Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45802 |
|
Vulnerability in setasign/fpdi (CVE-2026-45802)
vulnerability in setasign/fpdi (CVE-2026-45802). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.7` or later.
|
| CVE-2026-46357 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357). Risk of unauthorized operations or information disclosure. Exploitable via ``createSite``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-33741 |
|
Cross-Site Scripting (XSS) in CVE-2026-33741 (CVE-2026-33741)
cross-site scripting in CVE-2026-33741 (CVE-2026-33741). Confidential information can be exposed externally.
|
| CVE-2026-33642 |
|
Out-of-Bounds Read in c (CVE-2026-33642)
vulnerability in c (CVE-2026-33642). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6009 |
|
Unsafe Deserialization in CVE-2026-6009 (CVE-2026-6009)
vulnerability in CVE-2026-6009 (CVE-2026-6009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46426 |
|
Unrestricted File Upload in budibase (CVE-2026-46426)
vulnerability in budibase (CVE-2026-46426). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/process`. Mitigation: upgrade to `3.38.2` or later.
|
| CVE-2026-46337 |
|
Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
|
| CVE-2026-31072 |
|
Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45670 |
|
Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45669 |
|
Vulnerability in nuxt (CVE-2026-45669)
vulnerability in nuxt (CVE-2026-45669). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45758 |
|
Vulnerability in guardrails-ai (CVE-2026-45758)
vulnerability in guardrails-ai (CVE-2026-45758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45581 |
|
Vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581)
vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581). Confidential information can be exposed externally. Mitigation: upgrade to `2.5.10` or later.
|
| CVE-2026-8711 |
|
Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47100 |
|
Vulnerability in CVE-2026-47100 (CVE-2026-47100)
vulnerability in CVE-2026-47100 (CVE-2026-47100). Data can be tampered with by attackers.
|
| CVE-2026-34883 |
|
Vulnerability in c (CVE-2026-34883)
vulnerability in c (CVE-2026-34883). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46511 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46396 |
|
Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46395 |
|
Information Disclosure in @haxtheweb/haxcms-nodejs (CVE-2026-46395)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46395). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46391 |
|
Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46496 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46393 |
|
SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-45409 |
|
Vulnerability in idna (CVE-2026-45409)
vulnerability in idna (CVE-2026-45409). Risk of unauthorized operations or information disclosure. Exploitable via ``valid_contexto``. Mitigation: upgrade to `3.15` or later.
|
| CVE-2026-8973 |
|
Buffer Overflow in c (CVE-2026-8973)
vulnerability in c (CVE-2026-8973). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43633 |
|
Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42099 |
|
Vulnerability in sparxsystems (CVE-2026-42099)
vulnerability in sparxsystems (CVE-2026-42099). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8912 |
|
SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
|
| CVE-2026-4883 |
|
Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7504 |
|
Open Redirect in org.keycloak:keycloak-services (CVE-2026-7504)
vulnerability in org.keycloak:keycloak-services (CVE-2026-7504). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.2` or later.
|
| CVE-2026-7307 |
|
Vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307)
vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.2` or later.
|
| CVE-2026-46725 |
|
Unsafe Deserialization in mmc/ceselector (CVE-2026-46725)
vulnerability in mmc/ceselector (CVE-2026-46725). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.3` or later.
|
| CVE-2026-8727 |
|
Unsafe Deserialization in tomasnorre/crawler (CVE-2026-8727)
vulnerability in tomasnorre/crawler (CVE-2026-8727). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.13` or later.
|
| CVE-2026-4885 |
|
Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8830 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-8830)
vulnerability in org.keycloak:keycloak-services (CVE-2026-8830). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-33234 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27891 |
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
|
| CVE-2026-4137 |
|
Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-8838 |
|
Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
|
| CVE-2026-45554 |
|
Vulnerability in nicegui (CVE-2026-45554)
vulnerability in nicegui (CVE-2026-45554). Risk of unauthorized operations or information disclosure. Exploitable via ``RuntimeError``. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45553 |
|
Information Disclosure in nicegui (CVE-2026-45553)
vulnerability in nicegui (CVE-2026-45553). Confidential information can be exposed externally. Exploitable via ``include``. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45682 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45682)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45682). Risk of unauthorized operations or information disclosure. Exploitable via ``CappedConcurrentHashMap``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45683 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45683)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45683). Risk of unauthorized operations or information disclosure. Exploitable via ``bpf_probe_read``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-8836 |
|
Buffer Overflow in c (CVE-2026-8836)
vulnerability in c (CVE-2026-8836). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45231 |
|
Cross-Site Scripting (XSS) in CVE-2026-45231 (CVE-2026-45231)
cross-site scripting in CVE-2026-45231 (CVE-2026-45231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45731 |
|
Path Traversal in WWBN/AVideo (CVE-2026-45731)
path traversal in WWBN/AVideo (CVE-2026-45731). Confidential information can be exposed externally. Exploitable via `POST /view/update.php`.
|
| CVE-2026-45230 |
|
Path Traversal in path-traversal (CVE-2026-45230)
path traversal in path-traversal (CVE-2026-45230). Data can be tampered with by attackers. Exploitable via `POST /api/delete-file`.
|
| CVE-2026-29963 |
|
Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
|
| CVE-2026-29962 |
|
Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
|
| CVE-2026-29964 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32849 |
|
Vulnerability in c (CVE-2026-32849)
vulnerability in c (CVE-2026-32849). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29965 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.
|