Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-31898 |
|
Vulnerability in parall (CVE-2026-31898)
vulnerability in parall (CVE-2026-31898). Confidential information can be exposed externally. Exploitable via ``createAnnotation``.
|
| CVE-2026-2603 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-2603)
vulnerability in org.keycloak:keycloak-services (CVE-2026-2603). Confidential information can be exposed externally. Mitigation: upgrade to `26.5.5` or later.
|
| CVE-2026-2092 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-2092)
vulnerability in org.keycloak:keycloak-services (CVE-2026-2092). Confidential information can be exposed externally.
|
| CVE-2026-22217 |
|
Vulnerability in openclaw (CVE-2026-22217)
vulnerability in openclaw (CVE-2026-22217). Data can be tampered with by attackers. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.2.23` or later.
|
| CVE-2026-28500 |
|
Vulnerability in onnx (CVE-2026-28500)
vulnerability in onnx (CVE-2026-28500). Confidential information can be exposed externally. Mitigation: upgrade to `1.21.0rc1` or later.
|
| CVE-2026-20963 KEV |
|
[KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2026-20963)
vulnerability in Microsoft sharepoint (CVE-2026-20963). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66376 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-66376)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-66376). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-27459 |
|
Vulnerability in pyopenssl (CVE-2026-27459)
vulnerability in pyopenssl (CVE-2026-27459). Successful exploitation can lead to full system takeover. Exploitable via ``set_cookie_generate_callback``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-32981 |
|
Path Traversal in ray (CVE-2026-32981)
path traversal in ray (CVE-2026-32981). Confidential information can be exposed externally. Mitigation: upgrade to `2.8.1` or later.
|
| CVE-2026-30707 |
|
Vulnerability in csharp (CVE-2026-30707)
vulnerability in csharp (CVE-2026-30707). Confidential information can be exposed externally.
|
| CVE-2026-3564 |
|
Vulnerability in CVE-2026-3564 (CVE-2026-3564)
vulnerability in CVE-2026-3564 (CVE-2026-3564). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4324 |
|
SQL Injection in katello (CVE-2026-4324)
SQL injection in katello (CVE-2026-4324). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.19.1` or later.
|
| CVE-2025-62320 |
|
Cross-Site Scripting (XSS) in hcltech (CVE-2025-62320)
cross-site scripting in hcltech (CVE-2025-62320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4271 |
|
Use-After-Free in dos (CVE-2026-4271)
vulnerability in dos (CVE-2026-4271). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4312 |
|
Vulnerability in dragonsoft (CVE-2026-4312)
vulnerability in dragonsoft (CVE-2026-4312). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4258 |
|
Vulnerability in bitwiseshiftleft (CVE-2026-4258)
vulnerability in bitwiseshiftleft (CVE-2026-4258). Confidential information can be exposed externally.
|
| CVE-2026-0708 |
|
Out-of-Bounds Read in dos (CVE-2026-0708)
vulnerability in dos (CVE-2026-0708). Confidential information can be exposed externally. Exploitable via ``ucl_object_emit``.
|
| CVE-2026-4177 |
|
Vulnerability in toddr (CVE-2026-4177)
vulnerability in toddr (CVE-2026-4177). Confidential information can be exposed externally.
|
| CVE-2025-50881 |
|
Code Injection in CVE-2025-50881 (CVE-2025-50881)
code injection in CVE-2025-50881 (CVE-2025-50881). Successful exploitation can lead to full system takeover. Exploitable via ``action``.
|
| CVE-2026-32759 |
|
Vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-32759)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-32759). Data can be tampered with by attackers. Exploitable via ``enableExec``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-29516 |
|
Vulnerability in buffaloamericas (CVE-2026-29516)
vulnerability in buffaloamericas (CVE-2026-29516). Confidential information can be exposed externally.
|
| CVE-2025-69196 |
|
Authorization Flaw in jlowin (CVE-2025-69196)
vulnerability in jlowin (CVE-2025-69196). Confidential information can be exposed externally.
|
| CVE-2026-3644 |
|
Vulnerability in CVE-2026-3644 (CVE-2026-3644)
vulnerability in CVE-2026-3644 (CVE-2026-3644). Data can be tampered with by attackers.
|
| CVE-2026-27962 |
|
Vulnerability in deserialization (CVE-2026-27962)
vulnerability in deserialization (CVE-2026-27962). Confidential information can be exposed externally.
|
| CVE-2026-23862 |
|
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local...
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
|
| CVE-2026-4276 |
|
Code Injection in librechat (CVE-2026-4276)
code injection in librechat (CVE-2026-4276). Data can be tampered with by attackers.
|
| CVE-2025-62319 |
|
SQL Injection in sqli (CVE-2025-62319)
SQL injection in sqli (CVE-2025-62319). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3442 |
|
Out-of-Bounds Read in dos (CVE-2026-3442)
vulnerability in dos (CVE-2026-3442). Confidential information can be exposed externally.
|
| CVE-2026-3441 |
|
Out-of-Bounds Read in dos (CVE-2026-3441)
vulnerability in dos (CVE-2026-3441). Confidential information can be exposed externally.
|
| CVE-2026-3086 |
|
Out-of-Bounds Write in gstreamer (CVE-2026-3086)
out-of-bounds write in gstreamer (CVE-2026-3086). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3081 |
|
Vulnerability in gstreamer (CVE-2026-3081)
vulnerability in gstreamer (CVE-2026-3081). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3084 |
|
Vulnerability in gstreamer (CVE-2026-3084)
vulnerability in gstreamer (CVE-2026-3084). Successful exploitation can lead to full system takeover.
|
| CVE-2025-2274 |
|
Cross-Site Scripting (XSS) in forcepoint (CVE-2025-2274)
cross-site scripting in forcepoint (CVE-2025-2274). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4255 |
|
Vulnerability in thermalright (CVE-2026-4255)
vulnerability in thermalright (CVE-2026-4255). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3476 |
|
Code Injection in 3ds (CVE-2026-3476)
code injection in 3ds (CVE-2026-3476). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3111 |
|
Vulnerability in CVE-2026-3111 (CVE-2026-3111)
vulnerability in CVE-2026-3111 (CVE-2026-3111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3227 |
|
OS Command Injection in tp-link (CVE-2026-3227)
OS command injection in tp-link (CVE-2026-3227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3083 |
|
Vulnerability in gstreamer (CVE-2026-3083)
vulnerability in gstreamer (CVE-2026-3083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3110 |
|
Vulnerability in CVE-2026-3110 (CVE-2026-3110)
vulnerability in CVE-2026-3110 (CVE-2026-3110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3082 |
|
Vulnerability in gstreamer (CVE-2026-3082)
vulnerability in gstreamer (CVE-2026-3082). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3085 |
|
Vulnerability in gstreamer (CVE-2026-3085)
vulnerability in gstreamer (CVE-2026-3085). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32777 |
|
Vulnerability in CVE-2026-32777 (CVE-2026-32777)
vulnerability in CVE-2026-32777 (CVE-2026-32777). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32776 |
|
Vulnerability in libexpat-project (CVE-2026-32776)
vulnerability in libexpat-project (CVE-2026-32776). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32778 |
|
Vulnerability in libexpat-project (CVE-2026-32778)
vulnerability in libexpat-project (CVE-2026-32778). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2923 |
|
Out-of-Bounds Write in gstreamer (CVE-2026-2923)
out-of-bounds write in gstreamer (CVE-2026-2923). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31386 |
|
OS Command Injection in litespeedtech (CVE-2026-31386)
OS command injection in litespeedtech (CVE-2026-31386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2921 |
|
Vulnerability in gstreamer (CVE-2026-2921)
vulnerability in gstreamer (CVE-2026-2921). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2922 |
|
Out-of-Bounds Write in gstreamer (CVE-2026-2922)
out-of-bounds write in gstreamer (CVE-2026-2922). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2920 |
|
Vulnerability in gstreamer (CVE-2026-2920)
vulnerability in gstreamer (CVE-2026-2920). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28522 |
|
Vulnerability in tuya (CVE-2026-28522)
vulnerability in tuya (CVE-2026-28522). Risk of unauthorized operations or information disclosure.
|