Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-5273 |
|
Use-After-Free in google (CVE-2026-5273)
vulnerability in google (CVE-2026-5273). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4374 |
|
XXE (XML External Entity) in rti (CVE-2026-4374)
vulnerability in rti (CVE-2026-4374). Confidential information can be exposed externally.
|
| CVE-2026-2394 |
|
Vulnerability in rti (CVE-2026-2394)
vulnerability in rti (CVE-2026-2394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5281 KEV |
|
[KEV] Use-After-Free in Google dawn (CVE-2026-5281)
vulnerability in Google dawn (CVE-2026-5281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-4800 |
|
Code Injection in lodash (CVE-2026-4800)
code injection in lodash (CVE-2026-4800). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30279 |
|
Path Traversal in c (CVE-2026-30279)
path traversal in c (CVE-2026-30279). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30282 |
|
Path Traversal in uxgroupllc (CVE-2026-30282)
path traversal in uxgroupllc (CVE-2026-30282). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30283 |
|
Path Traversal in peaksel (CVE-2026-30283)
path traversal in peaksel (CVE-2026-30283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30277 |
|
Path Traversal in triumph-adler (CVE-2026-30277)
path traversal in triumph-adler (CVE-2026-30277). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30278 |
|
Path Traversal in funair (CVE-2026-30278)
path traversal in funair (CVE-2026-30278). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30284 |
|
Vulnerability in uxgroupllc (CVE-2026-30284)
vulnerability in uxgroupllc (CVE-2026-30284). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22561 |
|
Vulnerability in privilege-escalation (CVE-2026-22561)
vulnerability in privilege-escalation (CVE-2026-22561). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4317 |
|
SQL Injection in sqli (CVE-2026-4317)
SQL injection in sqli (CVE-2026-4317). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5201 |
|
Vulnerability in dos (CVE-2026-5201)
vulnerability in dos (CVE-2026-5201). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34881 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
SSRF in ssrf (CVE-2026-34881). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34060 |
|
Code Injection in shopify (CVE-2026-34060)
code injection in shopify (CVE-2026-34060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34070 |
|
Path Traversal in path-traversal (CVE-2026-34070)
path traversal in path-traversal (CVE-2026-34070). Confidential information can be exposed externally.
|
| CVE-2026-33997 |
|
Vulnerability in docker (CVE-2026-33997)
vulnerability in docker (CVE-2026-33997). Confidential information can be exposed externally.
|
| CVE-2026-33984 |
|
Vulnerability in c (CVE-2026-33984)
vulnerability in c (CVE-2026-33984). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33986 |
|
Vulnerability in c (CVE-2026-33986)
vulnerability in c (CVE-2026-33986). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33983 |
|
Vulnerability in dos (CVE-2026-33983)
vulnerability in dos (CVE-2026-33983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21710 |
|
Vulnerability in CVE-2026-21710 (CVE-2026-21710)
vulnerability in CVE-2026-21710 (CVE-2026-21710). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``.
|
| CVE-2026-21713 |
|
Vulnerability in CVE-2026-21713 (CVE-2026-21713)
vulnerability in CVE-2026-21713 (CVE-2026-21713). Confidential information can be exposed externally.
|
| CVE-2026-34714 |
|
OS Command Injection in vim (CVE-2026-34714)
OS command injection in vim (CVE-2026-34714). Confidential information can be exposed externally.
|
| CVE-2026-29597 |
|
Vulnerability in privilege-escalation (CVE-2026-29597)
vulnerability in privilege-escalation (CVE-2026-29597). Confidential information can be exposed externally.
|
| CVE-2026-21712 |
|
Vulnerability in CVE-2026-21712 (CVE-2026-21712)
vulnerability in CVE-2026-21712 (CVE-2026-21712). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30082 |
|
Cross-Site Scripting (XSS) in CVE-2026-30082 (CVE-2026-30082)
cross-site scripting in CVE-2026-30082 (CVE-2026-30082). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28527 |
|
Out-of-Bounds Read in bluekitchen-gmbh (CVE-2026-28527)
vulnerability in bluekitchen-gmbh (CVE-2026-28527). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28528 |
|
Out-of-Bounds Read in bluekitchen-gmbh (CVE-2026-28528)
vulnerability in bluekitchen-gmbh (CVE-2026-28528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28526 |
|
Out-of-Bounds Read in bluekitchen-gmbh (CVE-2026-28526)
vulnerability in bluekitchen-gmbh (CVE-2026-28526). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5121 |
|
Vulnerability in libarchive (CVE-2026-5121)
vulnerability in libarchive (CVE-2026-5121). Confidential information can be exposed externally.
|
| CVE-2025-15379 |
|
Command Injection in lfprojects (CVE-2025-15379)
command injection in lfprojects (CVE-2025-15379). Successful exploitation can lead to full system takeover. Exploitable via ``python_env.yaml``.
|
| CVE-2025-15036 |
|
Vulnerability in path-traversal (CVE-2025-15036)
vulnerability in path-traversal (CVE-2025-15036). Successful exploitation can lead to full system takeover. Exploitable via ``extract_archive_to_dir``.
|
| CVE-2026-3055 KEV |
|
[KEV] Out-of-Bounds Read in Citrix netscaler (CVE-2026-3055)
vulnerability in Citrix netscaler (CVE-2026-3055). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-23399 |
|
Vulnerability in Kernel (CVE-2026-23399)
vulnerability in Kernel (CVE-2026-23399). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.12.78, 6.18.20, 6.19.10` or later.
|
| CVE-2026-33940 |
|
Code Injection in handlebarsjs (CVE-2026-33940)
code injection in handlebarsjs (CVE-2026-33940). Successful exploitation can lead to full system takeover. Exploitable via ``undefined``.
|
| CVE-2026-33943 |
|
Code Injection in capricorn86 (CVE-2026-33943)
code injection in capricorn86 (CVE-2026-33943). Successful exploitation can lead to full system takeover. Exploitable via ``ECMAScriptModuleCompiler``.
|
| CVE-2026-33941 |
|
Cross-Site Scripting (XSS) in handlebarsjs (CVE-2026-33941)
cross-site scripting in handlebarsjs (CVE-2026-33941). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33939 |
|
Vulnerability in dos (CVE-2026-33939)
vulnerability in dos (CVE-2026-33939). Risk of unauthorized operations or information disclosure. Exploitable via ``undefined``.
|
| CVE-2026-33937 |
|
Code Injection in handlebarsjs (CVE-2026-33937)
code injection in handlebarsjs (CVE-2026-33937). Successful exploitation can lead to full system takeover. Exploitable via ``value``.
|
| CVE-2026-33938 |
|
Code Injection in handlebarsjs (CVE-2026-33938)
code injection in handlebarsjs (CVE-2026-33938). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34046 |
|
Vulnerability in langflow (CVE-2026-34046)
vulnerability in langflow (CVE-2026-34046). Successful exploitation can lead to full system takeover. Exploitable via ``_read_flow``.
|
| CVE-2026-33896 |
|
Vulnerability in digitalbazaar (CVE-2026-33896)
vulnerability in digitalbazaar (CVE-2026-33896). Confidential information can be exposed externally. Exploitable via ``basicConstraints``.
|
| CVE-2026-33895 |
|
Vulnerability in digitalbazaar (CVE-2026-33895)
vulnerability in digitalbazaar (CVE-2026-33895). Data can be tampered with by attackers. Exploitable via ``crypto.verify``.
|
| CVE-2026-33891 |
|
Vulnerability in dos (CVE-2026-33891)
vulnerability in dos (CVE-2026-33891). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33894 |
|
Vulnerability in digitalbazaar (CVE-2026-33894)
vulnerability in digitalbazaar (CVE-2026-33894). Data can be tampered with by attackers.
|
| CVE-2026-33870 |
|
Vulnerability in netty (CVE-2026-33870)
vulnerability in netty (CVE-2026-33870). Data can be tampered with by attackers.
|
| CVE-2026-33871 |
|
Vulnerability in dos (CVE-2026-33871)
vulnerability in dos (CVE-2026-33871). Risk of unauthorized operations or information disclosure. Exploitable via ``CONTINUATION``.
|
| CVE-2026-30567 |
|
Cross-Site Scripting (XSS) in ahsanriaz26gmailcom (CVE-2026-30567)
cross-site scripting in ahsanriaz26gmailcom (CVE-2026-30567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56358 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-56358)
cross-site scripting in n8n (CVE-2026-56358). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `1.123.25` or later.
|