Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11816 |
|
Path Traversal in path-traversal (CVE-2026-11816)
path traversal in path-traversal (CVE-2026-11816). Confidential information can be exposed externally. Exploitable via ``AttributeError``.
|
| CVE-2026-48998 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-48998)
vulnerability in guzzlehttp/psr7 (CVE-2026-48998). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `2.10.2` or later.
|
| CVE-2026-49214 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-49214)
vulnerability in guzzlehttp/psr7 (CVE-2026-49214). Risk of unauthorized operations or information disclosure. Exploitable via ``Uri``. Mitigation: upgrade to `2.10.2` or later.
|
| CVE-2026-11850 |
|
Vulnerability in c (CVE-2026-11850)
vulnerability in c (CVE-2026-11850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41000 |
|
Vulnerability in c (CVE-2026-41000)
vulnerability in c (CVE-2026-41000). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40995 |
|
Authentication Bypass in c (CVE-2026-40995)
authentication bypass in c (CVE-2026-40995). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40986 |
|
Cross-Site Scripting (XSS) in CVE-2026-40986 (CVE-2026-40986)
cross-site scripting in CVE-2026-40986 (CVE-2026-40986). Data can be tampered with by attackers.
|
| CVE-2026-35273 KEV |
|
[KEV] Vulnerability in Oracle c (CVE-2026-35273)
vulnerability in Oracle c (CVE-2026-35273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-52726 |
|
Path Traversal in dulwich (CVE-2026-52726)
path traversal in dulwich (CVE-2026-52726). Risk of unauthorized operations or information disclosure. Exploitable via ``dulwich.porcelain.submodule_update``. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-53741 |
|
Cross-Site Scripting (XSS) in CVE-2026-53741 (CVE-2026-53741)
cross-site scripting in CVE-2026-53741 (CVE-2026-53741). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48110 |
|
Vulnerability in russh (CVE-2026-48110)
vulnerability in russh (CVE-2026-48110). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
|
| CVE-2026-48108 |
|
Vulnerability in russh (CVE-2026-48108)
vulnerability in russh (CVE-2026-48108). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
|
| CVE-2026-48107 |
|
Vulnerability in russh (CVE-2026-48107)
vulnerability in russh (CVE-2026-48107). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
|
| CVE-2026-45380 |
|
Path Traversal in c (CVE-2026-45380)
path traversal in c (CVE-2026-45380). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45384 |
|
Vulnerability in c (CVE-2026-45384)
vulnerability in c (CVE-2026-45384). Data can be tampered with by attackers.
|
| CVE-2026-10142 |
|
Vulnerability in dpkp (CVE-2026-10142)
vulnerability in dpkp (CVE-2026-10142). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10143 |
|
Vulnerability in dpkp (CVE-2026-10143)
vulnerability in dpkp (CVE-2026-10143). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0266 |
|
Cross-Site Scripting (XSS) in CVE-2026-0266 (CVE-2026-0266)
cross-site scripting in CVE-2026-0266 (CVE-2026-0266). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46529 |
|
Command Injection in c (CVE-2026-46529)
command injection in c (CVE-2026-46529). Successful exploitation can lead to full system takeover. Exploitable via ``g_shell_quote``. Mitigation: upgrade to `1.6.2` or later.
|
| CVE-2026-20251 |
|
Unsafe Deserialization in deserialization (CVE-2026-20251)
vulnerability in deserialization (CVE-2026-20251). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20258 |
|
Cross-Site Scripting (XSS) in splunk (CVE-2026-20258)
cross-site scripting in splunk (CVE-2026-20258). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46642 |
|
Cross-Site Scripting (XSS) in CVE-2026-46642 (CVE-2026-46642)
cross-site scripting in CVE-2026-46642 (CVE-2026-46642). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53693 |
|
Cross-Site Scripting (XSS) in CVE-2026-53693 (CVE-2026-53693)
cross-site scripting in CVE-2026-53693 (CVE-2026-53693). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49759 |
|
Vulnerability in c (CVE-2026-49759)
vulnerability in c (CVE-2026-49759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49760 |
|
Vulnerability in c (CVE-2026-49760)
vulnerability in c (CVE-2026-49760). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45569 |
|
Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
|
| CVE-2026-45566 |
|
Open Redirect in nginx (CVE-2026-45566)
vulnerability in nginx (CVE-2026-45566). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53689 |
|
Vulnerability in c (CVE-2026-53689)
vulnerability in c (CVE-2026-53689). Confidential information can be exposed externally.
|
| CVE-2026-53473 |
|
Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
cross-site scripting in kubev2v (CVE-2026-53473). Confidential information can be exposed externally.
|
| CVE-2026-45564 |
|
OS Command Injection in c (CVE-2026-45564)
OS command injection in c (CVE-2026-45564). Successful exploitation can lead to full system takeover. Exploitable via `POST /config/versions/`.
|
| CVE-2026-45558 |
|
Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
|
| CVE-2026-45560 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-45560)
cross-site scripting in c (CVE-2026-45560). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52753 |
|
Vulnerability in nsa (CVE-2026-52753)
vulnerability in nsa (CVE-2026-52753). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49496 |
|
Use-After-Free in c (CVE-2026-49496)
vulnerability in c (CVE-2026-49496). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71330 |
|
Vulnerability in dos (CVE-2025-71330)
vulnerability in dos (CVE-2025-71330). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71329 |
|
Vulnerability in dos (CVE-2025-71329)
vulnerability in dos (CVE-2025-71329). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10721 |
|
Unsafe Deserialization in CVE-2026-10721 (CVE-2026-10721)
vulnerability in CVE-2026-10721 (CVE-2026-10721). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45542 |
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup p...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/pro...
|
| CVE-2026-46532 |
|
Out-of-Bounds Read in c (CVE-2026-46532)
vulnerability in c (CVE-2026-46532). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45160 |
|
Out-of-Bounds Read in c (CVE-2026-45160)
vulnerability in c (CVE-2026-45160). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45329 |
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c vali...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked....
|
| CVE-2026-45328 |
|
Vulnerability in c (CVE-2026-45328)
vulnerability in c (CVE-2026-45328). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46540 |
|
Vulnerability in CVE-2026-46540 (CVE-2026-46540)
vulnerability in CVE-2026-46540 (CVE-2026-46540). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46541 |
|
Vulnerability in CVE-2026-46541 (CVE-2026-46541)
vulnerability in CVE-2026-46541 (CVE-2026-46541). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46518 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2026-46518)
cross-site scripting in csrf (CVE-2026-46518). Confidential information can be exposed externally.
|
| CVE-2026-44505 |
|
Vulnerability in CVE-2026-44505 (CVE-2026-44505)
vulnerability in CVE-2026-44505 (CVE-2026-44505). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46433 |
|
Out-of-Bounds Read in c (CVE-2026-46433)
vulnerability in c (CVE-2026-46433). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25860 |
|
Cross-Site Scripting (XSS) in CVE-2026-25860 (CVE-2026-25860)
cross-site scripting in CVE-2026-25860 (CVE-2026-25860). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34417 |
|
Cross-Site Scripting (XSS) in CVE-2026-34417 (CVE-2026-34417)
cross-site scripting in CVE-2026-34417 (CVE-2026-34417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47933 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-47933)
cross-site scripting in adobe (CVE-2026-47933). Risk of unauthorized operations or information disclosure.
|