Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-0256 Cross-Site Scripting (XSS) in CVE-2026-0256 (CVE-2026-0256)
cross-site scripting in CVE-2026-0256 (CVE-2026-0256). Risk of unauthorized operations or information disclosure.
CVE-2024-48519 Vulnerability in cpp (CVE-2024-48519)
vulnerability in cpp (CVE-2024-48519). Risk of unauthorized operations or information disclosure.
CVE-2024-51394 Buffer Overflow in cpp (CVE-2024-51394)
vulnerability in cpp (CVE-2024-51394). Risk of unauthorized operations or information disclosure.
CVE-2026-45411 Vulnerability in vm2 (CVE-2026-45411)
vulnerability in vm2 (CVE-2026-45411). Successful exploitation can lead to full system takeover. Exploitable via ``return``. Mitigation: upgrade to `3.11.3` or later.
CVE-2026-44007 Vulnerability in vm2 (CVE-2026-44007)
vulnerability in vm2 (CVE-2026-44007). Successful exploitation can lead to full system takeover. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.1` or later.
CVE-2026-44006 Code Injection in vm2 (CVE-2026-44006)
code injection in vm2 (CVE-2026-44006). Successful exploitation can lead to full system takeover. Exploitable via ``BaseHandler.getPrototypeOf``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44005 Code Injection in vm2 (CVE-2026-44005)
code injection in vm2 (CVE-2026-44005). Data can be tampered with by attackers. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44004 Vulnerability in vm2 (CVE-2026-44004)
vulnerability in vm2 (CVE-2026-44004). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer.alloc``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44003 Vulnerability in vm2 (CVE-2026-44003)
vulnerability in vm2 (CVE-2026-44003). Risk of unauthorized operations or information disclosure. Exploitable via ``catch``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44002 Vulnerability in vm2 (CVE-2026-44002)
vulnerability in vm2 (CVE-2026-44002). Risk of unauthorized operations or information disclosure. Exploitable via ``CallSite``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44001 Vulnerability in vm2 (CVE-2026-44001)
vulnerability in vm2 (CVE-2026-44001). Risk of unauthorized operations or information disclosure. Exploitable via ``onRejected``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44000 Vulnerability in vm2 (CVE-2026-44000)
vulnerability in vm2 (CVE-2026-44000). Risk of unauthorized operations or information disclosure. Exploitable via ``WeakMap``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43999 Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43998 Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43997 Code Injection in vm2 (CVE-2026-43997)
code injection in vm2 (CVE-2026-43997). Successful exploitation can lead to full system takeover. Exploitable via ``Object``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-45740 Vulnerability in protobufjs (CVE-2026-45740)
vulnerability in protobufjs (CVE-2026-45740). Risk of unauthorized operations or information disclosure. Exploitable via ``nested``. Mitigation: upgrade to `8.2.0` or later.
CVE-2026-44456 Vulnerability in hono (CVE-2026-44456)
vulnerability in hono (CVE-2026-44456). Risk of unauthorized operations or information disclosure. Exploitable via ``maxSize``. Mitigation: upgrade to `4.12.16` or later.
CVE-2026-44455 Vulnerability in hono (CVE-2026-44455)
vulnerability in hono (CVE-2026-44455). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.16` or later.
CVE-2026-43479 Vulnerability in c (CVE-2026-43479)
vulnerability in c (CVE-2026-43479). Risk of unauthorized operations or information disclosure.
CVE-2026-43477 Vulnerability in c (CVE-2026-43477)
vulnerability in c (CVE-2026-43477). Risk of unauthorized operations or information disclosure.
CVE-2026-31156 Path Traversal in cpp (CVE-2026-31156)
path traversal in cpp (CVE-2026-31156). Confidential information can be exposed externally.
CVE-2024-51395 Vulnerability in cpp (CVE-2024-51395)
vulnerability in cpp (CVE-2024-51395). Risk of unauthorized operations or information disclosure.
CVE-2024-55045 Vulnerability in c (CVE-2024-55045)
vulnerability in c (CVE-2024-55045). Risk of unauthorized operations or information disclosure.
CVE-2020-37225 Cross-Site Scripting (XSS) in CVE-2020-37225 (CVE-2020-37225)
cross-site scripting in CVE-2020-37225 (CVE-2020-37225). Risk of unauthorized operations or information disclosure.
CVE-2020-37223 Vulnerability in c (CVE-2020-37223)
vulnerability in c (CVE-2020-37223). Successful exploitation can lead to full system takeover.
CVE-2020-37222 Cross-Site Scripting (XSS) in c (CVE-2020-37222)
cross-site scripting in c (CVE-2020-37222). Risk of unauthorized operations or information disclosure.
CVE-2020-37218 SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
CVE-2020-37217 Cross-Site Request Forgery (CSRF) in CVE-2020-37217 (CVE-2020-37217)
vulnerability in CVE-2020-37217 (CVE-2020-37217). Risk of unauthorized operations or information disclosure.
CVE-2020-37174 Cross-Site Scripting (XSS) in CVE-2020-37174 (CVE-2020-37174)
cross-site scripting in CVE-2020-37174 (CVE-2020-37174). Risk of unauthorized operations or information disclosure.
CVE-2020-37169 Vulnerability in wordpress (CVE-2020-37169)
vulnerability in wordpress (CVE-2020-37169). Confidential information can be exposed externally.
CVE-2026-45152 OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
OS command injection in gitlab.com/uniget-org/cli (CVE-2026-45152). Successful exploitation can lead to full system takeover. Exploitable via ``check``. Mitigation: upgrade to `0.27.1` or later.
CVE-2026-45136 OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
CVE-2026-45134 Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-44724 OS Command Injection in systeminformation (CVE-2026-44724)
OS command injection in systeminformation (CVE-2026-44724). Successful exploitation can lead to full system takeover. Exploitable via ``systeminformation``. Mitigation: upgrade to `5.31.6` or later.
CVE-2026-37430 Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
CVE-2026-6177 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
CVE-2026-3425 Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
CVE-2026-44931 Vulnerability in c (CVE-2026-44931)
vulnerability in c (CVE-2026-44931). Risk of unauthorized operations or information disclosure.
CVE-2026-7635 Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
CVE-2026-8336 Use-After-Free in mongodb (CVE-2026-8336)
vulnerability in mongodb (CVE-2026-8336). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.9, 8.3.2` or later.
CVE-2026-44681 Open Redirect in authlib (CVE-2026-44681)
vulnerability in authlib (CVE-2026-44681). Risk of unauthorized operations or information disclosure. Exploitable via `GET /oauth/authorize`. Mitigation: upgrade to `3be08468` or later.
CVE-2026-44548 Cross-Site Request Forgery (CSRF) in CVE-2026-44548 (CVE-2026-44548)
vulnerability in CVE-2026-44548 (CVE-2026-44548). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44547 Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
CVE-2026-42289 Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-41901 Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
CVE-2026-44660 Vulnerability in ujson (CVE-2026-44660)
vulnerability in ujson (CVE-2026-44660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.12.1` or later.
CVE-2026-45227 Vulnerability in CVE-2026-45227 (CVE-2026-45227)
vulnerability in CVE-2026-45227 (CVE-2026-45227). Successful exploitation can lead to full system takeover.
CVE-2026-44307 Path Traversal in Mako (CVE-2026-44307)
path traversal in Mako (CVE-2026-44307). Risk of unauthorized operations or information disclosure. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.12` or later.
CVE-2026-44304 Vulnerability in lemur (CVE-2026-44304)
vulnerability in lemur (CVE-2026-44304). Confidential information can be exposed externally. Exploitable via `POST /auth/login`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-44262 Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →