Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-23747 |
|
Vulnerability in dos (CVE-2026-23747)
vulnerability in dos (CVE-2026-23747). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23748 |
|
Vulnerability in dos (CVE-2026-23748)
vulnerability in dos (CVE-2026-23748). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26228 |
|
Path Traversal in path-traversal (CVE-2026-26228)
path traversal in path-traversal (CVE-2026-26228). Risk of unauthorized operations or information disclosure. Exploitable via `GET /download.`.
|
| CVE-2025-71057 |
|
Authentication Bypass in CVE-2025-71057 (CVE-2025-71057)
authentication bypass in CVE-2025-71057 (CVE-2025-71057). Data can be tampered with by attackers.
|
| CVE-2026-56357 |
|
Vulnerability in n8n (CVE-2026-56357)
vulnerability in n8n (CVE-2026-56357). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.0` or later.
|
| CVE-2026-56351 |
|
SQL Injection in n8n (CVE-2026-56351)
SQL injection in n8n (CVE-2026-56351). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.4.0` or later.
|
| CVE-2025-14343 |
|
Cross-Site Scripting (XSS) in CVE-2025-14343 (CVE-2025-14343)
cross-site scripting in CVE-2025-14343 (CVE-2025-14343). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1695 |
|
Cross-Site Scripting (XSS) in arcinfo (CVE-2026-1695)
cross-site scripting in arcinfo (CVE-2026-1695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1696 |
|
Cross-Site Scripting (XSS) in arcinfo (CVE-2026-1696)
cross-site scripting in arcinfo (CVE-2026-1696). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1693 |
|
Vulnerability in arcinfo (CVE-2026-1693)
vulnerability in arcinfo (CVE-2026-1693). Confidential information can be exposed externally.
|
| CVE-2026-27970 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
cross-site scripting in angular (CVE-2026-27970). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27959 |
|
Vulnerability in koajs (CVE-2026-27959)
vulnerability in koajs (CVE-2026-27959). Data can be tampered with by attackers. Exploitable via `Host header`.
|
| CVE-2026-27896 |
|
Vulnerability in lfprojects (CVE-2026-27896)
vulnerability in lfprojects (CVE-2026-27896). Data can be tampered with by attackers.
|
| CVE-2026-27830 |
|
Code Injection in deserialization (CVE-2026-27830)
code injection in deserialization (CVE-2026-27830). Successful exploitation can lead to full system takeover. Exploitable via ``javax.naming.Reference``.
|
| CVE-2026-27148 |
|
Vulnerability in storybook (CVE-2026-27148)
vulnerability in storybook (CVE-2026-27148). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26965 |
|
Out-of-Bounds Write in freerdp (CVE-2026-26965)
out-of-bounds write in freerdp (CVE-2026-26965). Successful exploitation can lead to full system takeover. Exploitable via ``pDstData``.
|
| CVE-2026-26955 |
|
Out-of-Bounds Write in c (CVE-2026-26955)
out-of-bounds write in c (CVE-2026-26955). Successful exploitation can lead to full system takeover. Exploitable via ``xfreerdp``.
|
| CVE-2026-56368 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-56368)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-56368). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.10.3` or later.
|
| CVE-2026-25554 |
|
SQL Injection in c (CVE-2026-25554)
SQL injection in c (CVE-2026-25554). Confidential information can be exposed externally.
|
| CVE-2026-27727 |
|
Vulnerability in mchange (CVE-2026-27727)
vulnerability in mchange (CVE-2026-27727). Successful exploitation can lead to full system takeover. Exploitable via ``factoryClassLocation``.
|
| CVE-2026-2624 |
|
Vulnerability in epati (CVE-2026-2624)
vulnerability in epati (CVE-2026-2624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21725 |
|
Vulnerability in grafana (CVE-2026-21725)
vulnerability in grafana (CVE-2026-21725). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26103 |
|
Vulnerability in redhat (CVE-2026-26103)
vulnerability in redhat (CVE-2026-26103). Data can be tampered with by attackers.
|
| CVE-2026-27609 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-27609)
vulnerability in csrf (CVE-2026-27609). Data can be tampered with by attackers. Exploitable via `POST /apps/`.
|
| CVE-2026-27595 |
|
Vulnerability in csrf (CVE-2026-27595)
vulnerability in csrf (CVE-2026-27595). Data can be tampered with by attackers. Exploitable via ``readOnlyMasterKey``.
|
| CVE-2026-27608 |
|
Vulnerability in parseplatform (CVE-2026-27608)
vulnerability in parseplatform (CVE-2026-27608). Confidential information can be exposed externally. Exploitable via `POST /apps/`.
|
| CVE-2026-27606 |
|
Path Traversal in path-traversal (CVE-2026-27606)
path traversal in path-traversal (CVE-2026-27606). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20127 KEV |
|
[KEV] Authentication Bypass in Cisco catalyst-sd-wan-controller-and-manager (CVE-2026-20127)
authentication bypass in Cisco catalyst-sd-wan-controller-and-manager (CVE-2026-20127). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2022-20775 KEV |
|
[KEV] Vulnerability in Cisco sd-wan (CVE-2022-20775)
vulnerability in Cisco sd-wan (CVE-2022-20775). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-26351 |
|
Cross-Site Scripting (XSS) in getsimple-ce (CVE-2026-26351)
cross-site scripting in getsimple-ce (CVE-2026-26351). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63409 |
|
Vulnerability in privilege-escalation (CVE-2025-63409)
vulnerability in privilege-escalation (CVE-2025-63409). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2807 |
|
Out-of-Bounds Write in mozilla (CVE-2026-2807)
out-of-bounds write in mozilla (CVE-2026-2807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2795 |
|
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
|
| CVE-2026-2799 |
|
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
|
| CVE-2026-2798 |
|
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
|
| CVE-2026-2797 |
|
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
|
| CVE-2026-2792 |
|
Out-of-Bounds Write in mozilla (CVE-2026-2792)
out-of-bounds write in mozilla (CVE-2026-2792). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2793 |
|
Out-of-Bounds Write in mozilla (CVE-2026-2793)
out-of-bounds write in mozilla (CVE-2026-2793). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2794 |
|
Vulnerability in mozilla (CVE-2026-2794)
vulnerability in mozilla (CVE-2026-2794). Confidential information can be exposed externally.
|
| CVE-2026-2773 |
|
Buffer Overflow in mozilla (CVE-2026-2773)
vulnerability in mozilla (CVE-2026-2773). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2778 |
|
Buffer Overflow in mozilla (CVE-2026-2778)
vulnerability in mozilla (CVE-2026-2778). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2777 |
|
Privilege Escalation in privilege-escalation (CVE-2026-2777)
vulnerability in privilege-escalation (CVE-2026-2777). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2796 |
|
Vulnerability in mozilla (CVE-2026-2796)
vulnerability in mozilla (CVE-2026-2796). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2776 |
|
Buffer Overflow in mozilla (CVE-2026-2776)
vulnerability in mozilla (CVE-2026-2776). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2775 |
|
Vulnerability in mozilla (CVE-2026-2775)
vulnerability in mozilla (CVE-2026-2775). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2766 |
|
Use-After-Free in mozilla (CVE-2026-2766)
vulnerability in mozilla (CVE-2026-2766). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2769 |
|
Use-After-Free in mozilla (CVE-2026-2769)
vulnerability in mozilla (CVE-2026-2769). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2764 |
|
Use-After-Free in mozilla (CVE-2026-2764)
vulnerability in mozilla (CVE-2026-2764). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2763 |
|
Use-After-Free in mozilla (CVE-2026-2763)
vulnerability in mozilla (CVE-2026-2763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2765 |
|
Use-After-Free in mozilla (CVE-2026-2765)
vulnerability in mozilla (CVE-2026-2765). Successful exploitation can lead to full system takeover.
|