Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9370 |
|
Vulnerability in com.github.ulisesbocchio:jasypt-spring-boot (CVE-2026-9370)
vulnerability in com.github.ulisesbocchio:jasypt-spring-boot (CVE-2026-9370). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9365 |
|
Buffer Overflow in c (CVE-2026-9365)
vulnerability in c (CVE-2026-9365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9364 |
|
Vulnerability in sqli (CVE-2026-9364)
vulnerability in sqli (CVE-2026-9364). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9358 |
|
Vulnerability in dos (CVE-2026-9358)
vulnerability in dos (CVE-2026-9358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9355 |
|
Vulnerability in sqli (CVE-2026-9355)
vulnerability in sqli (CVE-2026-9355). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9356 |
|
Vulnerability in sqli (CVE-2026-9356)
vulnerability in sqli (CVE-2026-9356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3515 |
|
Vulnerability in prefect (CVE-2026-3515)
vulnerability in prefect (CVE-2026-3515). Confidential information can be exposed externally. Exploitable via ``GitHubRepository``.
|
| CVE-2026-48829 |
|
Vulnerability in c (CVE-2026-48829)
vulnerability in c (CVE-2026-48829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9342 |
|
Vulnerability in sqli (CVE-2026-9342)
vulnerability in sqli (CVE-2026-9342). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25356 |
|
Vulnerability in cpp (CVE-2018-25356)
vulnerability in cpp (CVE-2018-25356). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25357 |
|
Code Injection in dolibarr/dolibarr (CVE-2018-25357)
code injection in dolibarr/dolibarr (CVE-2018-25357). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.8` or later.
|
| CVE-2018-25352 |
|
SQL Injection in wordpress (CVE-2018-25352)
SQL injection in wordpress (CVE-2018-25352). Confidential information can be exposed externally.
|
| CVE-2018-25349 |
|
Cross-Site Scripting (XSS) in CVE-2018-25349 (CVE-2018-25349)
cross-site scripting in CVE-2018-25349 (CVE-2018-25349). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25350 |
|
Vulnerability in CVE-2018-25350 (CVE-2018-25350)
vulnerability in CVE-2018-25350 (CVE-2018-25350). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25343 |
|
Cross-Site Request Forgery (CSRF) in CVE-2018-25343 (CVE-2018-25343)
vulnerability in CVE-2018-25343 (CVE-2018-25343). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25340 |
|
SQL Injection in sqli (CVE-2018-25340)
SQL injection in sqli (CVE-2018-25340). Confidential information can be exposed externally.
|
| CVE-2026-9302 |
|
Vulnerability in CVE-2026-9302 (CVE-2026-9302)
vulnerability in CVE-2026-9302 (CVE-2026-9302). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25341 |
|
SQL Injection in sqli (CVE-2018-25341)
SQL injection in sqli (CVE-2018-25341). Confidential information can be exposed externally.
|
| CVE-2018-25342 |
|
SQL Injection in sqli (CVE-2018-25342)
SQL injection in sqli (CVE-2018-25342). Confidential information can be exposed externally.
|
| CVE-2026-43503 |
|
Vulnerability in c (CVE-2026-43503)
vulnerability in c (CVE-2026-43503). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5843 |
|
Vulnerability in docker (CVE-2026-5843)
vulnerability in docker (CVE-2026-5843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5817 |
|
Vulnerability in docker (CVE-2026-5817)
vulnerability in docker (CVE-2026-5817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46727 |
|
Vulnerability in ruby (CVE-2026-46727)
vulnerability in ruby (CVE-2026-46727). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-42627 |
|
Vulnerability in cpp (CVE-2026-42627)
vulnerability in cpp (CVE-2026-42627). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47157 |
|
SSRF (Server-Side Request Forgery) in aiograpi (CVE-2026-47157)
SSRF in aiograpi (CVE-2026-47157). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-47138 |
|
Vulnerability in parse-server (CVE-2026-47138)
vulnerability in parse-server (CVE-2026-47138). Risk of unauthorized operations or information disclosure. Exploitable via ``clientSDK``. Mitigation: upgrade to `8.6.77` or later.
|
| CVE-2026-40610 |
|
Vulnerability in bentoml (CVE-2026-40610)
vulnerability in bentoml (CVE-2026-40610). Confidential information can be exposed externally. Exploitable via ``src_file``. Mitigation: upgrade to `1.4.39` or later.
|
| CVE-2026-32253 |
|
Authentication Bypass in cpp (CVE-2026-32253)
authentication bypass in cpp (CVE-2026-32253). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5072 |
|
Vulnerability in c (CVE-2026-5072)
vulnerability in c (CVE-2026-5072). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3481 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-3481)
cross-site scripting in wordpress (CVE-2026-3481). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7886 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7886)
vulnerability in concrete5/concrete5 (CVE-2026-7886). Risk of unauthorized operations or information disclosure. Exploitable via ``AddMessage``. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-4093 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-4093)
cross-site scripting in drupal (CVE-2026-4093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7879 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7879)
vulnerability in concrete5/concrete5 (CVE-2026-7879). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-46679 |
|
Vulnerability in @libp2p/gossipsub (CVE-2026-46679)
vulnerability in @libp2p/gossipsub (CVE-2026-46679). Risk of unauthorized operations or information disclosure. Exploitable via ``handleReceivedSubscription``. Mitigation: upgrade to `15.0.23` or later.
|
| CVE-2026-8203 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8203)
cross-site scripting in concrete5/concrete5 (CVE-2026-8203). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8197 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8140 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8134 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-46625 |
|
Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
|
| CVE-2026-46673 |
|
Vulnerability in russh-cryptovec (CVE-2026-46673)
vulnerability in russh-cryptovec (CVE-2026-46673). Risk of unauthorized operations or information disclosure. Exploitable via ``CryptoVec``. Mitigation: upgrade to `0.60.3` or later.
|
| CVE-2026-46609 |
|
Cross-Site Scripting (XSS) in Umbraco.Cms (CVE-2026-46609)
cross-site scripting in Umbraco.Cms (CVE-2026-46609). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.4.0` or later.
|
| CVE-2026-46547 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-46547)
cross-site scripting in nocodb (CVE-2026-46547). Risk of unauthorized operations or information disclosure. Exploitable via ``ncRedirectUrl``.
|
| CVE-2026-46643 |
|
OS Command Injection in KnpLabs/knp-snappy (CVE-2026-46643)
OS command injection in KnpLabs/knp-snappy (CVE-2026-46643). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-46683 |
|
SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
|