Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-43938 Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
CVE-2026-43937 Vulnerability in YAFNET.Core (CVE-2026-43937)
vulnerability in YAFNET.Core (CVE-2026-43937). Successful exploitation can lead to full system takeover. Exploitable via ``PageSecurityCheckAttribute``. Mitigation: upgrade to `4.0.5` or later.
CVE-2025-70842 Cross-Site Scripting (XSS) in CVE-2025-70842 (CVE-2025-70842)
cross-site scripting in CVE-2025-70842 (CVE-2025-70842). Risk of unauthorized operations or information disclosure.
CVE-2026-45091 Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
CVE-2026-44295 Code Injection in protobufjs-cli (CVE-2026-44295)
code injection in protobufjs-cli (CVE-2026-44295). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.0.2` or later.
CVE-2026-44294 Vulnerability in protobufjs (CVE-2026-44294)
vulnerability in protobufjs (CVE-2026-44294). Risk of unauthorized operations or information disclosure. Exploitable via ``fromObject``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44293 Code Injection in protobufjs (CVE-2026-44293)
code injection in protobufjs (CVE-2026-44293). Successful exploitation can lead to full system takeover. Exploitable via ``toObject``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44292 Vulnerability in protobufjs (CVE-2026-44292)
vulnerability in protobufjs (CVE-2026-44292). Risk of unauthorized operations or information disclosure. Exploitable via ``__proto__``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44291 Vulnerability in protobufjs (CVE-2026-44291)
vulnerability in protobufjs (CVE-2026-44291). Successful exploitation can lead to full system takeover. Exploitable via ``Object.prototype``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44290 Vulnerability in protobufjs (CVE-2026-44290)
vulnerability in protobufjs (CVE-2026-44290). Risk of unauthorized operations or information disclosure. Exploitable via ``parse``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44289 Vulnerability in protobufjs (CVE-2026-44289)
vulnerability in protobufjs (CVE-2026-44289). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44288 Vulnerability in protobufjs (CVE-2026-44288)
vulnerability in protobufjs (CVE-2026-44288). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-42290 OS Command Injection in protobufjs-cli (CVE-2026-42290)
OS command injection in protobufjs-cli (CVE-2026-42290). Successful exploitation can lead to full system takeover. Exploitable via ``pbts``. Mitigation: upgrade to `2.0.2` or later.
CVE-2026-8390 Use-After-Free in mozilla (CVE-2026-8390)
vulnerability in mozilla (CVE-2026-8390). Risk of unauthorized operations or information disclosure.
CVE-2026-8391 Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8388 Buffer Overflow in mozilla (CVE-2026-8388)
vulnerability in mozilla (CVE-2026-8388). Risk of unauthorized operations or information disclosure.
CVE-2026-8389 Buffer Overflow in mozilla (CVE-2026-8389)
vulnerability in mozilla (CVE-2026-8389). Successful exploitation can lead to full system takeover.
CVE-2026-43916 Out-of-Bounds Read in c (CVE-2026-43916)
vulnerability in c (CVE-2026-43916). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.0-alpha` or later.
CVE-2026-43930 Vulnerability in parse-server (CVE-2026-43930)
vulnerability in parse-server (CVE-2026-43930). Data can be tampered with by attackers. Exploitable via ``applyAuthDataOptimisticLock``. Mitigation: upgrade to `8.6.76` or later.
CVE-2026-45212 Vulnerability in c (CVE-2026-45212)
vulnerability in c (CVE-2026-45212). Risk of unauthorized operations or information disclosure.
CVE-2026-25789 Cross-Site Scripting (XSS) in CVE-2026-25789 (CVE-2026-25789)
cross-site scripting in CVE-2026-25789 (CVE-2026-25789). Successful exploitation can lead to full system takeover.
CVE-2026-7616 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7616)
vulnerability in wordpress (CVE-2026-7616). Risk of unauthorized operations or information disclosure.
CVE-2026-6663 Vulnerability in wordpress (CVE-2026-6663)
vulnerability in wordpress (CVE-2026-6663). Risk of unauthorized operations or information disclosure.
CVE-2026-6932 Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6932)
vulnerability in wordpress (CVE-2026-6932). Risk of unauthorized operations or information disclosure.
CVE-2026-7626 Information Disclosure in wordpress (CVE-2026-7626)
vulnerability in wordpress (CVE-2026-7626). Risk of unauthorized operations or information disclosure.
CVE-2026-4663 Vulnerability in wordpress (CVE-2026-4663)
vulnerability in wordpress (CVE-2026-4663). Risk of unauthorized operations or information disclosure.
CVE-2026-45392 Reserved. Details will be published at disclosure.
Reserved. Details will be published at disclosure.
CVE-2026-34962 Vulnerability in c (CVE-2026-34962)
vulnerability in c (CVE-2026-34962). Risk of unauthorized operations or information disclosure.
CVE-2026-34963 Vulnerability in c (CVE-2026-34963)
vulnerability in c (CVE-2026-34963). Successful exploitation can lead to full system takeover.
CVE-2026-43913 Authorization Flaw in dani-garcia (CVE-2026-43913)
vulnerability in dani-garcia (CVE-2026-43913). Data can be tampered with by attackers. Exploitable via `POST /api/ciphers/purge`. Mitigation: upgrade to `1.35.5` or later.
CVE-2026-43914 Vulnerability in dani-garcia (CVE-2026-43914)
vulnerability in dani-garcia (CVE-2026-43914). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.4` or later.
CVE-2026-43912 Vulnerability in dani-garcia (CVE-2026-43912)
vulnerability in dani-garcia (CVE-2026-43912). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.5` or later.
CVE-2026-43911 Vulnerability in dani-garcia (CVE-2026-43911)
vulnerability in dani-garcia (CVE-2026-43911). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.5` or later.
CVE-2026-43900 Cross-Site Scripting (XSS) in vue (CVE-2026-43900)
cross-site scripting in vue (CVE-2026-43900). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.4-beta.1` or later.
CVE-2026-42554 Cross-Site Scripting (XSS) in github.com/gofiber/fiber/v3 (CVE-2026-42554)
cross-site scripting in github.com/gofiber/fiber/v3 (CVE-2026-42554). Risk of unauthorized operations or information disclosure. Exploitable via ``DefaultRes.AutoFormat``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-43897 SSRF (Server-Side Request Forgery) in link-preview-js (CVE-2026-43897)
SSRF in link-preview-js (CVE-2026-43897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.1` or later.
CVE-2026-43893 Vulnerability in exiftool-vendored (CVE-2026-43893)
vulnerability in exiftool-vendored (CVE-2026-43893). Data can be tampered with by attackers. Exploitable via ``WriteTask``. Mitigation: upgrade to `35.19.0` or later.
CVE-2026-43885 Information Disclosure in wwbn/avideo (CVE-2026-43885)
vulnerability in wwbn/avideo (CVE-2026-43885). Risk of unauthorized operations or information disclosure. Exploitable via ``APISecret``.
CVE-2026-43884 SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43884)
SSRF in wwbn/avideo (CVE-2026-43884). Confidential information can be exposed externally. Exploitable via `POST /plugin/AI/receiveAsync.json.php`.
CVE-2026-43887 Cross-Site Scripting (XSS) in CVE-2026-43887 (CVE-2026-43887)
cross-site scripting in CVE-2026-43887 (CVE-2026-43887). Confidential information can be exposed externally. Mitigation: upgrade to `1.7.0` or later.
CVE-2026-43877 Cross-Site Request Forgery (CSRF) in wwbn/avideo (CVE-2026-43877)
vulnerability in wwbn/avideo (CVE-2026-43877). Risk of unauthorized operations or information disclosure. Exploitable via ``autoCSRFGuard``.
CVE-2026-43880 Vulnerability in wwbn/avideo (CVE-2026-43880)
vulnerability in wwbn/avideo (CVE-2026-43880). Risk of unauthorized operations or information disclosure. Exploitable via `POST /objects/sendEmail.json.php`.
CVE-2026-43881 Vulnerability in wwbn/avideo (CVE-2026-43881)
vulnerability in wwbn/avideo (CVE-2026-43881). Risk of unauthorized operations or information disclosure. Exploitable via ``isCompany``.
CVE-2026-43878 Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43878)
cross-site scripting in wwbn/avideo (CVE-2026-43878). Risk of unauthorized operations or information disclosure. Exploitable via ``user``.
CVE-2026-43879 SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43879)
SSRF in wwbn/avideo (CVE-2026-43879). Risk of unauthorized operations or information disclosure. Exploitable via `POST /internal/admin/action`.
CVE-2026-43883 Vulnerability in wwbn/avideo (CVE-2026-43883)
vulnerability in wwbn/avideo (CVE-2026-43883). Risk of unauthorized operations or information disclosure. Exploitable via ``agreement``.
CVE-2026-43875 Vulnerability in wwbn/avideo (CVE-2026-43875)
vulnerability in wwbn/avideo (CVE-2026-43875). Confidential information can be exposed externally. Exploitable via `GET /plugin/MobileManager/oauth2.php`.
CVE-2026-34961 Out-of-Bounds Read in c (CVE-2026-34961)
vulnerability in c (CVE-2026-34961). Risk of unauthorized operations or information disclosure.
CVE-2026-43876 Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43876)
cross-site scripting in wwbn/avideo (CVE-2026-43876). Risk of unauthorized operations or information disclosure. Exploitable via ``message``.
CVE-2026-42188 SSRF (Server-Side Request Forgery) in org.geysermc.geyser:core (CVE-2026-42188)
SSRF in org.geysermc.geyser:core (CVE-2026-42188). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.9.3` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →