Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-2374 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
|
| CVE-2026-9789 |
|
Path Traversal in privilege-escalation (CVE-2026-9789)
path traversal in privilege-escalation (CVE-2026-9789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8915 |
|
Out-of-Bounds Write in samsung (CVE-2026-8915)
out-of-bounds write in samsung (CVE-2026-8915). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4888 |
|
Vulnerability in wordpress (CVE-2026-4888)
vulnerability in wordpress (CVE-2026-4888). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46538 |
|
Vulnerability in CVE-2026-46538 (CVE-2026-46538)
vulnerability in CVE-2026-46538 (CVE-2026-46538). Data can be tampered with by attackers.
|
| CVE-2026-46414 |
|
Vulnerability in CVE-2026-46414 (CVE-2026-46414)
vulnerability in CVE-2026-46414 (CVE-2026-46414). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46402 |
|
Path Traversal in path-traversal (CVE-2026-46402)
path traversal in path-traversal (CVE-2026-46402). Data can be tampered with by attackers.
|
| CVE-2026-46416 |
|
Vulnerability in CVE-2026-46416 (CVE-2026-46416)
vulnerability in CVE-2026-46416 (CVE-2026-46416). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45322 |
|
OS Command Injection in CVE-2026-45322 (CVE-2026-45322)
OS command injection in CVE-2026-45322 (CVE-2026-45322). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9208 |
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
| CVE-2026-45332 |
|
Information Disclosure in automad/automad (CVE-2026-45332)
vulnerability in automad/automad (CVE-2026-45332). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.0-beta.28` or later.
|
| CVE-2026-8364 |
|
Vulnerability in CVE-2026-8364 (CVE-2026-8364)
vulnerability in CVE-2026-8364 (CVE-2026-8364). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8362 |
|
Vulnerability in CVE-2026-8362 (CVE-2026-8362)
vulnerability in CVE-2026-8362 (CVE-2026-8362). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8363 |
|
Vulnerability in CVE-2026-8363 (CVE-2026-8363)
vulnerability in CVE-2026-8363 (CVE-2026-8363). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8360 |
|
Vulnerability in CVE-2026-8360 (CVE-2026-8360)
vulnerability in CVE-2026-8360 (CVE-2026-8360). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8359 |
|
Vulnerability in CVE-2026-8359 (CVE-2026-8359)
vulnerability in CVE-2026-8359 (CVE-2026-8359). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9759 |
|
Vulnerability in dos (CVE-2026-9759)
vulnerability in dos (CVE-2026-9759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8361 |
|
Vulnerability in path-traversal (CVE-2026-8361)
vulnerability in path-traversal (CVE-2026-8361). Confidential information can be exposed externally.
|
| CVE-2026-49009 |
|
Path Traversal in path-traversal (CVE-2026-49009)
path traversal in path-traversal (CVE-2026-49009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-33552 |
|
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
|
| CVE-2026-44712 |
|
OS Command Injection in CVE-2026-44712 (CVE-2026-44712)
OS command injection in CVE-2026-44712 (CVE-2026-44712). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-44713 |
|
OS Command Injection in c (CVE-2026-44713)
OS command injection in c (CVE-2026-44713). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-47270 |
|
Vulnerability in CVE-2026-47270 (CVE-2026-47270)
vulnerability in CVE-2026-47270 (CVE-2026-47270). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44711 |
|
Vulnerability in CVE-2026-44711 (CVE-2026-44711)
vulnerability in CVE-2026-44711 (CVE-2026-44711). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-47269 |
|
Vulnerability in CVE-2026-47269 (CVE-2026-47269)
vulnerability in CVE-2026-47269 (CVE-2026-47269). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44710 |
|
Vulnerability in c (CVE-2026-44710)
vulnerability in c (CVE-2026-44710). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-44709 |
|
OS Command Injection in CVE-2026-44709 (CVE-2026-44709)
OS command injection in CVE-2026-44709 (CVE-2026-44709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-45077 |
|
Unsafe Deserialization in symfony/monolog-bridge (CVE-2026-45077)
vulnerability in symfony/monolog-bridge (CVE-2026-45077). Risk of unauthorized operations or information disclosure. Exploitable via ``allowed_classes``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45075 |
|
Authorization Flaw in symfony/http-kernel (CVE-2026-45075)
vulnerability in symfony/http-kernel (CVE-2026-45075). Risk of unauthorized operations or information disclosure. Exploitable via ``HEAD``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45074 |
|
Vulnerability in symfony/security-http (CVE-2026-45074)
vulnerability in symfony/security-http (CVE-2026-45074). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45073 |
|
SQL Injection in symfony/cache (CVE-2026-45073)
SQL injection in symfony/cache (CVE-2026-45073). Risk of unauthorized operations or information disclosure. Exploitable via ``AbstractAdapterTrait``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45072 |
|
Cross-Site Scripting (XSS) in symfony/symfony (CVE-2026-45072)
cross-site scripting in symfony/symfony (CVE-2026-45072). Risk of unauthorized operations or information disclosure. Exploitable via ``file_excerpt``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45071 |
|
XXE (XML External Entity) in symfony/dom-crawler (CVE-2026-45071)
vulnerability in symfony/dom-crawler (CVE-2026-45071). Risk of unauthorized operations or information disclosure. Exploitable via ``Crawler``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45070 |
|
Vulnerability in symfony/mime (CVE-2026-45070)
vulnerability in symfony/mime (CVE-2026-45070). Risk of unauthorized operations or information disclosure. Exploitable via ``tokens``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45069 |
|
Vulnerability in symfony/security-http (CVE-2026-45069)
vulnerability in symfony/security-http (CVE-2026-45069). Risk of unauthorized operations or information disclosure. Exploitable via ``OidcTokenHandler``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45068 |
|
Vulnerability in symfony/mailer (CVE-2026-45068)
vulnerability in symfony/mailer (CVE-2026-45068). Risk of unauthorized operations or information disclosure. Exploitable via ``MAILER_DSN``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-45067 |
|
Vulnerability in symfony/mime (CVE-2026-45067)
vulnerability in symfony/mime (CVE-2026-45067). Risk of unauthorized operations or information disclosure. Exploitable via ``SmtpTransport``. Mitigation: upgrade to `8.0.12` or later.
|
| CVE-2026-48792 |
|
Vulnerability in c (CVE-2026-48792)
vulnerability in c (CVE-2026-48792). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.1` or later.
|
| CVE-2026-48066 |
|
Vulnerability in c (CVE-2026-48066)
vulnerability in c (CVE-2026-48066). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.1` or later.
|
| CVE-2026-48064 |
|
Authorization Flaw in CVE-2026-48064 (CVE-2026-48064)
vulnerability in CVE-2026-48064 (CVE-2026-48064). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.1` or later.
|
| CVE-2026-47274 |
|
Vulnerability in c (CVE-2026-47274)
vulnerability in c (CVE-2026-47274). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-48065 |
|
Vulnerability in c (CVE-2026-48065)
vulnerability in c (CVE-2026-48065). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.1` or later.
|
| CVE-2026-47271 |
|
Vulnerability in c (CVE-2026-47271)
vulnerability in c (CVE-2026-47271). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-47272 |
|
Authentication Bypass in c (CVE-2026-47272)
authentication bypass in c (CVE-2026-47272). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-47273 |
|
Vulnerability in CVE-2026-47273 (CVE-2026-47273)
vulnerability in CVE-2026-47273 (CVE-2026-47273). Data can be tampered with by attackers. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-47161 |
|
Unsafe Deserialization in CVE-2026-47161 (CVE-2026-47161)
vulnerability in CVE-2026-47161 (CVE-2026-47161). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45104 |
|
Vulnerability in osgeo (CVE-2026-45104)
vulnerability in osgeo (CVE-2026-45104). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.6.3` or later.
|
| CVE-2026-44888 |
|
Code Injection in CVE-2026-44888 (CVE-2026-44888)
code injection in CVE-2026-44888 (CVE-2026-44888). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026-05-07` or later.
|
| CVE-2026-45102 |
|
Vulnerability in CVE-2026-45102 (CVE-2026-45102)
vulnerability in CVE-2026-45102 (CVE-2026-45102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.0.98` or later.
|
| CVE-2026-45108 |
|
Authorization Flaw in CVE-2026-45108 (CVE-2026-45108)
vulnerability in CVE-2026-45108 (CVE-2026-45108). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.5` or later.
|