Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-0256 |
|
Cross-Site Scripting (XSS) in CVE-2026-0256 (CVE-2026-0256)
cross-site scripting in CVE-2026-0256 (CVE-2026-0256). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-48519 |
|
Vulnerability in cpp (CVE-2024-48519)
vulnerability in cpp (CVE-2024-48519). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51394 |
|
Buffer Overflow in cpp (CVE-2024-51394)
vulnerability in cpp (CVE-2024-51394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45411 |
|
Vulnerability in vm2 (CVE-2026-45411)
vulnerability in vm2 (CVE-2026-45411). Successful exploitation can lead to full system takeover. Exploitable via ``return``. Mitigation: upgrade to `3.11.3` or later.
|
| CVE-2026-44007 |
|
Vulnerability in vm2 (CVE-2026-44007)
vulnerability in vm2 (CVE-2026-44007). Successful exploitation can lead to full system takeover. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.1` or later.
|
| CVE-2026-44006 |
|
Code Injection in vm2 (CVE-2026-44006)
code injection in vm2 (CVE-2026-44006). Successful exploitation can lead to full system takeover. Exploitable via ``BaseHandler.getPrototypeOf``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44005 |
|
Code Injection in vm2 (CVE-2026-44005)
code injection in vm2 (CVE-2026-44005). Data can be tampered with by attackers. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44004 |
|
Vulnerability in vm2 (CVE-2026-44004)
vulnerability in vm2 (CVE-2026-44004). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer.alloc``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44003 |
|
Vulnerability in vm2 (CVE-2026-44003)
vulnerability in vm2 (CVE-2026-44003). Risk of unauthorized operations or information disclosure. Exploitable via ``catch``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44002 |
|
Vulnerability in vm2 (CVE-2026-44002)
vulnerability in vm2 (CVE-2026-44002). Risk of unauthorized operations or information disclosure. Exploitable via ``CallSite``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44001 |
|
Vulnerability in vm2 (CVE-2026-44001)
vulnerability in vm2 (CVE-2026-44001). Risk of unauthorized operations or information disclosure. Exploitable via ``onRejected``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44000 |
|
Vulnerability in vm2 (CVE-2026-44000)
vulnerability in vm2 (CVE-2026-44000). Risk of unauthorized operations or information disclosure. Exploitable via ``WeakMap``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43999 |
|
Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43998 |
|
Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43997 |
|
Code Injection in vm2 (CVE-2026-43997)
code injection in vm2 (CVE-2026-43997). Successful exploitation can lead to full system takeover. Exploitable via ``Object``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-45740 |
|
Vulnerability in protobufjs (CVE-2026-45740)
vulnerability in protobufjs (CVE-2026-45740). Risk of unauthorized operations or information disclosure. Exploitable via ``nested``. Mitigation: upgrade to `8.2.0` or later.
|
| CVE-2026-44456 |
|
Vulnerability in hono (CVE-2026-44456)
vulnerability in hono (CVE-2026-44456). Risk of unauthorized operations or information disclosure. Exploitable via ``maxSize``. Mitigation: upgrade to `4.12.16` or later.
|
| CVE-2026-44455 |
|
Vulnerability in hono (CVE-2026-44455)
vulnerability in hono (CVE-2026-44455). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.16` or later.
|
| CVE-2026-43479 |
|
Vulnerability in c (CVE-2026-43479)
vulnerability in c (CVE-2026-43479). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43477 |
|
Vulnerability in c (CVE-2026-43477)
vulnerability in c (CVE-2026-43477). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31156 |
|
Path Traversal in cpp (CVE-2026-31156)
path traversal in cpp (CVE-2026-31156). Confidential information can be exposed externally.
|
| CVE-2024-51395 |
|
Vulnerability in cpp (CVE-2024-51395)
vulnerability in cpp (CVE-2024-51395). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-55045 |
|
Vulnerability in c (CVE-2024-55045)
vulnerability in c (CVE-2024-55045). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37225 |
|
Cross-Site Scripting (XSS) in CVE-2020-37225 (CVE-2020-37225)
cross-site scripting in CVE-2020-37225 (CVE-2020-37225). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37223 |
|
Vulnerability in c (CVE-2020-37223)
vulnerability in c (CVE-2020-37223). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37222 |
|
Cross-Site Scripting (XSS) in c (CVE-2020-37222)
cross-site scripting in c (CVE-2020-37222). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37218 |
|
SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
|
| CVE-2020-37217 |
|
Cross-Site Request Forgery (CSRF) in CVE-2020-37217 (CVE-2020-37217)
vulnerability in CVE-2020-37217 (CVE-2020-37217). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37174 |
|
Cross-Site Scripting (XSS) in CVE-2020-37174 (CVE-2020-37174)
cross-site scripting in CVE-2020-37174 (CVE-2020-37174). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37169 |
|
Vulnerability in wordpress (CVE-2020-37169)
vulnerability in wordpress (CVE-2020-37169). Confidential information can be exposed externally.
|
| CVE-2026-45152 |
|
OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
OS command injection in gitlab.com/uniget-org/cli (CVE-2026-45152). Successful exploitation can lead to full system takeover. Exploitable via ``check``. Mitigation: upgrade to `0.27.1` or later.
|
| CVE-2026-45136 |
|
OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
|
| CVE-2026-45134 |
|
Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44724 |
|
OS Command Injection in systeminformation (CVE-2026-44724)
OS command injection in systeminformation (CVE-2026-44724). Successful exploitation can lead to full system takeover. Exploitable via ``systeminformation``. Mitigation: upgrade to `5.31.6` or later.
|
| CVE-2026-37430 |
|
Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6177 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3425 |
|
Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44931 |
|
Vulnerability in c (CVE-2026-44931)
vulnerability in c (CVE-2026-44931). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7635 |
|
Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
|
| CVE-2026-8336 |
|
Use-After-Free in mongodb (CVE-2026-8336)
vulnerability in mongodb (CVE-2026-8336). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.9, 8.3.2` or later.
|
| CVE-2026-44681 |
|
Open Redirect in authlib (CVE-2026-44681)
vulnerability in authlib (CVE-2026-44681). Risk of unauthorized operations or information disclosure. Exploitable via `GET /oauth/authorize`. Mitigation: upgrade to `3be08468` or later.
|
| CVE-2026-44548 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-44548 (CVE-2026-44548)
vulnerability in CVE-2026-44548 (CVE-2026-44548). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-44547 |
|
Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
|
| CVE-2026-42289 |
|
Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-41901 |
|
Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
|
| CVE-2026-44660 |
|
Vulnerability in ujson (CVE-2026-44660)
vulnerability in ujson (CVE-2026-44660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.12.1` or later.
|
| CVE-2026-45227 |
|
Vulnerability in CVE-2026-45227 (CVE-2026-45227)
vulnerability in CVE-2026-45227 (CVE-2026-45227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44307 |
|
Path Traversal in Mako (CVE-2026-44307)
path traversal in Mako (CVE-2026-44307). Risk of unauthorized operations or information disclosure. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.12` or later.
|
| CVE-2026-44304 |
|
Vulnerability in lemur (CVE-2026-44304)
vulnerability in lemur (CVE-2026-44304). Confidential information can be exposed externally. Exploitable via `POST /auth/login`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-44262 |
|
Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
|