Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-14476 |
|
Vulnerability in path-traversal (CVE-2026-14476)
vulnerability in path-traversal (CVE-2026-14476). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5268 |
|
Vulnerability in CVE-2026-5268 (CVE-2026-5268)
vulnerability in CVE-2026-5268 (CVE-2026-5268). Confidential information can be exposed externally.
|
| CVE-2026-24013 |
|
Vulnerability in apache (CVE-2026-24013)
vulnerability in apache (CVE-2026-24013). Confidential information can be exposed externally.
|
| CVE-2026-58423 |
|
Authentication Bypass in CVE-2026-58423 (CVE-2026-58423)
authentication bypass in CVE-2026-58423 (CVE-2026-58423). Confidential information can be exposed externally.
|
| CVE-2026-35159 |
|
Vulnerability in CVE-2026-35159 (CVE-2026-35159)
vulnerability in CVE-2026-35159 (CVE-2026-35159). Data can be tampered with by attackers.
|
| CVE-2026-54998 |
|
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
|
| CVE-2026-13125 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-58517 |
|
Vulnerability in CVE-2026-58517 (CVE-2026-58517)
vulnerability in CVE-2026-58517 (CVE-2026-58517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12579 |
|
AS228T with Authentication Bypass Vulnerability
AS228T with Authentication Bypass Vulnerability
|
| CVE-2026-56286 |
|
Vulnerability in csrf (CVE-2026-56286)
vulnerability in csrf (CVE-2026-56286). Data can be tampered with by attackers.
|
| CVE-2026-56350 |
|
Vulnerability in n8n (CVE-2026-56350)
vulnerability in n8n (CVE-2026-56350). Data can be tampered with by attackers.
|
| CVE-2026-56219 |
|
Authentication Bypass in CVE-2026-56219 (CVE-2026-56219)
authentication bypass in CVE-2026-56219 (CVE-2026-56219). Confidential information can be exposed externally.
|
| CVE-2026-13207 |
|
Vulnerability in CVE-2026-13207 (CVE-2026-13207)
vulnerability in CVE-2026-13207 (CVE-2026-13207). Confidential information can be exposed externally.
|
| CVE-2026-56782 |
|
Vulnerability in CVE-2026-56782 (CVE-2026-56782)
vulnerability in CVE-2026-56782 (CVE-2026-56782). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58056 |
|
RustDesk gates incoming control messages on per-capability flags rather than on the session's...
RustDesk gates incoming control messages on per-capability flags rather than on the session's...
|
| CVE-2025-71327 |
|
Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
|
| CVE-2026-9780 |
|
Cross-Site Scripting (XSS) in quest (CVE-2026-9780)
cross-site scripting in quest (CVE-2026-9780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7569 |
|
Cross-Site Scripting (XSS) in quest (CVE-2026-7569)
cross-site scripting in quest (CVE-2026-7569). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56262 |
|
Vulnerability in kidocode (CVE-2026-56262)
vulnerability in kidocode (CVE-2026-56262). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35019 |
|
Vulnerability in CVE-2026-35019 (CVE-2026-35019)
vulnerability in CVE-2026-35019 (CVE-2026-35019). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10561 |
|
Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
|
| CVE-2025-4994 |
|
Vulnerability in CVE-2025-4994 (CVE-2025-4994)
vulnerability in CVE-2025-4994 (CVE-2025-4994). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56299 |
|
Vulnerability in dos (CVE-2026-56299)
vulnerability in dos (CVE-2026-56299). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56265 |
|
Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56346 |
|
Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56294 |
|
Authentication Bypass in CVE-2026-56294 (CVE-2026-56294)
authentication bypass in CVE-2026-56294 (CVE-2026-56294). Confidential information can be exposed externally.
|
| CVE-2020-37255 |
|
Vulnerability in wordpress (CVE-2020-37255)
vulnerability in wordpress (CVE-2020-37255). Confidential information can be exposed externally.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49231 |
|
Vulnerability in apache (CVE-2026-49231)
vulnerability in apache (CVE-2026-49231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39999 |
|
Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
|
| CVE-2026-47341 |
|
Vulnerability in apache (CVE-2026-47341)
vulnerability in apache (CVE-2026-47341). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50242 |
|
Vulnerability in jetbrains (CVE-2026-50242)
vulnerability in jetbrains (CVE-2026-50242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58399 |
|
Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
|
| CVE-2026-11718 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-11717 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-55196 |
|
Vulnerability in CVE-2026-55196 (CVE-2026-55196)
vulnerability in CVE-2026-55196 (CVE-2026-55196). Confidential information can be exposed externally. Exploitable via `POST /api/auth/passkey/register/options`.
|
| CVE-2026-54817 |
|
Vulnerability in CVE-2026-54817 (CVE-2026-54817)
vulnerability in CVE-2026-54817 (CVE-2026-54817). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48746 |
|
Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2025-13036 |
|
Vulnerability in cisa (CVE-2025-13036)
vulnerability in cisa (CVE-2025-13036). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12225 |
|
Vulnerability in CVE-2026-12225 (CVE-2026-12225)
vulnerability in CVE-2026-12225 (CVE-2026-12225). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-54281 |
|
Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
|
| CVE-2026-36537 |
|
Vulnerability in CVE-2026-36537 (CVE-2026-36537)
vulnerability in CVE-2026-36537 (CVE-2026-36537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49062 |
|
Vulnerability in CVE-2026-49062 (CVE-2026-49062)
vulnerability in CVE-2026-49062 (CVE-2026-49062). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49757 |
|
Vulnerability in ash_authentication (CVE-2026-49757)
vulnerability in ash_authentication (CVE-2026-49757). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.14.0, 5.0.0-rc.10` or later.
|
| CVE-2026-11443 |
|
Cross-Site Scripting (XSS) in CVE-2026-11443 (CVE-2026-11443)
cross-site scripting in CVE-2026-11443 (CVE-2026-11443). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48558 KEV |
|
[KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-5792 |
|
Vulnerability in CVE-2026-5792 (CVE-2026-5792)
vulnerability in CVE-2026-5792 (CVE-2026-5792). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50623 |
|
Authentication Bypass in apache (CVE-2026-50623)
authentication bypass in apache (CVE-2026-50623). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7064 |
|
Vulnerability in CVE-2025-7064 (CVE-2025-7064)
vulnerability in CVE-2025-7064 (CVE-2025-7064). Data can be tampered with by attackers.
|
| CVE-2026-10795 |
|
Vulnerability in wordpress (CVE-2026-10795)
vulnerability in wordpress (CVE-2026-10795). Successful exploitation can lead to full system takeover.
|