Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44259 |
|
Vulnerability in CVE-2026-44259 (CVE-2026-44259)
vulnerability in CVE-2026-44259 (CVE-2026-44259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
|
| CVE-2026-44262 |
|
Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
|
| CVE-2026-44241 |
|
Vulnerability in io.micronaut:micronaut-context (CVE-2026-44241)
vulnerability in io.micronaut:micronaut-context (CVE-2026-44241). Risk of unauthorized operations or information disclosure. Exploitable via ``TimeConverterRegistrar``. Mitigation: upgrade to `4.10.22` or later.
|
| CVE-2026-44242 |
|
Vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242)
vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242). Risk of unauthorized operations or information disclosure. Exploitable via ``ResourceBundleMessageSource``. Mitigation: upgrade to `3.8.14` or later.
|
| CVE-2026-43948 |
|
Authorization Flaw in wger (CVE-2026-43948)
vulnerability in wger (CVE-2026-43948). Successful exploitation can lead to full system takeover. Exploitable via `GET /en/gym/user/`. Mitigation: upgrade to `2.6` or later.
|
| CVE-2026-42545 |
|
Vulnerability in granian (CVE-2026-42545)
vulnerability in granian (CVE-2026-42545). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `2.7.4` or later.
|
| CVE-2026-42544 |
|
Vulnerability in granian (CVE-2026-42544)
vulnerability in granian (CVE-2026-42544). Risk of unauthorized operations or information disclosure. Exploitable via ``Err``. Mitigation: upgrade to `2.7.4` or later.
|
| CVE-2026-40863 |
|
Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40863). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-40902 |
|
Vulnerability in phpoffice/phpspreadsheet (CVE-2026-40902)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-40902). Risk of unauthorized operations or information disclosure. Exploitable via ``cachedHighestRow``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-44232 |
|
Vulnerability in dssrf (CVE-2026-44232)
vulnerability in dssrf (CVE-2026-44232). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.3` or later.
|
| CVE-2026-44224 |
|
Privilege Escalation in requarks (CVE-2026-44224)
vulnerability in requarks (CVE-2026-44224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.313` or later.
|
| CVE-2026-44010 |
|
Vulnerability in craftcms/cms (CVE-2026-44010)
vulnerability in craftcms/cms (CVE-2026-44010). Risk of unauthorized operations or information disclosure. Exploitable via ``true``. Mitigation: upgrade to `4.17.12` or later.
|
| CVE-2026-44225 |
|
Path Traversal in CVE-2026-44225 (CVE-2026-44225)
path traversal in CVE-2026-44225 (CVE-2026-44225). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.1` or later.
|
| CVE-2026-44217 |
|
Vulnerability in sse-channel (CVE-2026-44217)
vulnerability in sse-channel (CVE-2026-44217). Risk of unauthorized operations or information disclosure. Exploitable via ``event``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-42338 |
|
Cross-Site Scripting (XSS) in ip-address (CVE-2026-42338)
cross-site scripting in ip-address (CVE-2026-42338). Risk of unauthorized operations or information disclosure. Exploitable via ``AddressError.parseMessage``. Mitigation: upgrade to `10.1.1` or later.
|
| CVE-2026-34686 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34686)
cross-site scripting in adobe (CVE-2026-34686). Confidential information can be exposed externally.
|
| CVE-2026-34655 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34655)
cross-site scripting in adobe (CVE-2026-34655). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34658 |
|
Cross-Site Scripting (XSS) in adobe (CVE-2026-34658)
cross-site scripting in adobe (CVE-2026-34658). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23819 |
|
Cross-Site Scripting (XSS) in CVE-2026-23819 (CVE-2026-23819)
cross-site scripting in CVE-2026-23819 (CVE-2026-23819). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31236 |
|
Code Injection in llm (CVE-2026-31236)
code injection in llm (CVE-2026-31236). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31238 |
|
Unsafe Deserialization in ludwig (CVE-2026-31238)
vulnerability in ludwig (CVE-2026-31238). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31237 |
|
Unsafe Deserialization in ludwig (CVE-2026-31237)
vulnerability in ludwig (CVE-2026-31237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31239 |
|
Unsafe Deserialization in mamba-ssm (CVE-2026-31239)
vulnerability in mamba-ssm (CVE-2026-31239). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31235 |
|
Unsafe Deserialization in imgaug (CVE-2026-31235)
vulnerability in imgaug (CVE-2026-31235). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29204 |
|
Vulnerability in CVE-2026-29204 (CVE-2026-29204)
vulnerability in CVE-2026-29204 (CVE-2026-29204). Confidential information can be exposed externally. Exploitable via ``clientarea.php``.
|
| CVE-2026-31232 |
|
Unsafe Deserialization in deserialization (CVE-2026-31232)
vulnerability in deserialization (CVE-2026-31232). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31230 |
|
Vulnerability in CVE-2026-31230 (CVE-2026-31230)
vulnerability in CVE-2026-31230 (CVE-2026-31230). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31229 |
|
Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31231 |
|
Code Injection in CVE-2026-31231 (CVE-2026-31231)
code injection in CVE-2026-31231 (CVE-2026-31231). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43929 |
|
Vulnerability in ssrfcheck (CVE-2026-43929)
vulnerability in ssrfcheck (CVE-2026-43929). Confidential information can be exposed externally. Exploitable via ``ssrfcheck``.
|
| CVE-2026-42899 |
|
Vulnerability in dotnet (CVE-2026-42899)
vulnerability in dotnet (CVE-2026-42899). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.27, 9.0.16, 10.0.8` or later.
|
| CVE-2026-42348 |
|
Vulnerability in OpenTelemetry.OpAmp.Client (CVE-2026-42348)
vulnerability in OpenTelemetry.OpAmp.Client (CVE-2026-42348). Risk of unauthorized operations or information disclosure. Exploitable via ``ReadAsByteArrayAsync``. Mitigation: upgrade to `0.2.0-alpha.1` or later.
|
| CVE-2026-42177 |
|
Vulnerability in CVE-2026-42177 (CVE-2026-42177)
vulnerability in CVE-2026-42177 (CVE-2026-42177). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.1` or later.
|
| CVE-2026-35433 |
|
Vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433)
vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32175 |
|
Vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175)
vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32177 |
|
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
|
| CVE-2026-43990 |
|
Command Injection in c (CVE-2026-43990)
command injection in c (CVE-2026-43990). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-31228 |
|
Code Injection in CVE-2026-31228 (CVE-2026-31228)
code injection in CVE-2026-31228 (CVE-2026-31228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31225 |
|
Code Injection in superduper-framework (CVE-2026-31225)
code injection in superduper-framework (CVE-2026-31225). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31224 |
|
Unsafe Deserialization in snorkel (CVE-2026-31224)
vulnerability in snorkel (CVE-2026-31224). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31223 |
|
Unsafe Deserialization in snorkel (CVE-2026-31223)
vulnerability in snorkel (CVE-2026-31223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31222 |
|
Unsafe Deserialization in snorkel (CVE-2026-31222)
vulnerability in snorkel (CVE-2026-31222). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31221 |
|
Unsafe Deserialization in pytorch-lightning (CVE-2026-31221)
vulnerability in pytorch-lightning (CVE-2026-31221). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31218 |
|
Unsafe Deserialization in deserialization (CVE-2026-31218)
vulnerability in deserialization (CVE-2026-31218). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31214 |
|
Unsafe Deserialization in deserialization (CVE-2026-31214)
vulnerability in deserialization (CVE-2026-31214). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31220 |
|
Code Injection in syft (CVE-2026-31220)
code injection in syft (CVE-2026-31220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31219 |
|
Unsafe Deserialization in deserialization (CVE-2026-31219)
vulnerability in deserialization (CVE-2026-31219). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31217 |
|
Code Injection in nebuly (CVE-2026-31217)
code injection in nebuly (CVE-2026-31217). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27753 |
|
Unrestricted File Upload in CVE-2023-27753 (CVE-2023-27753)
vulnerability in CVE-2023-27753 (CVE-2023-27753). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43939 |
|
Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
|