Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-45802 Vulnerability in setasign/fpdi (CVE-2026-45802)
vulnerability in setasign/fpdi (CVE-2026-45802). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.7` or later.
CVE-2026-46357 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357). Risk of unauthorized operations or information disclosure. Exploitable via ``createSite``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-33741 Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
cross-site scripting in CVE-2026-33741 (CVE-2026-33741). Confidential information can be exposed externally.
CVE-2026-33642 Out-of-Bounds Read in c (CVE-2026-33642)
vulnerability in c (CVE-2026-33642). Risk of unauthorized operations or information disclosure.
CVE-2026-6009 Unsafe Deserialization in CVE-2026-6009 (CVE-2026-6009)
vulnerability in CVE-2026-6009 (CVE-2026-6009). Risk of unauthorized operations or information disclosure.
CVE-2026-46426 Unrestricted File Upload in budibase (CVE-2026-46426)
vulnerability in budibase (CVE-2026-46426). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/process`. Mitigation: upgrade to `3.38.2` or later.
CVE-2026-46337 Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
CVE-2026-31072 Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
CVE-2026-45670 Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
CVE-2026-45669 Vulnerability in nuxt (CVE-2026-45669)
vulnerability in nuxt (CVE-2026-45669). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `4.4.6` or later.
CVE-2026-45758 Vulnerability in guardrails-ai (CVE-2026-45758)
vulnerability in guardrails-ai (CVE-2026-45758). Successful exploitation can lead to full system takeover.
CVE-2026-45581 Vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581)
vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581). Confidential information can be exposed externally. Mitigation: upgrade to `2.5.10` or later.
CVE-2026-8711 Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
CVE-2026-47100 Vulnerability in CVE-2026-47100 (CVE-2026-47100)
vulnerability in CVE-2026-47100 (CVE-2026-47100). Data can be tampered with by attackers.
CVE-2026-34883 Vulnerability in c (CVE-2026-34883)
vulnerability in c (CVE-2026-34883). Risk of unauthorized operations or information disclosure.
CVE-2026-46511 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46396 Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46395 Information Disclosure in @haxtheweb/haxcms-nodejs (CVE-2026-46395)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46395). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46391 Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46496 Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-46393 SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
CVE-2026-45409 Vulnerability in idna (CVE-2026-45409)
vulnerability in idna (CVE-2026-45409). Risk of unauthorized operations or information disclosure. Exploitable via ``valid_contexto``. Mitigation: upgrade to `3.15` or later.
CVE-2026-8973 Buffer Overflow in c (CVE-2026-8973)
vulnerability in c (CVE-2026-8973). Successful exploitation can lead to full system takeover.
CVE-2026-43633 Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
CVE-2026-42099 Vulnerability in sparxsystems (CVE-2026-42099)
vulnerability in sparxsystems (CVE-2026-42099). Successful exploitation can lead to full system takeover.
CVE-2026-8912 SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
CVE-2026-4883 Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
CVE-2026-7504 Open Redirect in org.keycloak:keycloak-services (CVE-2026-7504)
vulnerability in org.keycloak:keycloak-services (CVE-2026-7504). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.2` or later.
CVE-2026-7307 Vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307)
vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.2` or later.
CVE-2026-46725 Unsafe Deserialization in mmc/ceselector (CVE-2026-46725)
vulnerability in mmc/ceselector (CVE-2026-46725). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.3` or later.
CVE-2026-8727 Unsafe Deserialization in tomasnorre/crawler (CVE-2026-8727)
vulnerability in tomasnorre/crawler (CVE-2026-8727). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.13` or later.
CVE-2026-4885 Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
CVE-2026-8830 Vulnerability in org.keycloak:keycloak-services (CVE-2026-8830)
vulnerability in org.keycloak:keycloak-services (CVE-2026-8830). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.3` or later.
CVE-2026-33234 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
CVE-2026-4137 Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-8838 Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
CVE-2026-45554 Vulnerability in nicegui (CVE-2026-45554)
vulnerability in nicegui (CVE-2026-45554). Risk of unauthorized operations or information disclosure. Exploitable via ``RuntimeError``. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-45553 Information Disclosure in nicegui (CVE-2026-45553)
vulnerability in nicegui (CVE-2026-45553). Confidential information can be exposed externally. Exploitable via ``include``. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-45682 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45682)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45682). Risk of unauthorized operations or information disclosure. Exploitable via ``CappedConcurrentHashMap``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45683 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45683)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45683). Risk of unauthorized operations or information disclosure. Exploitable via ``bpf_probe_read``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-8836 Buffer Overflow in c (CVE-2026-8836)
vulnerability in c (CVE-2026-8836). Successful exploitation can lead to full system takeover.
CVE-2026-45231 Cross-Site Scripting (XSS) in CVE-2026-45231 (CVE-2026-45231)
cross-site scripting in CVE-2026-45231 (CVE-2026-45231). Risk of unauthorized operations or information disclosure.
CVE-2026-45731 Path Traversal in WWBN/AVideo (CVE-2026-45731)
path traversal in WWBN/AVideo (CVE-2026-45731). Confidential information can be exposed externally. Exploitable via `POST /view/update.php`.
CVE-2026-45230 Path Traversal in path-traversal (CVE-2026-45230)
path traversal in path-traversal (CVE-2026-45230). Data can be tampered with by attackers. Exploitable via `POST /api/delete-file`.
CVE-2026-29963 Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
CVE-2026-29962 Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
CVE-2026-29964 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
CVE-2026-32849 Vulnerability in c (CVE-2026-32849)
vulnerability in c (CVE-2026-32849). Risk of unauthorized operations or information disclosure.
CVE-2026-29965 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →