Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-7024 |
|
Vulnerability in airbus (CVE-2025-7024)
vulnerability in airbus (CVE-2025-7024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5463 |
|
Command Injection in pymetasploit3 (CVE-2026-5463)
command injection in pymetasploit3 (CVE-2026-5463). Data can be tampered with by attackers.
|
| CVE-2026-47099 |
|
Cross-Site Scripting (XSS) in telejson (CVE-2026-47099)
cross-site scripting in telejson (CVE-2026-47099). Risk of unauthorized operations or information disclosure. Exploitable via ``postMessage``. Mitigation: upgrade to `6.0.0` or later.
|
| CVE-2022-4986 |
|
Vulnerability in beldan (CVE-2022-4986)
vulnerability in beldan (CVE-2022-4986). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35466 |
|
Cross-Site Scripting (XSS) in cmu (CVE-2026-35466)
cross-site scripting in cmu (CVE-2026-35466). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15620 |
|
Vulnerability in belden (CVE-2025-15620)
vulnerability in belden (CVE-2025-15620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35467 |
|
Vulnerability in cmu (CVE-2026-35467)
vulnerability in cmu (CVE-2026-35467). Confidential information can be exposed externally.
|
| CVE-2024-14033 |
|
Vulnerability in CVE-2024-14033 (CVE-2024-14033)
vulnerability in CVE-2024-14033 (CVE-2024-14033). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41365 |
|
Authorization Flaw in openclaw (CVE-2026-41365)
vulnerability in openclaw (CVE-2026-41365). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.3.31` or later.
|
| CVE-2026-34829 |
|
Vulnerability in rack (CVE-2026-34829)
vulnerability in rack (CVE-2026-34829). Risk of unauthorized operations or information disclosure. Exploitable via ``BoundedIO``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-34827 |
|
Vulnerability in rack (CVE-2026-34827)
vulnerability in rack (CVE-2026-34827). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-34760 |
|
Vulnerability in vllm (CVE-2026-34760)
vulnerability in vllm (CVE-2026-34760). Data can be tampered with by attackers.
|
| CVE-2023-7343 |
|
Privilege Escalation in privilege-escalation (CVE-2023-7343)
vulnerability in privilege-escalation (CVE-2023-7343). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34742 |
|
Vulnerability in lfprojects (CVE-2026-34742)
vulnerability in lfprojects (CVE-2026-34742). Confidential information can be exposed externally.
|
| CVE-2026-34785 |
|
Vulnerability in rack (CVE-2026-34785)
vulnerability in rack (CVE-2026-34785). Confidential information can be exposed externally. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-35385 |
|
Vulnerability in openbsd (CVE-2026-35385)
vulnerability in openbsd (CVE-2026-35385). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34601 |
|
Vulnerability in CVE-2026-34601 (CVE-2026-34601)
vulnerability in CVE-2026-34601 (CVE-2026-34601). Data can be tampered with by attackers. Exploitable via ``DOMParser``.
|
| CVE-2026-34877 |
|
Vulnerability in arm (CVE-2026-34877)
vulnerability in arm (CVE-2026-34877). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30603 |
|
Vulnerability in CVE-2026-30603 (CVE-2026-30603)
vulnerability in CVE-2026-30603 (CVE-2026-30603). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26895 |
|
Vulnerability in enhancesoft (CVE-2026-26895)
vulnerability in enhancesoft (CVE-2026-26895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34876 |
|
Out-of-Bounds Read in c (CVE-2026-34876)
vulnerability in c (CVE-2026-34876). Confidential information can be exposed externally.
|
| CVE-2026-35002 |
|
Vulnerability in agno (CVE-2026-35002)
vulnerability in agno (CVE-2026-35002). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32871 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-3692 |
|
OS Command Injection in progress (CVE-2026-3692)
OS command injection in progress (CVE-2026-3692). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2737 |
|
Cross-Site Scripting (XSS) in progress (CVE-2026-2737)
cross-site scripting in progress (CVE-2026-2737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3872 |
|
Open Redirect in redhat (CVE-2026-3872)
vulnerability in redhat (CVE-2026-3872). Confidential information can be exposed externally.
|
| CVE-2026-4282 |
|
Vulnerability in privilege-escalation (CVE-2026-4282)
vulnerability in privilege-escalation (CVE-2026-4282). Confidential information can be exposed externally.
|
| CVE-2026-23414 |
|
Vulnerability in linux (CVE-2026-23414)
vulnerability in linux (CVE-2026-23414). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32145 |
|
Vulnerability in dos (CVE-2026-32145)
vulnerability in dos (CVE-2026-32145). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3502 KEV |
|
[KEV] Vulnerability in Trueconf client (CVE-2026-3502)
vulnerability in Trueconf client (CVE-2026-3502). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34531 |
|
Authentication Bypass in Flask-HTTPAuth (CVE-2026-34531)
authentication bypass in Flask-HTTPAuth (CVE-2026-34531). Data can be tampered with by attackers. Exploitable via ``token``. Mitigation: upgrade to `4.8.1` or later.
|
| CVE-2026-34873 |
|
Authentication Bypass in trustedfirmware (CVE-2026-34873)
authentication bypass in trustedfirmware (CVE-2026-34873). Confidential information can be exposed externally.
|
| CVE-2026-34545 |
|
Vulnerability in openexr (CVE-2026-34545)
vulnerability in openexr (CVE-2026-34545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35000 |
|
Vulnerability in webtechnologies (CVE-2026-35000)
vulnerability in webtechnologies (CVE-2026-35000). Confidential information can be exposed externally.
|
| CVE-2026-34874 |
|
Vulnerability in trustedfirmware (CVE-2026-34874)
vulnerability in trustedfirmware (CVE-2026-34874). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25833 |
|
Vulnerability in trustedfirmware (CVE-2026-25833)
vulnerability in trustedfirmware (CVE-2026-25833). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.6` or later.
|
| CVE-2026-34875 |
|
Vulnerability in trustedfirmware (CVE-2026-34875)
vulnerability in trustedfirmware (CVE-2026-34875). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34072 |
|
Authentication Bypass in fccview (CVE-2026-34072)
authentication bypass in fccview (CVE-2026-34072). Confidential information can be exposed externally.
|
| CVE-2026-27489 |
|
Vulnerability in path-traversal (CVE-2026-27489)
vulnerability in path-traversal (CVE-2026-27489). Confidential information can be exposed externally.
|
| CVE-2026-25834 |
|
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
|
| CVE-2025-67805 |
|
Information Disclosure in sagedpw (CVE-2025-67805)
vulnerability in sagedpw (CVE-2025-67805). Confidential information can be exposed externally.
|
| CVE-2025-67806 |
|
Vulnerability in sagedpw (CVE-2025-67806)
vulnerability in sagedpw (CVE-2025-67806). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35093 |
|
Code Injection in freedesktop (CVE-2026-35093)
code injection in freedesktop (CVE-2026-35093). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30526 |
|
Cross-Site Scripting (XSS) in pushpam02 (CVE-2026-30526)
cross-site scripting in pushpam02 (CVE-2026-30526). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29598 |
|
Cross-Site Scripting (XSS) in CVE-2026-29598 (CVE-2026-29598)
cross-site scripting in CVE-2026-29598 (CVE-2026-29598). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35092 |
|
Vulnerability in dos (CVE-2026-35092)
vulnerability in dos (CVE-2026-35092). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34999 |
|
Vulnerability in volcengine (CVE-2026-34999)
vulnerability in volcengine (CVE-2026-34999). Risk of unauthorized operations or information disclosure. Exploitable via `POST /bot/v1/chat`.
|
| CVE-2026-34430 |
|
Vulnerability in deerflow (CVE-2026-34430)
vulnerability in deerflow (CVE-2026-34430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23401 |
|
Use-After-Free in c (CVE-2026-23401)
vulnerability in c (CVE-2026-23401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5272 |
|
Vulnerability in google (CVE-2026-5272)
vulnerability in google (CVE-2026-5272). Successful exploitation can lead to full system takeover.
|