Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-44645 Vulnerability in liquidjs (CVE-2026-44645)
vulnerability in liquidjs (CVE-2026-44645). Risk of unauthorized operations or information disclosure. Exploitable via ``renderLimit``.
CVE-2026-44644 Cross-Site Scripting (XSS) in liquidjs (CVE-2026-44644)
cross-site scripting in liquidjs (CVE-2026-44644). Risk of unauthorized operations or information disclosure. Exploitable via ``strip_html``.
CVE-2026-44587 Cross-Site Scripting (XSS) in carrierwave (CVE-2026-44587)
cross-site scripting in carrierwave (CVE-2026-44587). Risk of unauthorized operations or information disclosure. Exploitable via ``Regexp.quote``. Mitigation: upgrade to `2.2.7` or later.
CVE-2026-41207 Vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.21.Final` or later.
CVE-2026-34986 Vulnerability in github.com/go-jose/go-jose/v3 (CVE-2026-34986)
vulnerability in github.com/go-jose/go-jose/v3 (CVE-2026-34986). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
CVE-2026-9603 Vulnerability in CVE-2026-9603 (CVE-2026-9603)
vulnerability in CVE-2026-9603 (CVE-2026-9603). Risk of unauthorized operations or information disclosure.
CVE-2026-9584 A security vulnerability has been detected in code-projects Project Management System 1.0....
A security vulnerability has been detected in code-projects Project Management System 1.0....
CVE-2026-44905 Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza....
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically val...
CVE-2026-43988 Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pro...
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures (e.g., invalid length fi...
CVE-2026-9583 Information Disclosure in CVE-2026-9583 (CVE-2026-9583)
vulnerability in CVE-2026-9583 (CVE-2026-9583). Risk of unauthorized operations or information disclosure.
CVE-2026-47672 Vulnerability in com.oviva.telematik:epa4all-rest-service (CVE-2026-47672)
vulnerability in com.oviva.telematik:epa4all-rest-service (CVE-2026-47672). Data can be tampered with by attackers.
CVE-2026-44450 Vulnerability in c (CVE-2026-44450)
vulnerability in c (CVE-2026-44450). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.7` or later.
CVE-2026-44449 Vulnerability in c (CVE-2026-44449)
vulnerability in c (CVE-2026-44449). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.7` or later.
CVE-2025-68711 Vulnerability in c (CVE-2025-68711)
vulnerability in c (CVE-2025-68711). Risk of unauthorized operations or information disclosure.
CVE-2025-68708 Vulnerability in c (CVE-2025-68708)
vulnerability in c (CVE-2025-68708). Risk of unauthorized operations or information disclosure.
CVE-2026-9573 Vulnerability in sqli (CVE-2026-9573)
vulnerability in sqli (CVE-2026-9573). Risk of unauthorized operations or information disclosure.
CVE-2026-9574 Vulnerability in sqli (CVE-2026-9574)
vulnerability in sqli (CVE-2026-9574). Risk of unauthorized operations or information disclosure.
CVE-2026-9575 Vulnerability in sqli (CVE-2026-9575)
vulnerability in sqli (CVE-2026-9575). Risk of unauthorized operations or information disclosure.
CVE-2025-68709 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2025-68709)
cross-site scripting in privilege-escalation (CVE-2025-68709). Risk of unauthorized operations or information disclosure.
CVE-2025-68710 Vulnerability in c (CVE-2025-68710)
vulnerability in c (CVE-2025-68710). Risk of unauthorized operations or information disclosure.
CVE-2026-9572 Vulnerability in c (CVE-2026-9572)
vulnerability in c (CVE-2026-9572). Risk of unauthorized operations or information disclosure.
CVE-2026-9566 Cross-Site Scripting (XSS) in CVE-2026-9566 (CVE-2026-9566)
cross-site scripting in CVE-2026-9566 (CVE-2026-9566). Risk of unauthorized operations or information disclosure.
CVE-2026-9567 Vulnerability in c (CVE-2026-9567)
vulnerability in c (CVE-2026-9567). Risk of unauthorized operations or information disclosure.
CVE-2026-48694 Command Injection in pavel-odintsov (CVE-2026-48694)
command injection in pavel-odintsov (CVE-2026-48694). Confidential information can be exposed externally.
CVE-2026-48695 OS Command Injection in pavel-odintsov (CVE-2026-48695)
OS command injection in pavel-odintsov (CVE-2026-48695). Confidential information can be exposed externally. Exploitable via ``date``.
CVE-2026-46624 OS Command Injection in sqli (CVE-2026-46624)
OS command injection in sqli (CVE-2026-46624). Successful exploitation can lead to full system takeover.
CVE-2026-44667 Cross-Site Scripting (XSS) in CVE-2026-44667 (CVE-2026-44667)
cross-site scripting in CVE-2026-44667 (CVE-2026-44667). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
CVE-2026-44669 Cross-Site Scripting (XSS) in CVE-2026-44669 (CVE-2026-44669)
cross-site scripting in CVE-2026-44669 (CVE-2026-44669). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
CVE-2026-48697 Vulnerability in cpp (CVE-2026-48697)
vulnerability in cpp (CVE-2026-48697). Confidential information can be exposed externally.
CVE-2026-48693 Vulnerability in cpp (CVE-2026-48693)
vulnerability in cpp (CVE-2026-48693). Data can be tampered with by attackers.
CVE-2026-44723 OS Command Injection in vowpalwabbit (CVE-2026-44723)
OS command injection in vowpalwabbit (CVE-2026-44723). Risk of unauthorized operations or information disclosure.
CVE-2026-44729 Cross-Site Scripting (XSS) in twenty (CVE-2026-44729)
cross-site scripting in twenty (CVE-2026-44729). Confidential information can be exposed externally.
CVE-2026-43981 Vulnerability in c (CVE-2026-43981)
vulnerability in c (CVE-2026-43981). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.17.6` or later.
CVE-2025-36148 Cross-Site Scripting (XSS) in ibm (CVE-2025-36148)
cross-site scripting in ibm (CVE-2025-36148). Risk of unauthorized operations or information disclosure.
CVE-2025-36126 Cross-Site Scripting (XSS) in ibm (CVE-2025-36126)
cross-site scripting in ibm (CVE-2025-36126). Risk of unauthorized operations or information disclosure.
CVE-2026-48692 Vulnerability in cpp (CVE-2026-48692)
vulnerability in cpp (CVE-2026-48692). Confidential information can be exposed externally.
CVE-2026-48688 Out-of-Bounds Read in cpp (CVE-2026-48688)
vulnerability in cpp (CVE-2026-48688). Confidential information can be exposed externally.
CVE-2026-48686 Vulnerability in cpp (CVE-2026-48686)
vulnerability in cpp (CVE-2026-48686). Successful exploitation can lead to full system takeover.
CVE-2026-48687 OS Command Injection in c (CVE-2026-48687)
OS command injection in c (CVE-2026-48687). Successful exploitation can lead to full system takeover. Exploitable via ``date``.
CVE-2026-48683 Out-of-Bounds Read in cpp (CVE-2026-48683)
vulnerability in cpp (CVE-2026-48683). Confidential information can be exposed externally.
CVE-2026-48684 Out-of-Bounds Read in c (CVE-2026-48684)
vulnerability in c (CVE-2026-48684). Risk of unauthorized operations or information disclosure.
CVE-2026-45247 KEV [KEV] Unsafe Deserialization in Mirasvit full-page-cache-warmer (CVE-2026-45247)
vulnerability in Mirasvit full-page-cache-warmer (CVE-2026-45247). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-46368 Command Injection in c (CVE-2026-46368)
command injection in c (CVE-2026-46368). Successful exploitation can lead to full system takeover.
CVE-2026-42785 Code Injection in CVE-2026-42785 (CVE-2026-42785)
code injection in CVE-2026-42785 (CVE-2026-42785). Successful exploitation can lead to full system takeover.
CVE-2026-9542 Vulnerability in sqli (CVE-2026-9542)
vulnerability in sqli (CVE-2026-9542). Risk of unauthorized operations or information disclosure.
CVE-2026-9541 Buffer Overflow in cpp (CVE-2026-9541)
vulnerability in cpp (CVE-2026-9541). Risk of unauthorized operations or information disclosure.
CVE-2026-39661 Vulnerability in CVE-2026-39661 (CVE-2026-39661)
vulnerability in CVE-2026-39661 (CVE-2026-39661). Successful exploitation can lead to full system takeover.
CVE-2026-9495 Vulnerability in @koa/router (CVE-2026-9495)
vulnerability in @koa/router (CVE-2026-9495). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.0.0` or later.
CVE-2026-9496 Vulnerability in dos (CVE-2026-9496)
vulnerability in dos (CVE-2026-9496). Risk of unauthorized operations or information disclosure.
CVE-2026-9530 Buffer Overflow in c (CVE-2026-9530)
vulnerability in c (CVE-2026-9530). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →