Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-34040 Vulnerability in github.com/moby/moby (CVE-2026-34040)
vulnerability in github.com/moby/moby (CVE-2026-34040). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `29.3.1` or later.
CVE-2026-34411 Vulnerability in appsmith (CVE-2026-34411)
vulnerability in appsmith (CVE-2026-34411). Risk of unauthorized operations or information disclosure.
CVE-2026-28369 Vulnerability in io.undertow:undertow-parent (CVE-2026-28369)
vulnerability in io.undertow:undertow-parent (CVE-2026-28369). Confidential information can be exposed externally.
CVE-2026-28367 Vulnerability in io.undertow:undertow-parent (CVE-2026-28367)
vulnerability in io.undertow:undertow-parent (CVE-2026-28367). Confidential information can be exposed externally.
CVE-2026-28368 Vulnerability in io.undertow:undertow-parent (CVE-2026-28368)
vulnerability in io.undertow:undertow-parent (CVE-2026-28368). Confidential information can be exposed externally.
CVE-2025-15381 Information Disclosure in lfprojects (CVE-2025-15381)
vulnerability in lfprojects (CVE-2025-15381). Data can be tampered with by attackers. Exploitable via ``NO_PERMISSIONS``.
CVE-2026-32984 Out-of-Bounds Read in dos (CVE-2026-32984)
vulnerability in dos (CVE-2026-32984). Risk of unauthorized operations or information disclosure.
CVE-2026-32983 Vulnerability in dos (CVE-2026-32983)
vulnerability in dos (CVE-2026-32983). Risk of unauthorized operations or information disclosure.
CVE-2026-30689 Authorization Flaw in anjoy8 (CVE-2026-30689)
vulnerability in anjoy8 (CVE-2026-30689). Risk of unauthorized operations or information disclosure.
CVE-2026-5010 Cross-Site Scripting (XSS) in CVE-2026-5010 (CVE-2026-5010)
cross-site scripting in CVE-2026-5010 (CVE-2026-5010). Risk of unauthorized operations or information disclosure.
CVE-2026-4980 XXE (XML External Entity) in inkscape (CVE-2026-4980)
vulnerability in inkscape (CVE-2026-4980). Confidential information can be exposed externally.
CVE-2026-4984 Vulnerability in CVE-2026-4984 (CVE-2026-4984)
vulnerability in CVE-2026-4984 (CVE-2026-4984). Confidential information can be exposed externally.
CVE-2026-33758 Vulnerability in openbao (CVE-2026-33758)
vulnerability in openbao (CVE-2026-33758). Risk of unauthorized operations or information disclosure. Exploitable via ``error_description``.
CVE-2026-33433 Vulnerability in traefik (CVE-2026-33433)
vulnerability in traefik (CVE-2026-33433). Successful exploitation can lead to full system takeover. Exploitable via ``headerField``.
CVE-2026-27877 Vulnerability in github.com/grafana/grafana (CVE-2026-27877)
vulnerability in github.com/grafana/grafana (CVE-2026-27877). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.2-0.20260325055210-3522153e07b4` or later.
CVE-2026-27880 Out-of-Bounds Write in grafana (CVE-2026-27880)
out-of-bounds write in grafana (CVE-2026-27880). Risk of unauthorized operations or information disclosure.
CVE-2026-27876 Code Injection in grafana (CVE-2026-27876)
code injection in grafana (CVE-2026-27876). Successful exploitation can lead to full system takeover.
CVE-2025-69988 Vulnerability in CVE-2025-69988 (CVE-2025-69988)
vulnerability in CVE-2025-69988 (CVE-2025-69988). Confidential information can be exposed externally.
CVE-2025-61190 Cross-Site Scripting (XSS) in lyrasis (CVE-2025-61190)
cross-site scripting in lyrasis (CVE-2025-61190). Risk of unauthorized operations or information disclosure.
CVE-2026-32859 Cross-Site Scripting (XSS) in CVE-2026-32859 (CVE-2026-32859)
cross-site scripting in CVE-2026-32859 (CVE-2026-32859). Risk of unauthorized operations or information disclosure.
CVE-2026-32695 Vulnerability in traefik (CVE-2026-32695)
vulnerability in traefik (CVE-2026-32695). Confidential information can be exposed externally. Exploitable via ``tenant.example.com``.
CVE-2026-27857 Vulnerability in dovecot (CVE-2026-27857)
vulnerability in dovecot (CVE-2026-27857). Risk of unauthorized operations or information disclosure.
CVE-2026-27858 Vulnerability in dovecot (CVE-2026-27858)
vulnerability in dovecot (CVE-2026-27858). Risk of unauthorized operations or information disclosure.
CVE-2026-24031 SQL Injection in dovecot (CVE-2026-24031)
SQL injection in dovecot (CVE-2026-24031). Confidential information can be exposed externally.
CVE-2025-59032 Vulnerability in dovecot (CVE-2025-59032)
vulnerability in dovecot (CVE-2025-59032). Risk of unauthorized operations or information disclosure.
CVE-2026-27856 Authentication Bypass in dovecot (CVE-2026-27856)
authentication bypass in dovecot (CVE-2026-27856). Confidential information can be exposed externally.
CVE-2026-33559 Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
CVE-2026-22744 Vulnerability in vmware (CVE-2026-22744)
vulnerability in vmware (CVE-2026-22744). Confidential information can be exposed externally.
CVE-2026-22738 Vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738)
vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.1.4` or later.
CVE-2026-22742 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22742)
SSRF in ssrf (CVE-2026-22742). Confidential information can be exposed externally.
CVE-2026-33728 Unsafe Deserialization in com.datadoghq:dd-java-agent (CVE-2026-33728)
vulnerability in com.datadoghq:dd-java-agent (CVE-2026-33728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.60.3` or later.
CVE-2026-33701 Unsafe Deserialization in linuxfoundation (CVE-2026-33701)
vulnerability in linuxfoundation (CVE-2026-33701). Successful exploitation can lead to full system takeover.
CVE-2026-27893 Vulnerability in vllm (CVE-2026-27893)
vulnerability in vllm (CVE-2026-27893). Successful exploitation can lead to full system takeover.
CVE-2025-53521 KEV [KEV] Vulnerability in F5 big-ip (CVE-2025-53521)
vulnerability in F5 big-ip (CVE-2025-53521). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-34352 Vulnerability in tigervnc (CVE-2026-34352)
vulnerability in tigervnc (CVE-2026-34352). Confidential information can be exposed externally.
CVE-2026-2100 Vulnerability in dos (CVE-2026-2100)
vulnerability in dos (CVE-2026-2100). Risk of unauthorized operations or information disclosure.
CVE-2026-0968 Vulnerability in dos (CVE-2026-0968)
vulnerability in dos (CVE-2026-0968). Risk of unauthorized operations or information disclosure. Exploitable via ``SSH_FXP_NAME``.
CVE-2026-0964 Path Traversal in libssh (CVE-2026-0964)
path traversal in libssh (CVE-2026-0964). Risk of unauthorized operations or information disclosure.
CVE-2026-0965 Vulnerability in dos (CVE-2026-0965)
vulnerability in dos (CVE-2026-0965). Risk of unauthorized operations or information disclosure.
CVE-2026-0966 Vulnerability in dos (CVE-2026-0966)
vulnerability in dos (CVE-2026-0966). Risk of unauthorized operations or information disclosure.
CVE-2026-32286 Vulnerability in github.com/jackc/pgproto3/v2 (CVE-2026-32286)
vulnerability in github.com/jackc/pgproto3/v2 (CVE-2026-32286). Risk of unauthorized operations or information disclosure.
CVE-2026-32285 Vulnerability in dos (CVE-2026-32285)
vulnerability in dos (CVE-2026-32285). Risk of unauthorized operations or information disclosure.
CVE-2026-4926 Vulnerability in c (CVE-2026-4926)
vulnerability in c (CVE-2026-4926). Risk of unauthorized operations or information disclosure.
CVE-2026-30463 SQL Injection in sqli (CVE-2026-30463)
SQL injection in sqli (CVE-2026-30463). Confidential information can be exposed externally.
CVE-2026-30457 Code Injection in thedaylightstudio (CVE-2026-30457)
code injection in thedaylightstudio (CVE-2026-30457). Successful exploitation can lead to full system takeover.
CVE-2026-26213 OS Command Injection in thingino (CVE-2026-26213)
OS command injection in thingino (CVE-2026-26213). Successful exploitation can lead to full system takeover.
CVE-2026-33487 Vulnerability in goxmldsig-project (CVE-2026-33487)
vulnerability in goxmldsig-project (CVE-2026-33487). Data can be tampered with by attackers. Exploitable via ``validateSignature``.
CVE-2026-32857 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32857)
SSRF in ssrf (CVE-2026-32857). Confidential information can be exposed externally.
CVE-2026-3116 Vulnerability in mattermost (CVE-2026-3116)
vulnerability in mattermost (CVE-2026-3116). Risk of unauthorized operations or information disclosure.
CVE-2026-3109 Vulnerability in mattermost (CVE-2026-3109)
vulnerability in mattermost (CVE-2026-3109). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →