Sign in Sign up
JA · EN · FR
SecPulse

Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Categories
All 🌐 Web Application 🧭 Browser 🖥️ Operating System 📱 Mobile 🛰️ Network Infrastructure ☁️ Cloud / Container 📝 CMS / Site Builder 🗄️ Database / Storage 🔐 Auth / Identity 🔑 Cryptography 🛠️ DevOps / CI-CD 🤖 AI / ML 🔌 IoT / Embedded 🧩 Hardware / Firmware 🏢 Enterprise SaaS 🧰 Developer Tooling ☠️ Malicious Package 📦 Other
Tag groups
All 💬 Programming Languages 22 🧱 Web Frameworks 29 📱 Mobile Platforms 6 🤖 AI/ML Frameworks 11 🖥️ Web Servers 9 🗄️ Databases 13 📝 CMS 9 ☁️ Cloud Platforms 11 📦 Container Tech 12 🖥️ Operating Systems 15 ⚔️ Attack Types 25 🧬 CWE 185 🏢 Vendors 581 📦 Products 666 🌳 Package Ecosystems 24 🛠️ DevOps Tools 17 📡 Protocols 15
Popular tags (Top 40)
Rootio Linux419 Microsoft386 C237 Java183 Jre178 Java Min178 Bitnami178 Windows177 Rootdebian11175 Rootdebian12151 Linux130 Cwe 20125 Cwe 78120 Linux Kernel106 Cwe 787105 Apple99 Cwe 41699 Cwe 2296 Rootdebian1393 Cwe 11990 Cisco89 Denial of Service85 Cwe 9484 Multiple Products79 Adobe78 Google77 Cwe 50270 Cwe 7966 Cwe 8954 Apache47 Cwe 91844 Cwe 28443 Oracle42 Cwe 28741 JavaScript41 PHP41 Cwe 7740 Chromium V838 Cwe 30638 Cwe 84337
Filtering: Group: cwe Tag: javascript Clear
ID Title
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-42455 Cross-Site Scripting (XSS) in CVE-2026-42455 (CVE-2026-42455)
cross-site scripting in CVE-2026-42455 (CVE-2026-42455). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/archives/`.
CVE-2026-42451 Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
CVE-2026-42343 Vulnerability in dos (CVE-2026-42343)
vulnerability in dos (CVE-2026-42343). Risk of unauthorized operations or information disclosure.
CVE-2026-42224 Cross-Site Scripting (XSS) in CVE-2026-42224 (CVE-2026-42224)
cross-site scripting in CVE-2026-42224 (CVE-2026-42224). Successful exploitation can lead to full system takeover.
CVE-2026-42030 Vulnerability in CVE-2026-42030 (CVE-2026-42030)
vulnerability in CVE-2026-42030 (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
CVE-2026-42794 Cross-Site Scripting (XSS) in CVE-2026-42794 (CVE-2026-42794)
cross-site scripting in CVE-2026-42794 (CVE-2026-42794). Risk of unauthorized operations or information disclosure.
CVE-2026-42353 Path Traversal in express (CVE-2026-42353)
path traversal in express (CVE-2026-42353). Confidential information can be exposed externally.
CVE-2026-41886 Cross-Site Scripting (XSS) in CVE-2026-41886 (CVE-2026-41886)
cross-site scripting in CVE-2026-41886 (CVE-2026-41886). Data can be tampered with by attackers.
CVE-2026-41885 Path Traversal in CVE-2026-41885 (CVE-2026-41885)
path traversal in CVE-2026-41885 (CVE-2026-41885). Risk of unauthorized operations or information disclosure.
CVE-2026-41693 Path Traversal in CVE-2026-41693 (CVE-2026-41693)
path traversal in CVE-2026-41693 (CVE-2026-41693). Confidential information can be exposed externally.
CVE-2026-41690 Path Traversal in express (CVE-2026-41690)
path traversal in express (CVE-2026-41690). Data can be tampered with by attackers.
CVE-2026-41683 Cross-Site Scripting (XSS) in express (CVE-2026-41683)
cross-site scripting in express (CVE-2026-41683). Data can be tampered with by attackers.
CVE-2026-41591 Cross-Site Scripting (XSS) in CVE-2026-41591 (CVE-2026-41591)
cross-site scripting in CVE-2026-41591 (CVE-2026-41591). Risk of unauthorized operations or information disclosure.
CVE-2026-41576 Cross-Site Scripting (XSS) in CVE-2026-41576 (CVE-2026-41576)
cross-site scripting in CVE-2026-41576 (CVE-2026-41576). Confidential information can be exposed externally.
CVE-2026-41575 Cross-Site Scripting (XSS) in CVE-2026-41575 (CVE-2026-41575)
cross-site scripting in CVE-2026-41575 (CVE-2026-41575). Risk of unauthorized operations or information disclosure.
CVE-2026-41524 Cross-Site Scripting (XSS) in laravel (CVE-2026-41524)
cross-site scripting in laravel (CVE-2026-41524). Confidential information can be exposed externally.
CVE-2026-41507 Code Injection in remote (CVE-2026-41507)
code injection in remote (CVE-2026-41507). Successful exploitation can lead to full system takeover.
CVE-2026-41512 Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
CVE-2026-41423 SSRF (Server-Side Request Forgery) in express (CVE-2026-41423)
SSRF in express (CVE-2026-41423). Risk of unauthorized operations or information disclosure.
CVE-2026-43944 Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
CVE-2026-43940 Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
CVE-2026-43941 Vulnerability in electerm (CVE-2026-43941)
vulnerability in electerm (CVE-2026-43941). Successful exploitation can lead to full system takeover. Exploitable via ``shell.openExternal``.
CVE-2026-43942 Information Disclosure in electerm (CVE-2026-43942)
vulnerability in electerm (CVE-2026-43942). Confidential information can be exposed externally. Exploitable via ``process.env``.
CVE-2026-42264 Vulnerability in CVE-2026-42264 (CVE-2026-42264)
vulnerability in CVE-2026-42264 (CVE-2026-42264). Confidential information can be exposed externally.
CVE-2026-41646 Vulnerability in projectdiscovery (CVE-2026-41646)
vulnerability in projectdiscovery (CVE-2026-41646). Confidential information can be exposed externally.
CVE-2026-41500 Command Injection in electerm-project (CVE-2026-41500)
command injection in electerm-project (CVE-2026-41500). Successful exploitation can lead to full system takeover. Exploitable via ``releaseInfo.name``. Mitigation: upgrade to `> 3.2.0` or later.
CVE-2026-41501 Command Injection in electerm (CVE-2026-41501)
command injection in electerm (CVE-2026-41501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `> 3.2.0` or later.
CVE-2026-41929 Cross-Site Scripting (XSS) in CVE-2026-41929 (CVE-2026-41929)
cross-site scripting in CVE-2026-41929 (CVE-2026-41929). Risk of unauthorized operations or information disclosure.
CVE-2026-42047 Information Disclosure in express (CVE-2026-42047)
vulnerability in express (CVE-2026-42047). Confidential information can be exposed externally.
CVE-2026-41692 Cross-Site Scripting (XSS) in CVE-2026-41692 (CVE-2026-41692)
cross-site scripting in CVE-2026-41692 (CVE-2026-41692). Risk of unauthorized operations or information disclosure.
CVE-2026-41691 Path Traversal in path-traversal (CVE-2026-41691)
path traversal in path-traversal (CVE-2026-41691). Risk of unauthorized operations or information disclosure.
CVE-2025-63704 Vulnerability in prototype-pollution (CVE-2025-63704)
vulnerability in prototype-pollution (CVE-2025-63704). Successful exploitation can lead to full system takeover.
CVE-2025-63703 Vulnerability in npm (CVE-2025-63703)
vulnerability in npm (CVE-2025-63703). Successful exploitation can lead to full system takeover.
CVE-2025-63705 OS Command Injection in CVE-2025-63705 (CVE-2025-63705)
OS command injection in CVE-2025-63705 (CVE-2025-63705). Successful exploitation can lead to full system takeover.
CVE-2026-35453 Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-38432 Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
CVE-2026-26956 Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
CVE-2026-24120 Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
CVE-2026-24781 Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
CVE-2026-24118 Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
CVE-2026-40194 Vulnerability in phpseclib/phpseclib (CVE-2026-40194)
vulnerability in phpseclib/phpseclib (CVE-2026-40194). Risk of unauthorized operations or information disclosure. Exploitable via ``e819a163c``. Mitigation: upgrade to `1.0.28` or later.
CVE-2026-32851 Cross-Site Scripting (XSS) in mailenable (CVE-2026-32851)
cross-site scripting in mailenable (CVE-2026-32851). Risk of unauthorized operations or information disclosure.
CVE-2026-25639 Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →