Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-11816 Path Traversal in path-traversal (CVE-2026-11816)
path traversal in path-traversal (CVE-2026-11816). Confidential information can be exposed externally. Exploitable via ``AttributeError``.
CVE-2026-48998 Vulnerability in guzzlehttp/psr7 (CVE-2026-48998)
vulnerability in guzzlehttp/psr7 (CVE-2026-48998). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `2.10.2` or later.
CVE-2026-49214 Vulnerability in guzzlehttp/psr7 (CVE-2026-49214)
vulnerability in guzzlehttp/psr7 (CVE-2026-49214). Risk of unauthorized operations or information disclosure. Exploitable via ``Uri``. Mitigation: upgrade to `2.10.2` or later.
CVE-2026-11850 Vulnerability in c (CVE-2026-11850)
vulnerability in c (CVE-2026-11850). Risk of unauthorized operations or information disclosure.
CVE-2026-41000 Vulnerability in c (CVE-2026-41000)
vulnerability in c (CVE-2026-41000). Risk of unauthorized operations or information disclosure.
CVE-2026-40995 Authentication Bypass in c (CVE-2026-40995)
authentication bypass in c (CVE-2026-40995). Risk of unauthorized operations or information disclosure.
CVE-2026-40986 Cross-Site Scripting (XSS) in CVE-2026-40986 (CVE-2026-40986)
cross-site scripting in CVE-2026-40986 (CVE-2026-40986). Data can be tampered with by attackers.
CVE-2026-35273 KEV [KEV] Vulnerability in Oracle c (CVE-2026-35273)
vulnerability in Oracle c (CVE-2026-35273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-52726 Path Traversal in dulwich (CVE-2026-52726)
path traversal in dulwich (CVE-2026-52726). Risk of unauthorized operations or information disclosure. Exploitable via ``dulwich.porcelain.submodule_update``. Mitigation: upgrade to `1.2.5` or later.
CVE-2026-53741 Cross-Site Scripting (XSS) in CVE-2026-53741 (CVE-2026-53741)
cross-site scripting in CVE-2026-53741 (CVE-2026-53741). Risk of unauthorized operations or information disclosure.
CVE-2026-48110 Vulnerability in russh (CVE-2026-48110)
vulnerability in russh (CVE-2026-48110). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
CVE-2026-48108 Vulnerability in russh (CVE-2026-48108)
vulnerability in russh (CVE-2026-48108). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
CVE-2026-48107 Vulnerability in russh (CVE-2026-48107)
vulnerability in russh (CVE-2026-48107). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
CVE-2026-45380 Path Traversal in c (CVE-2026-45380)
path traversal in c (CVE-2026-45380). Risk of unauthorized operations or information disclosure.
CVE-2026-45384 Vulnerability in c (CVE-2026-45384)
vulnerability in c (CVE-2026-45384). Data can be tampered with by attackers.
CVE-2026-10142 Vulnerability in dpkp (CVE-2026-10142)
vulnerability in dpkp (CVE-2026-10142). Risk of unauthorized operations or information disclosure.
CVE-2026-10143 Vulnerability in dpkp (CVE-2026-10143)
vulnerability in dpkp (CVE-2026-10143). Risk of unauthorized operations or information disclosure.
CVE-2026-0266 Cross-Site Scripting (XSS) in CVE-2026-0266 (CVE-2026-0266)
cross-site scripting in CVE-2026-0266 (CVE-2026-0266). Risk of unauthorized operations or information disclosure.
CVE-2026-46529 Command Injection in c (CVE-2026-46529)
command injection in c (CVE-2026-46529). Successful exploitation can lead to full system takeover. Exploitable via ``g_shell_quote``. Mitigation: upgrade to `1.6.2` or later.
CVE-2026-20251 Unsafe Deserialization in deserialization (CVE-2026-20251)
vulnerability in deserialization (CVE-2026-20251). Successful exploitation can lead to full system takeover.
CVE-2026-20258 Cross-Site Scripting (XSS) in splunk (CVE-2026-20258)
cross-site scripting in splunk (CVE-2026-20258). Successful exploitation can lead to full system takeover.
CVE-2026-46642 Cross-Site Scripting (XSS) in CVE-2026-46642 (CVE-2026-46642)
cross-site scripting in CVE-2026-46642 (CVE-2026-46642). Risk of unauthorized operations or information disclosure.
CVE-2026-53693 Cross-Site Scripting (XSS) in CVE-2026-53693 (CVE-2026-53693)
cross-site scripting in CVE-2026-53693 (CVE-2026-53693). Risk of unauthorized operations or information disclosure.
CVE-2026-49759 Vulnerability in c (CVE-2026-49759)
vulnerability in c (CVE-2026-49759). Risk of unauthorized operations or information disclosure.
CVE-2026-49760 Vulnerability in c (CVE-2026-49760)
vulnerability in c (CVE-2026-49760). Risk of unauthorized operations or information disclosure.
CVE-2026-45569 Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
CVE-2026-45566 Open Redirect in nginx (CVE-2026-45566)
vulnerability in nginx (CVE-2026-45566). Risk of unauthorized operations or information disclosure.
CVE-2026-53689 Vulnerability in c (CVE-2026-53689)
vulnerability in c (CVE-2026-53689). Confidential information can be exposed externally.
CVE-2026-53473 Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
cross-site scripting in kubev2v (CVE-2026-53473). Confidential information can be exposed externally.
CVE-2026-45564 OS Command Injection in c (CVE-2026-45564)
OS command injection in c (CVE-2026-45564). Successful exploitation can lead to full system takeover. Exploitable via `POST /config/versions/`.
CVE-2026-45558 Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
CVE-2026-45560 Cross-Site Scripting (XSS) in c (CVE-2026-45560)
cross-site scripting in c (CVE-2026-45560). Risk of unauthorized operations or information disclosure.
CVE-2026-52753 Vulnerability in nsa (CVE-2026-52753)
vulnerability in nsa (CVE-2026-52753). Risk of unauthorized operations or information disclosure.
CVE-2026-49496 Use-After-Free in c (CVE-2026-49496)
vulnerability in c (CVE-2026-49496). Risk of unauthorized operations or information disclosure.
CVE-2025-71330 Vulnerability in dos (CVE-2025-71330)
vulnerability in dos (CVE-2025-71330). Risk of unauthorized operations or information disclosure.
CVE-2025-71329 Vulnerability in dos (CVE-2025-71329)
vulnerability in dos (CVE-2025-71329). Risk of unauthorized operations or information disclosure.
CVE-2026-10721 Unsafe Deserialization in CVE-2026-10721 (CVE-2026-10721)
vulnerability in CVE-2026-10721 (CVE-2026-10721). Risk of unauthorized operations or information disclosure.
CVE-2026-45542 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup p...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/pro...
CVE-2026-46532 Out-of-Bounds Read in c (CVE-2026-46532)
vulnerability in c (CVE-2026-46532). Risk of unauthorized operations or information disclosure.
CVE-2026-45160 Out-of-Bounds Read in c (CVE-2026-45160)
vulnerability in c (CVE-2026-45160). Risk of unauthorized operations or information disclosure.
CVE-2026-45329 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c vali...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked....
CVE-2026-45328 Vulnerability in c (CVE-2026-45328)
vulnerability in c (CVE-2026-45328). Successful exploitation can lead to full system takeover.
CVE-2026-46540 Vulnerability in CVE-2026-46540 (CVE-2026-46540)
vulnerability in CVE-2026-46540 (CVE-2026-46540). Risk of unauthorized operations or information disclosure.
CVE-2026-46541 Vulnerability in CVE-2026-46541 (CVE-2026-46541)
vulnerability in CVE-2026-46541 (CVE-2026-46541). Risk of unauthorized operations or information disclosure.
CVE-2026-46518 Cross-Site Scripting (XSS) in csrf (CVE-2026-46518)
cross-site scripting in csrf (CVE-2026-46518). Confidential information can be exposed externally.
CVE-2026-44505 Vulnerability in CVE-2026-44505 (CVE-2026-44505)
vulnerability in CVE-2026-44505 (CVE-2026-44505). Risk of unauthorized operations or information disclosure.
CVE-2026-46433 Out-of-Bounds Read in c (CVE-2026-46433)
vulnerability in c (CVE-2026-46433). Risk of unauthorized operations or information disclosure.
CVE-2026-25860 Cross-Site Scripting (XSS) in CVE-2026-25860 (CVE-2026-25860)
cross-site scripting in CVE-2026-25860 (CVE-2026-25860). Risk of unauthorized operations or information disclosure.
CVE-2026-34417 Cross-Site Scripting (XSS) in CVE-2026-34417 (CVE-2026-34417)
cross-site scripting in CVE-2026-34417 (CVE-2026-34417). Risk of unauthorized operations or information disclosure.
CVE-2026-47933 Cross-Site Scripting (XSS) in adobe (CVE-2026-47933)
cross-site scripting in adobe (CVE-2026-47933). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →