Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-44699 Vulnerability in c (CVE-2026-44699)
vulnerability in c (CVE-2026-44699). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.3` or later.
CVE-2026-42155 Vulnerability in openmage/magento-lts (CVE-2026-42155)
vulnerability in openmage/magento-lts (CVE-2026-42155). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/xmlrpc/`. Mitigation: upgrade to `20.18.0` or later.
CVE-2026-41258 Code Injection in org.openmrs.api:openmrs-api (CVE-2026-41258)
code injection in org.openmrs.api:openmrs-api (CVE-2026-41258). Successful exploitation can lead to full system takeover. Exploitable via ``VelocityEngine``. Mitigation: upgrade to `2.8.6` or later.
CVE-2026-45062 Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
CVE-2026-44716 Path Traversal in pipecat-ai (CVE-2026-44716)
path traversal in pipecat-ai (CVE-2026-44716). Confidential information can be exposed externally. Exploitable via `GET /files/{filename`. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-40092 Vulnerability in nimiq-keys (CVE-2026-40092)
vulnerability in nimiq-keys (CVE-2026-40092). Risk of unauthorized operations or information disclosure. Exploitable via ``TaggedPublicKey``.
CVE-2026-46508 Command Injection in vercel (CVE-2026-46508)
command injection in vercel (CVE-2026-46508). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.14000` or later.
CVE-2026-45773 Cross-Site Request Forgery (CSRF) in turbo (CVE-2026-45773)
vulnerability in turbo (CVE-2026-45773). Data can be tampered with by attackers. Exploitable via ``turbo``. Mitigation: upgrade to `2.9.14` or later.
CVE-2026-35194 Code Injection in flink (CVE-2026-35194)
code injection in flink (CVE-2026-35194). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.4, 2.0.2, 2.1.1, 2.2.1` or later.
CVE-2026-45772 Vulnerability in turbo (CVE-2026-45772)
vulnerability in turbo (CVE-2026-45772). Successful exploitation can lead to full system takeover. Exploitable via ``yarnPath``. Mitigation: upgrade to `2.9.14` or later.
CVE-2026-34253 Vulnerability in c (CVE-2026-34253)
vulnerability in c (CVE-2026-34253). Risk of unauthorized operations or information disclosure.
CVE-2026-8669 Out-of-Bounds Write in c (CVE-2026-8669)
out-of-bounds write in c (CVE-2026-8669). Risk of unauthorized operations or information disclosure.
CVE-2026-38728 Vulnerability in smtp-server (CVE-2026-38728)
vulnerability in smtp-server (CVE-2026-38728). Risk of unauthorized operations or information disclosure. Exploitable via ``_remainder``. Mitigation: upgrade to `3.18.3` or later.
CVE-2026-45736 Vulnerability in ws (CVE-2026-45736)
vulnerability in ws (CVE-2026-45736). Confidential information can be exposed externally. Exploitable via ``TypedArray``. Mitigation: upgrade to `8.20.1` or later.
CVE-2026-41553 OS Command Injection in dhtmlx (CVE-2026-41553)
OS command injection in dhtmlx (CVE-2026-41553). Successful exploitation can lead to full system takeover.
CVE-2026-8454 Out-of-Bounds Write in c (CVE-2026-8454)
out-of-bounds write in c (CVE-2026-8454). Risk of unauthorized operations or information disclosure.
CVE-2026-6228 Privilege Escalation in wordpress (CVE-2026-6228)
vulnerability in wordpress (CVE-2026-6228). Successful exploitation can lead to full system takeover.
CVE-2026-6415 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6415)
cross-site scripting in wordpress (CVE-2026-6415). Risk of unauthorized operations or information disclosure.
CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
CVE-2026-6811 Vulnerability in CVE-2026-6811 (CVE-2026-6811)
vulnerability in CVE-2026-6811 (CVE-2026-6811). Risk of unauthorized operations or information disclosure.
CVE-2026-8585 Vulnerability in c (CVE-2026-8585)
vulnerability in c (CVE-2026-8585). Successful exploitation can lead to full system takeover.
CVE-2026-8528 Vulnerability in c (CVE-2026-8528)
vulnerability in c (CVE-2026-8528). Risk of unauthorized operations or information disclosure.
CVE-2026-8519 Vulnerability in c (CVE-2026-8519)
vulnerability in c (CVE-2026-8519). Successful exploitation can lead to full system takeover.
CVE-2026-44666 OS Command Injection in CVE-2026-44666 (CVE-2026-44666)
OS command injection in CVE-2026-44666 (CVE-2026-44666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.8` or later.
CVE-2026-44661 SSRF (Server-Side Request Forgery) in utcp-http (CVE-2026-44661)
SSRF in utcp-http (CVE-2026-44661). Risk of unauthorized operations or information disclosure. Exploitable via ``tool_call_template.url``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-44673 Vulnerability in c (CVE-2026-44673)
vulnerability in c (CVE-2026-44673). Risk of unauthorized operations or information disclosure.
CVE-2026-42847 SQL Injection in sqli (CVE-2026-42847)
SQL injection in sqli (CVE-2026-42847). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.5.3` or later.
CVE-2026-42327 Vulnerability in openssl (CVE-2026-42327)
vulnerability in openssl (CVE-2026-42327). Risk of unauthorized operations or information disclosure. Exploitable via ``OpensslString``. Mitigation: upgrade to `0.10.79` or later.
CVE-2026-45370 Vulnerability in utcp-cli (CVE-2026-45370)
vulnerability in utcp-cli (CVE-2026-45370). Confidential information can be exposed externally. Exploitable via ``cli_communication_protocol.py``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-45369 OS Command Injection in utcp-cli (CVE-2026-45369)
OS command injection in utcp-cli (CVE-2026-45369). Successful exploitation can lead to full system takeover. Exploitable via ``_substitute_utcp_args``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-46509 Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-45288 Vulnerability in Marten (CVE-2026-45288)
vulnerability in Marten (CVE-2026-45288). Successful exploitation can lead to full system takeover. Exploitable via ``regConfig``. Mitigation: upgrade to `8.37.0` or later.
CVE-2026-45672 Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-45395 Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45348 Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
cross-site scripting in pyload-ng (CVE-2026-45348). Confidential information can be exposed externally. Exploitable via `POST /flash/add`.
CVE-2026-42570 Vulnerability in devalue (CVE-2026-42570)
vulnerability in devalue (CVE-2026-42570). Risk of unauthorized operations or information disclosure. Exploitable via ``devalue.parse``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-45345 Vulnerability in open-webui (CVE-2026-45345)
vulnerability in open-webui (CVE-2026-45345). Data can be tampered with by attackers. Exploitable via `POST /api/v1/models/model/update`. Mitigation: upgrade to `0.5.7` or later.
CVE-2026-42599 Cross-Site Scripting (XSS) in svelte (CVE-2026-42599)
cross-site scripting in svelte (CVE-2026-42599). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.55.7` or later.
CVE-2026-45306 Vulnerability in pyload-ng (CVE-2026-45306)
vulnerability in pyload-ng (CVE-2026-45306). Confidential information can be exposed externally. Exploitable via `GET /files/get/`.
CVE-2026-8597 Vulnerability in sagemaker (CVE-2026-8597)
vulnerability in sagemaker (CVE-2026-8597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-43904 Out-of-Bounds Write in cpp (CVE-2026-43904)
out-of-bounds write in cpp (CVE-2026-43904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43903 Out-of-Bounds Write in cpp (CVE-2026-43903)
out-of-bounds write in cpp (CVE-2026-43903). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43905 Vulnerability in cpp (CVE-2026-43905)
vulnerability in cpp (CVE-2026-43905). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43907 Vulnerability in cpp (CVE-2026-43907)
vulnerability in cpp (CVE-2026-43907). Data can be tampered with by attackers. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-8596 Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-44633 Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
CVE-2026-44586 Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
cross-site scripting in CVE-2026-44586 (CVE-2026-44586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-44541 Cross-Site Scripting (XSS) in ethyca-fides (CVE-2026-44541)
cross-site scripting in ethyca-fides (CVE-2026-44541). Risk of unauthorized operations or information disclosure. Exploitable via ``fides.js``. Mitigation: upgrade to `2.84.5` or later.
CVE-2026-6332 Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
CVE-2026-45011 Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →