Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-44259 Vulnerability in CVE-2026-44259 (CVE-2026-44259)
vulnerability in CVE-2026-44259 (CVE-2026-44259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
CVE-2026-44262 Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
CVE-2026-44241 Vulnerability in io.micronaut:micronaut-context (CVE-2026-44241)
vulnerability in io.micronaut:micronaut-context (CVE-2026-44241). Risk of unauthorized operations or information disclosure. Exploitable via ``TimeConverterRegistrar``. Mitigation: upgrade to `4.10.22` or later.
CVE-2026-44242 Vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242)
vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242). Risk of unauthorized operations or information disclosure. Exploitable via ``ResourceBundleMessageSource``. Mitigation: upgrade to `3.8.14` or later.
CVE-2026-43948 Authorization Flaw in wger (CVE-2026-43948)
vulnerability in wger (CVE-2026-43948). Successful exploitation can lead to full system takeover. Exploitable via `GET /en/gym/user/`. Mitigation: upgrade to `2.6` or later.
CVE-2026-42545 Vulnerability in granian (CVE-2026-42545)
vulnerability in granian (CVE-2026-42545). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `2.7.4` or later.
CVE-2026-42544 Vulnerability in granian (CVE-2026-42544)
vulnerability in granian (CVE-2026-42544). Risk of unauthorized operations or information disclosure. Exploitable via ``Err``. Mitigation: upgrade to `2.7.4` or later.
CVE-2026-40863 Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-40902 Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40902)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40902). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
CVE-2026-44232 Vulnerability in dssrf (CVE-2026-44232)
vulnerability in dssrf (CVE-2026-44232). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-44224 Privilege Escalation in requarks (CVE-2026-44224)
vulnerability in requarks (CVE-2026-44224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.313` or later.
CVE-2026-44010 Vulnerability in craftcms/cms (CVE-2026-44010)
vulnerability in craftcms/cms (CVE-2026-44010). Risk of unauthorized operations or information disclosure. Exploitable via ``true``. Mitigation: upgrade to `4.17.12` or later.
CVE-2026-44225 Path Traversal in CVE-2026-44225 (CVE-2026-44225)
path traversal in CVE-2026-44225 (CVE-2026-44225). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.1` or later.
CVE-2026-44217 Vulnerability in sse-channel (CVE-2026-44217)
vulnerability in sse-channel (CVE-2026-44217). Risk of unauthorized operations or information disclosure. Exploitable via ``event``. Mitigation: upgrade to `4.0.1` or later.
CVE-2026-42338 Cross-Site Scripting (XSS) in ip-address (CVE-2026-42338)
cross-site scripting in ip-address (CVE-2026-42338). Risk of unauthorized operations or information disclosure. Exploitable via ``AddressError.parseMessage``. Mitigation: upgrade to `10.1.1` or later.
CVE-2026-34686 Cross-Site Scripting (XSS) in adobe (CVE-2026-34686)
cross-site scripting in adobe (CVE-2026-34686). Confidential information can be exposed externally.
CVE-2026-34655 Cross-Site Scripting (XSS) in adobe (CVE-2026-34655)
cross-site scripting in adobe (CVE-2026-34655). Risk of unauthorized operations or information disclosure.
CVE-2026-34658 Cross-Site Scripting (XSS) in adobe (CVE-2026-34658)
cross-site scripting in adobe (CVE-2026-34658). Risk of unauthorized operations or information disclosure.
CVE-2026-23819 Cross-Site Scripting (XSS) in CVE-2026-23819 (CVE-2026-23819)
cross-site scripting in CVE-2026-23819 (CVE-2026-23819). Successful exploitation can lead to full system takeover.
CVE-2026-31236 Code Injection in llm (CVE-2026-31236)
code injection in llm (CVE-2026-31236). Successful exploitation can lead to full system takeover.
CVE-2026-31238 Unsafe Deserialization in ludwig (CVE-2026-31238)
vulnerability in ludwig (CVE-2026-31238). Successful exploitation can lead to full system takeover.
CVE-2026-31237 Unsafe Deserialization in ludwig (CVE-2026-31237)
vulnerability in ludwig (CVE-2026-31237). Successful exploitation can lead to full system takeover.
CVE-2026-31239 Unsafe Deserialization in mamba-ssm (CVE-2026-31239)
vulnerability in mamba-ssm (CVE-2026-31239). Successful exploitation can lead to full system takeover.
CVE-2026-31235 Unsafe Deserialization in imgaug (CVE-2026-31235)
vulnerability in imgaug (CVE-2026-31235). Successful exploitation can lead to full system takeover.
CVE-2026-29204 Vulnerability in CVE-2026-29204 (CVE-2026-29204)
vulnerability in CVE-2026-29204 (CVE-2026-29204). Confidential information can be exposed externally. Exploitable via ``clientarea.php``.
CVE-2026-31232 Unsafe Deserialization in deserialization (CVE-2026-31232)
vulnerability in deserialization (CVE-2026-31232). Successful exploitation can lead to full system takeover.
CVE-2026-31230 Vulnerability in CVE-2026-31230 (CVE-2026-31230)
vulnerability in CVE-2026-31230 (CVE-2026-31230). Successful exploitation can lead to full system takeover.
CVE-2026-31229 Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
CVE-2026-31231 Code Injection in CVE-2026-31231 (CVE-2026-31231)
code injection in CVE-2026-31231 (CVE-2026-31231). Successful exploitation can lead to full system takeover.
CVE-2026-43929 Vulnerability in ssrfcheck (CVE-2026-43929)
vulnerability in ssrfcheck (CVE-2026-43929). Confidential information can be exposed externally. Exploitable via ``ssrfcheck``.
CVE-2026-42899 Vulnerability in dotnet (CVE-2026-42899)
vulnerability in dotnet (CVE-2026-42899). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.27, 9.0.16, 10.0.8` or later.
CVE-2026-42348 Vulnerability in OpenTelemetry.OpAmp.Client (CVE-2026-42348)
vulnerability in OpenTelemetry.OpAmp.Client (CVE-2026-42348). Risk of unauthorized operations or information disclosure. Exploitable via ``ReadAsByteArrayAsync``. Mitigation: upgrade to `0.2.0-alpha.1` or later.
CVE-2026-42177 Vulnerability in CVE-2026-42177 (CVE-2026-42177)
vulnerability in CVE-2026-42177 (CVE-2026-42177). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.1` or later.
CVE-2026-35433 Vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433)
vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.8` or later.
CVE-2026-32175 Vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175)
vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.0.8` or later.
CVE-2026-32177 Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-43990 Command Injection in c (CVE-2026-43990)
command injection in c (CVE-2026-43990). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
CVE-2026-31228 Code Injection in CVE-2026-31228 (CVE-2026-31228)
code injection in CVE-2026-31228 (CVE-2026-31228). Successful exploitation can lead to full system takeover.
CVE-2026-31225 Code Injection in superduper-framework (CVE-2026-31225)
code injection in superduper-framework (CVE-2026-31225). Successful exploitation can lead to full system takeover.
CVE-2026-31224 Unsafe Deserialization in snorkel (CVE-2026-31224)
vulnerability in snorkel (CVE-2026-31224). Successful exploitation can lead to full system takeover.
CVE-2026-31223 Unsafe Deserialization in snorkel (CVE-2026-31223)
vulnerability in snorkel (CVE-2026-31223). Successful exploitation can lead to full system takeover.
CVE-2026-31222 Unsafe Deserialization in snorkel (CVE-2026-31222)
vulnerability in snorkel (CVE-2026-31222). Successful exploitation can lead to full system takeover.
CVE-2026-31221 Unsafe Deserialization in pytorch-lightning (CVE-2026-31221)
vulnerability in pytorch-lightning (CVE-2026-31221). Successful exploitation can lead to full system takeover.
CVE-2026-31218 Unsafe Deserialization in deserialization (CVE-2026-31218)
vulnerability in deserialization (CVE-2026-31218). Successful exploitation can lead to full system takeover.
CVE-2026-31214 Unsafe Deserialization in deserialization (CVE-2026-31214)
vulnerability in deserialization (CVE-2026-31214). Successful exploitation can lead to full system takeover.
CVE-2026-31220 Code Injection in syft (CVE-2026-31220)
code injection in syft (CVE-2026-31220). Successful exploitation can lead to full system takeover.
CVE-2026-31219 Unsafe Deserialization in deserialization (CVE-2026-31219)
vulnerability in deserialization (CVE-2026-31219). Successful exploitation can lead to full system takeover.
CVE-2026-31217 Code Injection in nebuly (CVE-2026-31217)
code injection in nebuly (CVE-2026-31217). Successful exploitation can lead to full system takeover.
CVE-2023-27753 Unrestricted File Upload in CVE-2023-27753 (CVE-2023-27753)
vulnerability in CVE-2023-27753 (CVE-2023-27753). Successful exploitation can lead to full system takeover.
CVE-2026-43939 Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →