRF in hkuds (CVE-2026-40516). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40518 |
|
Path Traversal in path-traversal (CVE-2026-40518)
path traversal in path-traversal (CVE-2026-40518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35072 |
|
OS Command Injection in dell (CVE-2026-35072)
OS command injection in dell (CVE-2026-35072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35073 |
|
OS Command Injection in dell (CVE-2026-35073)
OS command injection in dell (CVE-2026-35073). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35074 |
|
OS Command Injection in dell (CVE-2026-35074)
OS command injection in dell (CVE-2026-35074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35153 |
|
Vulnerability in dell (CVE-2026-35153)
vulnerability in dell (CVE-2026-35153). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15625 |
|
SQL Injection in sparxsystems (CVE-2025-15625)
SQL injection in sparxsystems (CVE-2025-15625). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15623 |
|
Vulnerability in sparxsystems (CVE-2025-15623)
vulnerability in sparxsystems (CVE-2025-15623). Confidential information can be exposed externally.
|
| CVE-2026-40002 |
|
Privilege Escalation in zte (CVE-2026-40002)
vulnerability in zte (CVE-2026-40002). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23853 |
|
Vulnerability in dell (CVE-2026-23853)
vulnerability in dell (CVE-2026-23853). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5807 |
|
Vulnerability in hashicorp (CVE-2026-5807)
vulnerability in hashicorp (CVE-2026-5807). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3605 |
|
Vulnerability in hashicorp (CVE-2026-3605)
vulnerability in hashicorp (CVE-2026-3605). Data can be tampered with by attackers.
|
| CVE-2026-6100 |
|
Use-After-Free in python (CVE-2026-6100)
vulnerability in python (CVE-2026-6100). Successful exploitation can lead to full system takeover. Exploitable via ``lzma.LZMADecompressor``. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-4786 |
|
Command Injection in libpython (CVE-2026-4786)
command injection in libpython (CVE-2026-4786). Confidential information can be exposed externally. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-41481 |
|
SSRF (Server-Side Request Forgery) in langchain-text-splitters (CVE-2026-41481)
SSRF in langchain-text-splitters (CVE-2026-41481). Confidential information can be exposed externally. Exploitable via ``Document``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-41113 |
|
OS Command Injection in c (CVE-2026-41113)
OS command injection in c (CVE-2026-41113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40170 |
|
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
|
| CVE-2025-54502 |
|
Vulnerability in privilege-escalation (CVE-2025-54502)
vulnerability in privilege-escalation (CVE-2025-54502). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-56269 |
|
Vulnerability in flowise (CVE-2026-56269)
vulnerability in flowise (CVE-2026-56269). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-56270 |
|
Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-41205 |
|
Path Traversal in Mako (CVE-2026-41205)
path traversal in Mako (CVE-2026-41205). Confidential information can be exposed externally. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.11` or later.
|
| CVE-2026-35469 |
|
Vulnerability in github.com/moby/spdystream (CVE-2026-35469)
vulnerability in github.com/moby/spdystream (CVE-2026-35469). Risk of unauthorized operations or information disclosure. Exploitable via ``numSettings``. Mitigation: upgrade to `0.5.1` or later.
|
| CVE-2026-41082 |
|
Vulnerability in ocaml (CVE-2026-41082)
vulnerability in ocaml (CVE-2026-41082). Data can be tampered with by attackers.
|
| CVE-2026-27820 |
|
Vulnerability in zlib (CVE-2026-27820)
vulnerability in zlib (CVE-2026-27820). Successful exploitation can lead to full system takeover. Exploitable via ``zstream_buffer_ungets``. Mitigation: upgrade to `3.0.1` or later.
|
| CVE-2026-5426 |
|
Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
|
| CVE-2026-33804 |
|
Vulnerability in fastify (CVE-2026-33804)
vulnerability in fastify (CVE-2026-33804). Confidential information can be exposed externally.
|
| CVE-2026-6270 |
|
Vulnerability in fastify (CVE-2026-6270)
vulnerability in fastify (CVE-2026-6270). Confidential information can be exposed externally.
|
| CVE-2026-31843 |
|
Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41035 |
|
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
|
| CVE-2026-3861 |
|
Vulnerability in linecorp (CVE-2026-3861)
vulnerability in linecorp (CVE-2026-3861). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6351 |
|
Vulnerability in CVE-2026-6351 (CVE-2026-6351)
vulnerability in CVE-2026-6351 (CVE-2026-6351). Confidential information can be exposed externally.
|
| CVE-2026-6348 |
|
Vulnerability in CVE-2026-6348 (CVE-2026-6348)
vulnerability in CVE-2026-6348 (CVE-2026-6348). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6350 |
|
Vulnerability in CVE-2026-6350 (CVE-2026-6350)
vulnerability in CVE-2026-6350 (CVE-2026-6350). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6349 |
|
OS Command Injection in CVE-2026-6349 (CVE-2026-6349)
OS command injection in CVE-2026-6349 (CVE-2026-6349). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40504 |
|
Vulnerability in CVE-2026-40504 (CVE-2026-40504)
vulnerability in CVE-2026-40504 (CVE-2026-40504). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40959 |
|
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
|
| CVE-2026-40502 |
|
Vulnerability in hkuds (CVE-2026-40502)
vulnerability in hkuds (CVE-2026-40502). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40503 |
|
Path Traversal in path-traversal (CVE-2026-40503)
path traversal in path-traversal (CVE-2026-40503). Confidential information can be exposed externally.
|
| CVE-2026-32179 |
|
Vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179)
vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.18` or later.
|
| CVE-2026-56761 |
|
Cross-Site Scripting (XSS) in hono (CVE-2026-56761)
cross-site scripting in hono (CVE-2026-56761). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.14` or later.
|