Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42313 |
|
Vulnerability in pyload-ng (CVE-2026-42313)
vulnerability in pyload-ng (CVE-2026-42313). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-40612 |
|
Vulnerability in c (CVE-2026-40612)
vulnerability in c (CVE-2026-40612). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42842 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42842)
cross-site scripting in getgrav/grav (CVE-2026-42842). Risk of unauthorized operations or information disclosure. Exploitable via ``on_events``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42349 |
|
Vulnerability in @clerk/shared (CVE-2026-42349)
vulnerability in @clerk/shared (CVE-2026-42349). Confidential information can be exposed externally. Exploitable via ``clerkMiddleware``. Mitigation: upgrade to `4.8.3` or later.
|
| CVE-2026-45109 |
|
Vulnerability in next (CVE-2026-45109)
vulnerability in next (CVE-2026-45109). Confidential information can be exposed externally. Exploitable via ``middleware.ts``. Mitigation: upgrade to `16.2.6` or later.
|
| CVE-2026-44643 |
|
Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-8292 |
|
Vulnerability in c (CVE-2026-8292)
vulnerability in c (CVE-2026-8292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8291 |
|
Vulnerability in c (CVE-2026-8291)
vulnerability in c (CVE-2026-8291). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7818 |
|
Unsafe Deserialization in pgadmin4 (CVE-2026-7818)
vulnerability in pgadmin4 (CVE-2026-7818). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7814 |
|
Cross-Site Scripting (XSS) in pgadmin4 (CVE-2026-7814)
cross-site scripting in pgadmin4 (CVE-2026-7814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-42841 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42841)
cross-site scripting in getgrav/grav (CVE-2026-42841). Risk of unauthorized operations or information disclosure. Exploitable via ``onload``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42612 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42612)
cross-site scripting in getgrav/grav (CVE-2026-42612). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42607 |
|
Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-3320 |
|
Cross-Site Scripting (XSS) in CVE-2026-3320 (CVE-2026-3320)
cross-site scripting in CVE-2026-3320 (CVE-2026-3320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34092 |
|
Information Disclosure in mediawiki (CVE-2026-34092)
vulnerability in mediawiki (CVE-2026-34092). Confidential information can be exposed externally.
|
| CVE-2026-3319 |
|
Cross-Site Scripting (XSS) in CVE-2026-3319 (CVE-2026-3319)
cross-site scripting in CVE-2026-3319 (CVE-2026-3319). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65416 |
|
Unrestricted File Upload in CVE-2025-65416 (CVE-2025-65416)
vulnerability in CVE-2025-65416 (CVE-2025-65416). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61314 |
|
Cross-Site Scripting (XSS) in CVE-2025-61314 (CVE-2025-61314)
cross-site scripting in CVE-2025-61314 (CVE-2025-61314). Confidential information can be exposed externally.
|
| CVE-2025-61313 |
|
Cross-Site Scripting (XSS) in CVE-2025-61313 (CVE-2025-61313)
cross-site scripting in CVE-2025-61313 (CVE-2025-61313). Confidential information can be exposed externally.
|
| CVE-2025-61312 |
|
Cross-Site Scripting (XSS) in CVE-2025-61312 (CVE-2025-61312)
cross-site scripting in CVE-2025-61312 (CVE-2025-61312). Confidential information can be exposed externally.
|
| CVE-2025-61311 |
|
Cross-Site Scripting (XSS) in CVE-2025-61311 (CVE-2025-61311)
cross-site scripting in CVE-2025-61311 (CVE-2025-61311). Confidential information can be exposed externally.
|
| CVE-2025-61310 |
|
Cross-Site Scripting (XSS) in CVE-2025-61310 (CVE-2025-61310)
cross-site scripting in CVE-2025-61310 (CVE-2025-61310). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61309 |
|
Cross-Site Scripting (XSS) in CVE-2025-61309 (CVE-2025-61309)
cross-site scripting in CVE-2025-61309 (CVE-2025-61309). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61308 |
|
Cross-Site Scripting (XSS) in CVE-2025-61308 (CVE-2025-61308)
cross-site scripting in CVE-2025-61308 (CVE-2025-61308). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61305 |
|
Cross-Site Scripting (XSS) in CVE-2025-61305 (CVE-2025-61305)
cross-site scripting in CVE-2025-61305 (CVE-2025-61305). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61307 |
|
Cross-Site Scripting (XSS) in CVE-2025-61307 (CVE-2025-61307)
cross-site scripting in CVE-2025-61307 (CVE-2025-61307). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61306 |
|
Cross-Site Scripting (XSS) in CVE-2025-61306 (CVE-2025-61306)
cross-site scripting in CVE-2025-61306 (CVE-2025-61306). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44572 |
|
Vulnerability in next (CVE-2026-44572)
vulnerability in next (CVE-2026-44572). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44521 |
|
SQL Injection in studio-42/elfinder (CVE-2026-44521)
SQL injection in studio-42/elfinder (CVE-2026-44521). Successful exploitation can lead to full system takeover. Exploitable via ``elFinderVolumeMySQL``. Mitigation: upgrade to `2.1.68` or later.
|
| CVE-2026-44581 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44581)
cross-site scripting in next (CVE-2026-44581). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44582 |
|
Vulnerability in next (CVE-2026-44582)
vulnerability in next (CVE-2026-44582). Risk of unauthorized operations or information disclosure. Exploitable via ``_rsc``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44580 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44580)
cross-site scripting in next (CVE-2026-44580). Risk of unauthorized operations or information disclosure. Exploitable via ``beforeInteractive``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44579 |
|
Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44577 |
|
Vulnerability in next (CVE-2026-44577)
vulnerability in next (CVE-2026-44577). Risk of unauthorized operations or information disclosure. Exploitable via ``images.localPatterns``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44578 |
|
SSRF (Server-Side Request Forgery) in next (CVE-2026-44578)
SSRF in next (CVE-2026-44578). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44576 |
|
Vulnerability in next (CVE-2026-44576)
vulnerability in next (CVE-2026-44576). Risk of unauthorized operations or information disclosure. Exploitable via ``RSC``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44575 |
|
Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44574 |
|
Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44573 |
|
Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-45017 |
|
Path Traversal in python-liquid (CVE-2026-45017)
path traversal in python-liquid (CVE-2026-45017). Confidential information can be exposed externally. Exploitable via ``FileSystemLoader``. Mitigation: upgrade to `2.2.0` or later.
|
| CVE-2026-44432 |
|
Vulnerability in urllib3 (CVE-2026-44432)
vulnerability in urllib3 (CVE-2026-44432). Risk of unauthorized operations or information disclosure. Exploitable via ``gzip``. Mitigation: upgrade to `2.7.0` or later.
|
| CVE-2026-44431 |
|
Information Disclosure in urllib3 (CVE-2026-44431)
vulnerability in urllib3 (CVE-2026-44431). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.7.0` or later.
|
| CVE-2026-44902 |
|
Vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902)
vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``. Mitigation: upgrade to `0.217.0` or later.
|
| CVE-2026-44346 |
|
OS Command Injection in bentoml (CVE-2026-44346)
OS command injection in bentoml (CVE-2026-44346). Successful exploitation can lead to full system takeover. Exploitable via ``bentofile.yaml``. Mitigation: upgrade to `1.4.39` or later.
|
| CVE-2026-44345 |
|
OS Command Injection in bentoml (CVE-2026-44345)
OS command injection in bentoml (CVE-2026-44345). Successful exploitation can lead to full system takeover. Exploitable via ``docker.base_image``. Mitigation: upgrade to `1.4.39` or later.
|
| CVE-2026-8290 |
|
Vulnerability in c (CVE-2026-8290)
vulnerability in c (CVE-2026-8290). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8289 |
|
Vulnerability in c (CVE-2026-8289)
vulnerability in c (CVE-2026-8289). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8288 |
|
Vulnerability in c (CVE-2026-8288)
vulnerability in c (CVE-2026-8288). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6956 |
|
Cross-Site Scripting (XSS) in CVE-2026-6956 (CVE-2026-6956)
cross-site scripting in CVE-2026-6956 (CVE-2026-6956). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6909 |
|
Cross-Site Scripting (XSS) in CVE-2026-6909 (CVE-2026-6909)
cross-site scripting in CVE-2026-6909 (CVE-2026-6909). Risk of unauthorized operations or information disclosure.
|