Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45719 |
|
Code Injection in @budibase/server (CVE-2026-45719)
code injection in @budibase/server (CVE-2026-45719). Confidential information can be exposed externally. Exploitable via `POST /api/views`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-45701 |
|
Vulnerability in sulu/sulu (CVE-2026-45701)
vulnerability in sulu/sulu (CVE-2026-45701). Risk of unauthorized operations or information disclosure. Exploitable via ``User.php``. Mitigation: upgrade to `2.6.23` or later.
|
| CVE-2026-45829 |
|
Code Injection in chromadb (CVE-2026-45829)
code injection in chromadb (CVE-2026-45829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38719 |
|
Out-of-Bounds Read in c (CVE-2026-38719)
vulnerability in c (CVE-2026-38719). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45300 |
|
Information Disclosure in org.asynchttpclient:async-http-client (CVE-2026-45300)
vulnerability in org.asynchttpclient:async-http-client (CVE-2026-45300). Confidential information can be exposed externally. Exploitable via ``Cookie``. Mitigation: upgrade to `2.15.0` or later.
|
| CVE-2026-45660 |
|
SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
|
| CVE-2026-42326 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-42326)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-42326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-39079 |
|
Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
|
| CVE-2026-26462 |
|
Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45627 |
|
Cross-Site Scripting (XSS) in github.com/getarcaneapp/arcane/backend (CVE-2026-45627)
cross-site scripting in github.com/getarcaneapp/arcane/backend (CVE-2026-45627). Confidential information can be exposed externally. Exploitable via `GET /api/app-images/logo`. Mitigation: upgrade to `1.19.0` or later.
|
| CVE-2026-45626 |
|
OS Command Injection in github.com/getarcaneapp/arcane/backend (CVE-2026-45626)
OS command injection in github.com/getarcaneapp/arcane/backend (CVE-2026-45626). Risk of unauthorized operations or information disclosure. Exploitable via `GET /environments/{id}/volumes/{volumeName}/browse`.
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45620 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45620)
vulnerability in WWBN/AVideo (CVE-2026-45620). Risk of unauthorized operations or information disclosure. Exploitable via ``d9cdc7024``.
|
| CVE-2026-46510 |
|
Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-7304 |
|
Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8803 |
|
Vulnerability in CVE-2026-8803 (CVE-2026-8803)
vulnerability in CVE-2026-8803 (CVE-2026-8803). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8802 |
|
Path Traversal in path-traversal (CVE-2026-8802)
path traversal in path-traversal (CVE-2026-8802). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3471 |
|
Vulnerability in mattermost (CVE-2026-3471)
vulnerability in mattermost (CVE-2026-3471). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3495 |
|
Cross-Site Scripting (XSS) in github.com/mattermost/mattermost/server/v8 (CVE-2026-3495)
cross-site scripting in github.com/mattermost/mattermost/server/v8 (CVE-2026-3495). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.0-20260310115442-5a1ea95044d` or later.
|
| CVE-2026-8784 |
|
Vulnerability in c (CVE-2026-8784)
vulnerability in c (CVE-2026-8784). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8785 |
|
Vulnerability in sqli (CVE-2026-8785)
vulnerability in sqli (CVE-2026-8785). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8773 |
|
Vulnerability in CVE-2026-8773 (CVE-2026-8773)
vulnerability in CVE-2026-8773 (CVE-2026-8773). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8771 |
|
Vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771)
vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8721 |
|
Vulnerability in c (CVE-2026-8721)
vulnerability in c (CVE-2026-8721). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8759 |
|
Vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759)
vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25335 |
|
Vulnerability in wordpress (CVE-2018-25335)
vulnerability in wordpress (CVE-2018-25335). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8753 |
|
Vulnerability in CVE-2026-8753 (CVE-2026-8753)
vulnerability in CVE-2026-8753 (CVE-2026-8753). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25331 |
|
Cross-Site Scripting (XSS) in CVE-2018-25331 (CVE-2018-25331)
cross-site scripting in CVE-2018-25331 (CVE-2018-25331). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25326 |
|
Path Traversal in wordpress (CVE-2018-25326)
path traversal in wordpress (CVE-2018-25326). Confidential information can be exposed externally.
|
| CVE-2018-25329 |
|
Vulnerability in wordpress (CVE-2018-25329)
vulnerability in wordpress (CVE-2018-25329). Confidential information can be exposed externally.
|
| CVE-2018-25333 |
|
SQL Injection in sqli (CVE-2018-25333)
SQL injection in sqli (CVE-2018-25333). Confidential information can be exposed externally.
|
| CVE-2018-25327 |
|
Cross-Site Request Forgery (CSRF) in CVE-2018-25327 (CVE-2018-25327)
vulnerability in CVE-2018-25327 (CVE-2018-25327). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25319 |
|
SQL Injection in sqli (CVE-2018-25319)
SQL injection in sqli (CVE-2018-25319). Confidential information can be exposed externally.
|
| CVE-2018-25324 |
|
Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
|
| CVE-2018-25325 |
|
Path Traversal in wordpress (CVE-2018-25325)
path traversal in wordpress (CVE-2018-25325). Confidential information can be exposed externally.
|
| CVE-2026-8752 |
|
Vulnerability in h2o (CVE-2026-8752)
vulnerability in h2o (CVE-2026-8752). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8751 |
|
Vulnerability in deserialization (CVE-2026-8751)
vulnerability in deserialization (CVE-2026-8751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8746 |
|
Buffer Overflow in c (CVE-2026-8746)
vulnerability in c (CVE-2026-8746). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8747 |
|
Vulnerability in CVE-2026-8747 (CVE-2026-8747)
vulnerability in CVE-2026-8747 (CVE-2026-8747). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8750 |
|
Information Disclosure in h2o (CVE-2026-8750)
vulnerability in h2o (CVE-2026-8750). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8745 |
|
Vulnerability in c (CVE-2026-8745)
vulnerability in c (CVE-2026-8745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8744 |
|
Vulnerability in c (CVE-2026-8744)
vulnerability in c (CVE-2026-8744). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8743 |
|
Vulnerability in c (CVE-2026-8743)
vulnerability in c (CVE-2026-8743). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8740 |
|
Vulnerability in CVE-2026-8740 (CVE-2026-8740)
vulnerability in CVE-2026-8740 (CVE-2026-8740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8739 |
|
Vulnerability in CVE-2026-8739 (CVE-2026-8739)
vulnerability in CVE-2026-8739 (CVE-2026-8739). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8738 |
|
Vulnerability in CVE-2026-8738 (CVE-2026-8738)
vulnerability in CVE-2026-8738 (CVE-2026-8738). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8736 |
|
Path Traversal in path-traversal (CVE-2026-8736)
path traversal in path-traversal (CVE-2026-8736). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8737 |
|
Authentication Bypass in CVE-2026-8737 (CVE-2026-8737)
authentication bypass in CVE-2026-8737 (CVE-2026-8737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8735 |
|
Vulnerability in deserialization (CVE-2026-8735)
vulnerability in deserialization (CVE-2026-8735). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8730 |
|
Vulnerability in c (CVE-2026-8730)
vulnerability in c (CVE-2026-8730). Risk of unauthorized operations or information disclosure.
|