Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44645 |
|
Vulnerability in liquidjs (CVE-2026-44645)
vulnerability in liquidjs (CVE-2026-44645). Risk of unauthorized operations or information disclosure. Exploitable via ``renderLimit``.
|
| CVE-2026-44644 |
|
Cross-Site Scripting (XSS) in liquidjs (CVE-2026-44644)
cross-site scripting in liquidjs (CVE-2026-44644). Risk of unauthorized operations or information disclosure. Exploitable via ``strip_html``.
|
| CVE-2026-44587 |
|
Cross-Site Scripting (XSS) in carrierwave (CVE-2026-44587)
cross-site scripting in carrierwave (CVE-2026-44587). Risk of unauthorized operations or information disclosure. Exploitable via ``Regexp.quote``. Mitigation: upgrade to `2.2.7` or later.
|
| CVE-2026-41207 |
|
Vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207)
vulnerability in io.netty.incubator:netty-incubator-codec-ohttp (CVE-2026-41207). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.21.Final` or later.
|
| CVE-2026-34986 |
|
Vulnerability in github.com/go-jose/go-jose/v3 (CVE-2026-34986)
vulnerability in github.com/go-jose/go-jose/v3 (CVE-2026-34986). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
|
| CVE-2026-9603 |
|
Vulnerability in CVE-2026-9603 (CVE-2026-9603)
vulnerability in CVE-2026-9603 (CVE-2026-9603). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9584 |
|
A security vulnerability has been detected in code-projects Project Management System 1.0....
A security vulnerability has been detected in code-projects Project Management System 1.0....
|
| CVE-2026-44905 |
|
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza....
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically val...
|
| CVE-2026-43988 |
|
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pro...
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures (e.g., invalid length fi...
|
| CVE-2026-9583 |
|
Information Disclosure in CVE-2026-9583 (CVE-2026-9583)
vulnerability in CVE-2026-9583 (CVE-2026-9583). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47672 |
|
Vulnerability in com.oviva.telematik:epa4all-rest-service (CVE-2026-47672)
vulnerability in com.oviva.telematik:epa4all-rest-service (CVE-2026-47672). Data can be tampered with by attackers.
|
| CVE-2026-44450 |
|
Vulnerability in c (CVE-2026-44450)
vulnerability in c (CVE-2026-44450). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.7` or later.
|
| CVE-2026-44449 |
|
Vulnerability in c (CVE-2026-44449)
vulnerability in c (CVE-2026-44449). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.7` or later.
|
| CVE-2025-68711 |
|
Vulnerability in c (CVE-2025-68711)
vulnerability in c (CVE-2025-68711). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68708 |
|
Vulnerability in c (CVE-2025-68708)
vulnerability in c (CVE-2025-68708). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9573 |
|
Vulnerability in sqli (CVE-2026-9573)
vulnerability in sqli (CVE-2026-9573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9574 |
|
Vulnerability in sqli (CVE-2026-9574)
vulnerability in sqli (CVE-2026-9574). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9575 |
|
Vulnerability in sqli (CVE-2026-9575)
vulnerability in sqli (CVE-2026-9575). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68709 |
|
Cross-Site Scripting (XSS) in privilege-escalation (CVE-2025-68709)
cross-site scripting in privilege-escalation (CVE-2025-68709). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68710 |
|
Vulnerability in c (CVE-2025-68710)
vulnerability in c (CVE-2025-68710). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9572 |
|
Vulnerability in c (CVE-2026-9572)
vulnerability in c (CVE-2026-9572). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9566 |
|
Cross-Site Scripting (XSS) in CVE-2026-9566 (CVE-2026-9566)
cross-site scripting in CVE-2026-9566 (CVE-2026-9566). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9567 |
|
Vulnerability in c (CVE-2026-9567)
vulnerability in c (CVE-2026-9567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48694 |
|
Command Injection in pavel-odintsov (CVE-2026-48694)
command injection in pavel-odintsov (CVE-2026-48694). Confidential information can be exposed externally.
|
| CVE-2026-48695 |
|
OS Command Injection in pavel-odintsov (CVE-2026-48695)
OS command injection in pavel-odintsov (CVE-2026-48695). Confidential information can be exposed externally. Exploitable via ``date``.
|
| CVE-2026-46624 |
|
OS Command Injection in sqli (CVE-2026-46624)
OS command injection in sqli (CVE-2026-46624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44667 |
|
Cross-Site Scripting (XSS) in CVE-2026-44667 (CVE-2026-44667)
cross-site scripting in CVE-2026-44667 (CVE-2026-44667). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
|
| CVE-2026-44669 |
|
Cross-Site Scripting (XSS) in CVE-2026-44669 (CVE-2026-44669)
cross-site scripting in CVE-2026-44669 (CVE-2026-44669). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.3` or later.
|
| CVE-2026-48697 |
|
Vulnerability in cpp (CVE-2026-48697)
vulnerability in cpp (CVE-2026-48697). Confidential information can be exposed externally.
|
| CVE-2026-48693 |
|
Vulnerability in cpp (CVE-2026-48693)
vulnerability in cpp (CVE-2026-48693). Data can be tampered with by attackers.
|
| CVE-2026-44723 |
|
OS Command Injection in vowpalwabbit (CVE-2026-44723)
OS command injection in vowpalwabbit (CVE-2026-44723). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44729 |
|
Cross-Site Scripting (XSS) in twenty (CVE-2026-44729)
cross-site scripting in twenty (CVE-2026-44729). Confidential information can be exposed externally.
|
| CVE-2026-43981 |
|
Vulnerability in c (CVE-2026-43981)
vulnerability in c (CVE-2026-43981). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.17.6` or later.
|
| CVE-2025-36148 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2025-36148)
cross-site scripting in ibm (CVE-2025-36148). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36126 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2025-36126)
cross-site scripting in ibm (CVE-2025-36126). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48692 |
|
Vulnerability in cpp (CVE-2026-48692)
vulnerability in cpp (CVE-2026-48692). Confidential information can be exposed externally.
|
| CVE-2026-48688 |
|
Out-of-Bounds Read in cpp (CVE-2026-48688)
vulnerability in cpp (CVE-2026-48688). Confidential information can be exposed externally.
|
| CVE-2026-48686 |
|
Vulnerability in cpp (CVE-2026-48686)
vulnerability in cpp (CVE-2026-48686). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48687 |
|
OS Command Injection in c (CVE-2026-48687)
OS command injection in c (CVE-2026-48687). Successful exploitation can lead to full system takeover. Exploitable via ``date``.
|
| CVE-2026-48683 |
|
Out-of-Bounds Read in cpp (CVE-2026-48683)
vulnerability in cpp (CVE-2026-48683). Confidential information can be exposed externally.
|
| CVE-2026-48684 |
|
Out-of-Bounds Read in c (CVE-2026-48684)
vulnerability in c (CVE-2026-48684). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45247 KEV |
|
[KEV] Unsafe Deserialization in Mirasvit full-page-cache-warmer (CVE-2026-45247)
vulnerability in Mirasvit full-page-cache-warmer (CVE-2026-45247). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-46368 |
|
Command Injection in c (CVE-2026-46368)
command injection in c (CVE-2026-46368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42785 |
|
Code Injection in CVE-2026-42785 (CVE-2026-42785)
code injection in CVE-2026-42785 (CVE-2026-42785). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9542 |
|
Vulnerability in sqli (CVE-2026-9542)
vulnerability in sqli (CVE-2026-9542). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9541 |
|
Buffer Overflow in cpp (CVE-2026-9541)
vulnerability in cpp (CVE-2026-9541). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39661 |
|
Vulnerability in CVE-2026-39661 (CVE-2026-39661)
vulnerability in CVE-2026-39661 (CVE-2026-39661). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9495 |
|
Vulnerability in @koa/router (CVE-2026-9495)
vulnerability in @koa/router (CVE-2026-9495). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `15.0.0` or later.
|
| CVE-2026-9496 |
|
Vulnerability in dos (CVE-2026-9496)
vulnerability in dos (CVE-2026-9496). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9530 |
|
Buffer Overflow in c (CVE-2026-9530)
vulnerability in c (CVE-2026-9530). Risk of unauthorized operations or information disclosure.
|