Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-31898 Vulnerability in parall (CVE-2026-31898)
vulnerability in parall (CVE-2026-31898). Confidential information can be exposed externally. Exploitable via ``createAnnotation``.
CVE-2026-2603 Vulnerability in org.keycloak:keycloak-services (CVE-2026-2603)
vulnerability in org.keycloak:keycloak-services (CVE-2026-2603). Confidential information can be exposed externally. Mitigation: upgrade to `26.5.5` or later.
CVE-2026-2092 Vulnerability in org.keycloak:keycloak-services (CVE-2026-2092)
vulnerability in org.keycloak:keycloak-services (CVE-2026-2092). Confidential information can be exposed externally.
CVE-2026-22217 Vulnerability in openclaw (CVE-2026-22217)
vulnerability in openclaw (CVE-2026-22217). Data can be tampered with by attackers. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.2.23` or later.
CVE-2026-28500 Vulnerability in onnx (CVE-2026-28500)
vulnerability in onnx (CVE-2026-28500). Confidential information can be exposed externally. Mitigation: upgrade to `1.21.0rc1` or later.
CVE-2026-20963 KEV [KEV] Unsafe Deserialization in Microsoft sharepoint (CVE-2026-20963)
vulnerability in Microsoft sharepoint (CVE-2026-20963). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-66376 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-66376)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-66376). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-27459 Vulnerability in pyopenssl (CVE-2026-27459)
vulnerability in pyopenssl (CVE-2026-27459). Successful exploitation can lead to full system takeover. Exploitable via ``set_cookie_generate_callback``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-32981 Path Traversal in ray (CVE-2026-32981)
path traversal in ray (CVE-2026-32981). Confidential information can be exposed externally. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-30707 Vulnerability in csharp (CVE-2026-30707)
vulnerability in csharp (CVE-2026-30707). Confidential information can be exposed externally.
CVE-2026-3564 Vulnerability in CVE-2026-3564 (CVE-2026-3564)
vulnerability in CVE-2026-3564 (CVE-2026-3564). Successful exploitation can lead to full system takeover.
CVE-2026-4324 SQL Injection in katello (CVE-2026-4324)
SQL injection in katello (CVE-2026-4324). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.19.1` or later.
CVE-2025-62320 Cross-Site Scripting (XSS) in hcltech (CVE-2025-62320)
cross-site scripting in hcltech (CVE-2025-62320). Risk of unauthorized operations or information disclosure.
CVE-2026-4271 Use-After-Free in dos (CVE-2026-4271)
vulnerability in dos (CVE-2026-4271). Risk of unauthorized operations or information disclosure.
CVE-2026-4312 Vulnerability in dragonsoft (CVE-2026-4312)
vulnerability in dragonsoft (CVE-2026-4312). Successful exploitation can lead to full system takeover.
CVE-2026-4258 Vulnerability in bitwiseshiftleft (CVE-2026-4258)
vulnerability in bitwiseshiftleft (CVE-2026-4258). Confidential information can be exposed externally.
CVE-2026-0708 Out-of-Bounds Read in dos (CVE-2026-0708)
vulnerability in dos (CVE-2026-0708). Confidential information can be exposed externally. Exploitable via ``ucl_object_emit``.
CVE-2026-4177 Vulnerability in toddr (CVE-2026-4177)
vulnerability in toddr (CVE-2026-4177). Confidential information can be exposed externally.
CVE-2025-50881 Code Injection in CVE-2025-50881 (CVE-2025-50881)
code injection in CVE-2025-50881 (CVE-2025-50881). Successful exploitation can lead to full system takeover. Exploitable via ``action``.
CVE-2026-32759 Vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-32759)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-32759). Data can be tampered with by attackers. Exploitable via ``enableExec``. Mitigation: upgrade to `2.33.8` or later.
CVE-2026-29516 Vulnerability in buffaloamericas (CVE-2026-29516)
vulnerability in buffaloamericas (CVE-2026-29516). Confidential information can be exposed externally.
CVE-2025-69196 Authorization Flaw in jlowin (CVE-2025-69196)
vulnerability in jlowin (CVE-2025-69196). Confidential information can be exposed externally.
CVE-2026-3644 Vulnerability in CVE-2026-3644 (CVE-2026-3644)
vulnerability in CVE-2026-3644 (CVE-2026-3644). Data can be tampered with by attackers.
CVE-2026-27962 Vulnerability in deserialization (CVE-2026-27962)
vulnerability in deserialization (CVE-2026-27962). Confidential information can be exposed externally.
CVE-2026-23862 Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local...
Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2026-4276 Code Injection in librechat (CVE-2026-4276)
code injection in librechat (CVE-2026-4276). Data can be tampered with by attackers.
CVE-2025-62319 SQL Injection in sqli (CVE-2025-62319)
SQL injection in sqli (CVE-2025-62319). Successful exploitation can lead to full system takeover.
CVE-2026-3442 Out-of-Bounds Read in dos (CVE-2026-3442)
vulnerability in dos (CVE-2026-3442). Confidential information can be exposed externally.
CVE-2026-3441 Out-of-Bounds Read in dos (CVE-2026-3441)
vulnerability in dos (CVE-2026-3441). Confidential information can be exposed externally.
CVE-2026-3086 Out-of-Bounds Write in gstreamer (CVE-2026-3086)
out-of-bounds write in gstreamer (CVE-2026-3086). Successful exploitation can lead to full system takeover.
CVE-2026-3081 Vulnerability in gstreamer (CVE-2026-3081)
vulnerability in gstreamer (CVE-2026-3081). Successful exploitation can lead to full system takeover.
CVE-2026-3084 Vulnerability in gstreamer (CVE-2026-3084)
vulnerability in gstreamer (CVE-2026-3084). Successful exploitation can lead to full system takeover.
CVE-2025-2274 Cross-Site Scripting (XSS) in forcepoint (CVE-2025-2274)
cross-site scripting in forcepoint (CVE-2025-2274). Risk of unauthorized operations or information disclosure.
CVE-2026-4255 Vulnerability in thermalright (CVE-2026-4255)
vulnerability in thermalright (CVE-2026-4255). Successful exploitation can lead to full system takeover.
CVE-2026-3476 Code Injection in 3ds (CVE-2026-3476)
code injection in 3ds (CVE-2026-3476). Successful exploitation can lead to full system takeover.
CVE-2026-3111 Vulnerability in CVE-2026-3111 (CVE-2026-3111)
vulnerability in CVE-2026-3111 (CVE-2026-3111). Risk of unauthorized operations or information disclosure.
CVE-2026-3227 OS Command Injection in tp-link (CVE-2026-3227)
OS command injection in tp-link (CVE-2026-3227). Successful exploitation can lead to full system takeover.
CVE-2026-3083 Vulnerability in gstreamer (CVE-2026-3083)
vulnerability in gstreamer (CVE-2026-3083). Successful exploitation can lead to full system takeover.
CVE-2026-3110 Vulnerability in CVE-2026-3110 (CVE-2026-3110)
vulnerability in CVE-2026-3110 (CVE-2026-3110). Risk of unauthorized operations or information disclosure.
CVE-2026-3082 Vulnerability in gstreamer (CVE-2026-3082)
vulnerability in gstreamer (CVE-2026-3082). Successful exploitation can lead to full system takeover.
CVE-2026-3085 Vulnerability in gstreamer (CVE-2026-3085)
vulnerability in gstreamer (CVE-2026-3085). Successful exploitation can lead to full system takeover.
CVE-2026-32777 Vulnerability in CVE-2026-32777 (CVE-2026-32777)
vulnerability in CVE-2026-32777 (CVE-2026-32777). Risk of unauthorized operations or information disclosure.
CVE-2026-32776 Vulnerability in libexpat-project (CVE-2026-32776)
vulnerability in libexpat-project (CVE-2026-32776). Risk of unauthorized operations or information disclosure.
CVE-2026-32778 Vulnerability in libexpat-project (CVE-2026-32778)
vulnerability in libexpat-project (CVE-2026-32778). Risk of unauthorized operations or information disclosure.
CVE-2026-2923 Out-of-Bounds Write in gstreamer (CVE-2026-2923)
out-of-bounds write in gstreamer (CVE-2026-2923). Successful exploitation can lead to full system takeover.
CVE-2026-31386 OS Command Injection in litespeedtech (CVE-2026-31386)
OS command injection in litespeedtech (CVE-2026-31386). Successful exploitation can lead to full system takeover.
CVE-2026-2921 Vulnerability in gstreamer (CVE-2026-2921)
vulnerability in gstreamer (CVE-2026-2921). Successful exploitation can lead to full system takeover.
CVE-2026-2922 Out-of-Bounds Write in gstreamer (CVE-2026-2922)
out-of-bounds write in gstreamer (CVE-2026-2922). Successful exploitation can lead to full system takeover.
CVE-2026-2920 Vulnerability in gstreamer (CVE-2026-2920)
vulnerability in gstreamer (CVE-2026-2920). Successful exploitation can lead to full system takeover.
CVE-2026-28522 Vulnerability in tuya (CVE-2026-28522)
vulnerability in tuya (CVE-2026-28522). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →