Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8804 |
|
Vulnerability in CVE-2026-8804 (CVE-2026-8804)
vulnerability in CVE-2026-8804 (CVE-2026-8804). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38571 |
|
Vulnerability in CVE-2026-38571 (CVE-2026-38571)
vulnerability in CVE-2026-38571 (CVE-2026-38571). Confidential information can be exposed externally.
|
| CVE-2026-57287 |
|
Vulnerability in jenkins (CVE-2026-57287)
vulnerability in jenkins (CVE-2026-57287). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50267 |
|
Vulnerability in Steeltoe.Configuration.Abstractions (CVE-2026-50267)
vulnerability in Steeltoe.Configuration.Abstractions (CVE-2026-50267). Confidential information can be exposed externally. Exploitable via ``VCAP_SERVICES``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-46622 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a misconf...
|
| CVE-2026-10786 |
|
Vulnerability in devolutions (CVE-2026-10786)
vulnerability in devolutions (CVE-2026-10786). Confidential information can be exposed externally.
|
| CVE-2026-36176 |
|
Vulnerability in CVE-2026-36176 (CVE-2026-36176)
vulnerability in CVE-2026-36176 (CVE-2026-36176). Confidential information can be exposed externally.
|
| CVE-2026-4387 |
|
Vulnerability in c (CVE-2026-4387)
vulnerability in c (CVE-2026-4387). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45040 |
|
Vulnerability in CVE-2026-45040 (CVE-2026-45040)
vulnerability in CVE-2026-45040 (CVE-2026-45040). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.0-beta.2` or later.
|
| CVE-2026-9274 |
|
Vulnerability in CVE-2026-9274 (CVE-2026-9274)
vulnerability in CVE-2026-9274 (CVE-2026-9274). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8596 |
|
Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-6332 |
|
Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
|
| CVE-2026-42408 |
|
Vulnerability in f5 (CVE-2026-42408)
vulnerability in f5 (CVE-2026-42408). Confidential information can be exposed externally.
|
| CVE-2026-28758 |
|
Vulnerability in f5 (CVE-2026-28758)
vulnerability in f5 (CVE-2026-28758). Confidential information can be exposed externally.
|
| CVE-2026-43992 |
|
Information Disclosure in CVE-2026-43992 (CVE-2026-43992)
vulnerability in CVE-2026-43992 (CVE-2026-43992). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-45362 |
|
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
Sangoma Switchvox before 8.4 places cleartext SIP authentication credentials in a backup file.
|
| CVE-2026-41520 |
|
Information Disclosure in cilium (CVE-2026-41520)
vulnerability in cilium (CVE-2026-41520). Confidential information can be exposed externally. Mitigation: upgrade to `1.17.15, 1.18.9, 1.19.3` or later.
|
| CVE-2026-43942 |
|
Information Disclosure in electerm (CVE-2026-43942)
vulnerability in electerm (CVE-2026-43942). Confidential information can be exposed externally. Exploitable via ``process.env``.
|
| CVE-2026-42151 |
|
Information Disclosure in github.com/prometheus/prometheus (CVE-2026-42151)
vulnerability in github.com/prometheus/prometheus (CVE-2026-42151). Confidential information can be exposed externally. Exploitable via ``client_secret``. Mitigation: upgrade to `0.311.3` or later.
|
| CVE-2026-43824 |
|
Vulnerability in CVE-2026-43824 (CVE-2026-43824)
vulnerability in CVE-2026-43824 (CVE-2026-43824). Confidential information can be exposed externally.
|
| CVE-2026-7163 |
|
Vulnerability in redhat (CVE-2026-7163)
vulnerability in redhat (CVE-2026-7163). Confidential information can be exposed externally. Exploitable via `GET /v2/clusters/{cluster_id}/credentials`.
|
| CVE-2026-6553 |
|
Vulnerability in typo3/cms-backend (CVE-2026-6553)
vulnerability in typo3/cms-backend (CVE-2026-6553). Confidential information can be exposed externally. Exploitable via ``SetupModuleController``. Mitigation: upgrade to `14.3.0` or later.
|
| CVE-2026-27877 |
|
Vulnerability in github.com/grafana/grafana (CVE-2026-27877)
vulnerability in github.com/grafana/grafana (CVE-2026-27877). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.2-0.20260325055210-3522153e07b4` or later.
|
| CVE-2025-10464 |
|
Vulnerability in CVE-2025-10464 (CVE-2025-10464)
vulnerability in CVE-2025-10464 (CVE-2025-10464). Confidential information can be exposed externally.
|
| CVE-2025-25613 |
|
Vulnerability in fs (CVE-2025-25613)
vulnerability in fs (CVE-2025-25613). Confidential information can be exposed externally.
|
| CVE-2025-51055 |
|
Vulnerability in vedo-suite-project (CVE-2025-51055)
vulnerability in vedo-suite-project (CVE-2025-51055). Confidential information can be exposed externally.
|
| CVE-2025-50777 |
|
Vulnerability in aziot (CVE-2025-50777)
vulnerability in aziot (CVE-2025-50777). Successful exploitation can lead to full system takeover.
|
| CVE-2025-44649 |
|
Vulnerability in trendnet (CVE-2025-44649)
vulnerability in trendnet (CVE-2025-44649). Confidential information can be exposed externally.
|
| CVE-2024-12604 |
|
Vulnerability in tapandsign (CVE-2024-12604)
vulnerability in tapandsign (CVE-2024-12604). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-40582 |
|
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
|
| CVE-2024-46383 |
|
Vulnerability in CVE-2024-46383 (CVE-2024-46383)
vulnerability in CVE-2024-46383 (CVE-2024-46383). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-34891 |
|
Vulnerability in bitrix24 (CVE-2024-34891)
vulnerability in bitrix24 (CVE-2024-34891). Confidential information can be exposed externally.
|
| CVE-2024-6400 |
|
Vulnerability in finrota (CVE-2024-6400)
vulnerability in finrota (CVE-2024-6400). Confidential information can be exposed externally.
|
| CVE-2024-8644 |
|
Vulnerability in oceanicsoft (CVE-2024-8644)
vulnerability in oceanicsoft (CVE-2024-8644). Confidential information can be exposed externally.
|
| CVE-2024-6921 |
|
Vulnerability in nac (CVE-2024-6921)
vulnerability in nac (CVE-2024-6921). Confidential information can be exposed externally.
|
| CVE-2024-28327 |
|
Vulnerability in CVE-2024-28327 (CVE-2024-28327)
vulnerability in CVE-2024-28327 (CVE-2024-28327). Successful exploitation can lead to full system takeover.
|
| CVE-2023-51702 |
|
Vulnerability in apache (CVE-2023-51702)
vulnerability in apache (CVE-2023-51702). Confidential information can be exposed externally.
|
| CVE-2023-27098 |
|
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
|
| CVE-2023-31821 |
|
Vulnerability in albis (CVE-2023-31821)
vulnerability in albis (CVE-2023-31821). Confidential information can be exposed externally.
|
| CVE-2023-35699 |
|
Vulnerability in sick (CVE-2023-35699)
vulnerability in sick (CVE-2023-35699). Confidential information can be exposed externally.
|
| CVE-2023-31408 |
|
Vulnerability in sick (CVE-2023-31408)
vulnerability in sick (CVE-2023-31408). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-27243 |
|
Vulnerability in makves (CVE-2023-27243)
vulnerability in makves (CVE-2023-27243). Confidential information can be exposed externally.
|
| CVE-2023-25263 |
|
Vulnerability in stimulsoft (CVE-2023-25263)
vulnerability in stimulsoft (CVE-2023-25263). Confidential information can be exposed externally.
|
| CVE-2021-45025 |
|
Vulnerability in rocketsoftware (CVE-2021-45025)
vulnerability in rocketsoftware (CVE-2021-45025). Confidential information can be exposed externally.
|
| CVE-2021-28937 |
|
Vulnerability in acexy (CVE-2021-28937)
vulnerability in acexy (CVE-2021-28937). Confidential information can be exposed externally.
|
| CVE-2021-42642 |
|
Vulnerability in printerlogic (CVE-2021-42642)
vulnerability in printerlogic (CVE-2021-42642). Confidential information can be exposed externally.
|
| CVE-2020-10727 |
|
Vulnerability in org.apache.activemq:artemis-commons (CVE-2020-10727)
vulnerability in org.apache.activemq:artemis-commons (CVE-2020-10727). Confidential information can be exposed externally. Exploitable via ``resetUsers``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2017-13663 |
|
Vulnerability in ismartalarm (CVE-2017-13663)
vulnerability in ismartalarm (CVE-2017-13663). Confidential information can be exposed externally.
|
| CVE-2017-2723 |
|
Vulnerability in huawei (CVE-2017-2723)
vulnerability in huawei (CVE-2017-2723). Successful exploitation can lead to full system takeover.
|
| CVE-2017-14990 |
|
Vulnerability in wordpress (CVE-2017-14990)
vulnerability in wordpress (CVE-2017-14990). Confidential information can be exposed externally.
|