Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42851 |
|
Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
|
| CVE-2026-53724 |
|
Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
|
| CVE-2026-53725 |
|
Information Disclosure in parse-server (CVE-2026-53725)
vulnerability in parse-server (CVE-2026-53725). Risk of unauthorized operations or information disclosure. Exploitable via ``get``. Mitigation: upgrade to `9.9.1-alpha.5` or later.
|
| CVE-2026-53726 |
|
Vulnerability in parse-server (CVE-2026-53726)
vulnerability in parse-server (CVE-2026-53726). Risk of unauthorized operations or information disclosure. Exploitable via ``Relation``. Mitigation: upgrade to `8.6.80` or later.
|
| CVE-2026-50008 |
|
Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
|
| CVE-2026-12043 |
|
Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8828 |
|
Vulnerability in CVE-2026-8828 (CVE-2026-8828)
vulnerability in CVE-2026-8828 (CVE-2026-8828). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50085 |
|
Vulnerability in c (CVE-2026-50085)
vulnerability in c (CVE-2026-50085). Data can be tampered with by attackers.
|
| CVE-2026-50086 |
|
Vulnerability in c (CVE-2026-50086)
vulnerability in c (CVE-2026-50086). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50087 |
|
Vulnerability in c (CVE-2026-50087)
vulnerability in c (CVE-2026-50087). Confidential information can be exposed externally.
|
| CVE-2026-50088 |
|
Vulnerability in c (CVE-2026-50088)
vulnerability in c (CVE-2026-50088). Confidential information can be exposed externally.
|
| CVE-2026-50089 |
|
Open Redirect in c (CVE-2026-50089)
vulnerability in c (CVE-2026-50089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50090 |
|
Vulnerability in c (CVE-2026-50090)
vulnerability in c (CVE-2026-50090). Confidential information can be exposed externally.
|
| CVE-2026-50091 |
|
Vulnerability in c (CVE-2026-50091)
vulnerability in c (CVE-2026-50091). Confidential information can be exposed externally.
|
| CVE-2026-50082 |
|
Vulnerability in c (CVE-2026-50082)
vulnerability in c (CVE-2026-50082). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50083 |
|
Vulnerability in c (CVE-2026-50083)
vulnerability in c (CVE-2026-50083). Confidential information can be exposed externally.
|
| CVE-2026-50084 |
|
Vulnerability in c (CVE-2026-50084)
vulnerability in c (CVE-2026-50084). Confidential information can be exposed externally.
|
| CVE-2026-45833 |
|
Code Injection in trychroma (CVE-2026-45833)
code injection in trychroma (CVE-2026-45833). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45830 |
|
Vulnerability in trychroma (CVE-2026-45830)
vulnerability in trychroma (CVE-2026-45830). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45831 |
|
Authorization Flaw in trychroma (CVE-2026-45831)
vulnerability in trychroma (CVE-2026-45831). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45832 |
|
Vulnerability in trychroma (CVE-2026-45832)
vulnerability in trychroma (CVE-2026-45832). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44967 |
|
Vulnerability in c (CVE-2026-44967)
vulnerability in c (CVE-2026-44967). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53787 |
|
Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53721 |
|
Vulnerability in nuxt (CVE-2026-53721)
vulnerability in nuxt (CVE-2026-53721). Confidential information can be exposed externally. Exploitable via ``routeRules``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-53722 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-53722)
cross-site scripting in nuxt (CVE-2026-53722). Risk of unauthorized operations or information disclosure. Exploitable via ``href``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-54133 |
|
Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
|
| CVE-2026-49993 |
|
Vulnerability in @nuxt/webpack-builder (CVE-2026-49993)
vulnerability in @nuxt/webpack-builder (CVE-2026-49993). Confidential information can be exposed externally. Exploitable via ``Origin``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-12066 |
|
Vulnerability in CVE-2026-12066 (CVE-2026-12066)
vulnerability in CVE-2026-12066 (CVE-2026-12066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48914 |
|
Vulnerability in c (CVE-2026-48914)
vulnerability in c (CVE-2026-48914). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20746 |
|
Vulnerability in CVE-2026-20746 (CVE-2026-20746)
vulnerability in CVE-2026-20746 (CVE-2026-20746). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9125 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9125)
cross-site scripting in wordpress (CVE-2026-9125). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11933 |
|
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when...
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when...
|
| CVE-2026-45418 |
|
SQL Injection in sqli (CVE-2026-45418)
SQL injection in sqli (CVE-2026-45418). Successful exploitation can lead to full system takeover. Exploitable via `POST /actions/subtitle_edit.php`.
|
| CVE-2026-45060 |
|
SQL Injection in sqli (CVE-2026-45060)
SQL injection in sqli (CVE-2026-45060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48109 |
|
Vulnerability in MessagePack (CVE-2026-48109)
vulnerability in MessagePack (CVE-2026-48109). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-53782 |
|
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
|
| CVE-2026-46489 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
|
| CVE-2026-52859 |
|
Out-of-Bounds Read in c (CVE-2026-52859)
vulnerability in c (CVE-2026-52859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53701 |
|
Out-of-Bounds Write in c (CVE-2026-53701)
out-of-bounds write in c (CVE-2026-53701). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52858 |
|
Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52860 |
|
Code Injection in vim (CVE-2026-52860)
code injection in vim (CVE-2026-52860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47169 |
|
Vulnerability in c (CVE-2026-47169)
vulnerability in c (CVE-2026-47169). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47167 |
|
Code Injection in vim (CVE-2026-47167)
code injection in vim (CVE-2026-47167). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11774 |
|
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
|
| CVE-2026-46698 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46698)
SSRF in wordpress (CVE-2026-46698). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48546 |
|
Vulnerability in CVE-2026-48546 (CVE-2026-48546)
vulnerability in CVE-2026-48546 (CVE-2026-48546). Confidential information can be exposed externally.
|
| CVE-2026-46697 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
|
| CVE-2026-49982 |
|
Vulnerability in tmp (CVE-2026-49982)
vulnerability in tmp (CVE-2026-49982). Data can be tampered with by attackers. Exploitable via ``_assertPath``. Mitigation: upgrade to `0.2.7` or later.
|
| CVE-2026-8406 |
|
Vulnerability in CVE-2026-8406 (CVE-2026-8406)
vulnerability in CVE-2026-8406 (CVE-2026-8406). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38581 |
|
SQL Injection in sqli (CVE-2026-38581)
SQL injection in sqli (CVE-2026-38581). Successful exploitation can lead to full system takeover.
|