Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48497 |
|
Vulnerability in c (CVE-2026-48497)
vulnerability in c (CVE-2026-48497). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-47778 |
|
Vulnerability in c (CVE-2026-47778)
vulnerability in c (CVE-2026-47778). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-57652 |
|
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.
|
| CVE-2026-57527 |
|
Unsafe Deserialization in deserialization (CVE-2026-57527)
vulnerability in deserialization (CVE-2026-57527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56032 |
|
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.
|
| CVE-2026-56055 |
|
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.
|
| CVE-2026-56031 |
|
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.
|
| CVE-2026-56057 |
|
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.
|
| CVE-2026-57940 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57940)
SSRF in ssrf (CVE-2026-57940). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53914 |
|
Unsafe Deserialization in deserialization (CVE-2026-53914)
vulnerability in deserialization (CVE-2026-53914). Confidential information can be exposed externally.
|
| CVE-2026-13426 |
|
Path Traversal in c (CVE-2026-13426)
path traversal in c (CVE-2026-13426). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57918 |
|
Vulnerability in c (CVE-2026-57918)
vulnerability in c (CVE-2026-57918). Confidential information can be exposed externally.
|
| CVE-2026-6658 |
|
Cross-Site Scripting (XSS) in CVE-2026-6658 (CVE-2026-6658)
cross-site scripting in CVE-2026-6658 (CVE-2026-6658). Risk of unauthorized operations or information disclosure. Exploitable via ``data_mermaid``.
|
| CVE-2026-50739 |
|
Vulnerability in revive-adserver (CVE-2026-50739)
vulnerability in revive-adserver (CVE-2026-50739). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8661 |
|
Cross-Site Scripting (XSS) in CVE-2026-8661 (CVE-2026-8661)
cross-site scripting in CVE-2026-8661 (CVE-2026-8661). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48935 |
|
Vulnerability in nodejs (CVE-2026-48935)
vulnerability in nodejs (CVE-2026-48935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48936 |
|
Vulnerability in nodejs (CVE-2026-48936)
vulnerability in nodejs (CVE-2026-48936). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48934 |
|
Vulnerability in nodejs (CVE-2026-48934)
vulnerability in nodejs (CVE-2026-48934). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50744 |
|
Vulnerability in c (CVE-2026-50744)
vulnerability in c (CVE-2026-50744). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50740 |
|
Cross-Site Scripting (XSS) in revive-adserver (CVE-2026-50740)
cross-site scripting in revive-adserver (CVE-2026-50740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50745 |
|
Cross-Site Scripting (XSS) in revive-adserver (CVE-2026-50745)
cross-site scripting in revive-adserver (CVE-2026-50745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50742 |
|
Cross-Site Scripting (XSS) in revive-adserver (CVE-2026-50742)
cross-site scripting in revive-adserver (CVE-2026-50742). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48930 |
|
Vulnerability in c (CVE-2026-48930)
vulnerability in c (CVE-2026-48930). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48618 |
|
Vulnerability in nodejs (CVE-2026-48618)
vulnerability in nodejs (CVE-2026-48618). Confidential information can be exposed externally.
|
| CVE-2026-48933 |
|
Vulnerability in nodejs (CVE-2026-48933)
vulnerability in nodejs (CVE-2026-48933). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48619 |
|
Vulnerability in nodejs (CVE-2026-48619)
vulnerability in nodejs (CVE-2026-48619). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48615 |
|
Vulnerability in nodejs (CVE-2026-48615)
vulnerability in nodejs (CVE-2026-48615). Confidential information can be exposed externally. Exploitable via ``ERR_PROXY_TUNNEL``.
|
| CVE-2026-48928 |
|
Vulnerability in nodejs (CVE-2026-48928)
vulnerability in nodejs (CVE-2026-48928). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71340 |
|
Unsafe Deserialization in CVE-2025-71340 (CVE-2025-71340)
vulnerability in CVE-2025-71340 (CVE-2025-71340). Confidential information can be exposed externally.
|
| CVE-2026-40084 |
|
Path Traversal in path-traversal (CVE-2026-40084)
path traversal in path-traversal (CVE-2026-40084). Confidential information can be exposed externally.
|
| CVE-2026-40080 |
|
Open Redirect in cacti (CVE-2026-40080)
vulnerability in cacti (CVE-2026-40080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40082 |
|
Vulnerability in cacti (CVE-2026-40082)
vulnerability in cacti (CVE-2026-40082). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40083 |
|
SQL Injection in sqli (CVE-2026-40083)
SQL injection in sqli (CVE-2026-40083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56445 |
|
Path Traversal in c (CVE-2026-56445)
path traversal in c (CVE-2026-56445). Data can be tampered with by attackers.
|
| CVE-2026-37149 |
|
SQL Injection in sqli (CVE-2026-37149)
SQL injection in sqli (CVE-2026-37149). Confidential information can be exposed externally.
|
| CVE-2026-56789 |
|
Vulnerability in c (CVE-2026-56789)
vulnerability in c (CVE-2026-56789). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60464 |
|
Use-After-Free in c (CVE-2025-60464)
vulnerability in c (CVE-2025-60464). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60465 |
|
Use-After-Free in c (CVE-2025-60465)
vulnerability in c (CVE-2025-60465). Data can be tampered with by attackers.
|
| CVE-2026-56787 |
|
Vulnerability in c (CVE-2026-56787)
vulnerability in c (CVE-2026-56787). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56790 |
|
Vulnerability in c (CVE-2026-56790)
vulnerability in c (CVE-2026-56790). Data can be tampered with by attackers.
|
| CVE-2026-11999 |
|
Vulnerability in c (CVE-2026-11999)
vulnerability in c (CVE-2026-11999). Data can be tampered with by attackers.
|
| CVE-2026-9086 |
|
Cross-Site Scripting (XSS) in redhat (CVE-2026-9086)
cross-site scripting in redhat (CVE-2026-9086). Confidential information can be exposed externally.
|
| CVE-2026-45233 |
|
Path Traversal in path-traversal (CVE-2026-45233)
path traversal in path-traversal (CVE-2026-45233). Data can be tampered with by attackers.
|
| CVE-2026-48945 |
|
Unrestricted File Upload in joomlaworks (CVE-2026-48945)
vulnerability in joomlaworks (CVE-2026-48945). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48943 |
|
Vulnerability in c (CVE-2026-48943)
vulnerability in c (CVE-2026-48943). Risk of unauthorized operations or information disclosure. Exploitable via ``plg_user_k2``.
|
| CVE-2026-48946 |
|
Unrestricted File Upload in apache (CVE-2026-48946)
vulnerability in apache (CVE-2026-48946). Risk of unauthorized operations or information disclosure. Exploitable via ``shell.php``.
|
| CVE-2026-48944 |
|
Path Traversal in joomlaworks (CVE-2026-48944)
path traversal in joomlaworks (CVE-2026-48944). Confidential information can be exposed externally. Exploitable via ``configuration.php``.
|
| CVE-2026-47770 |
|
Vulnerability in c (CVE-2026-47770)
vulnerability in c (CVE-2026-47770). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.2` or later.
|
| CVE-2026-55413 |
|
Code Injection in CVE-2026-55413 (CVE-2026-55413)
code injection in CVE-2026-55413 (CVE-2026-55413). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
|
| CVE-2026-57456 |
|
Code Injection in vim (CVE-2026-57456)
code injection in vim (CVE-2026-57456). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.2.0699` or later.
|