Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-7261 Use-After-Free in libphp (CVE-2026-7261)
vulnerability in libphp (CVE-2026-7261). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-7259 Vulnerability in libphp (CVE-2026-7259)
vulnerability in libphp (CVE-2026-7259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-7258 Out-of-Bounds Read in libphp (CVE-2026-7258)
vulnerability in libphp (CVE-2026-7258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-6735 Cross-Site Scripting (XSS) in libphp (CVE-2026-6735)
cross-site scripting in libphp (CVE-2026-6735). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-6722 Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2025-14179 SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-8224 Vulnerability in c (CVE-2026-8224)
vulnerability in c (CVE-2026-8224). Risk of unauthorized operations or information disclosure.
CVE-2026-8222 Vulnerability in c (CVE-2026-8222)
vulnerability in c (CVE-2026-8222). Risk of unauthorized operations or information disclosure.
CVE-2026-8216 Authentication Bypass in CVE-2026-8216 (CVE-2026-8216)
authentication bypass in CVE-2026-8216 (CVE-2026-8216). Risk of unauthorized operations or information disclosure.
CVE-2026-8212 Buffer Overflow in gdal (CVE-2026-8212)
vulnerability in gdal (CVE-2026-8212). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-8213 Buffer Overflow in gdal (CVE-2026-8213)
vulnerability in gdal (CVE-2026-8213). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
CVE-2026-8211 Vulnerability in CVE-2026-8211 (CVE-2026-8211)
vulnerability in CVE-2026-8211 (CVE-2026-8211). Risk of unauthorized operations or information disclosure.
CVE-2026-8195 Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)
cross-site scripting in CVE-2026-8195 (CVE-2026-8195). Risk of unauthorized operations or information disclosure.
CVE-2026-8196 Vulnerability in CVE-2026-8196 (CVE-2026-8196)
vulnerability in CVE-2026-8196 (CVE-2026-8196). Risk of unauthorized operations or information disclosure.
CVE-2026-8194 Cross-Site Request Forgery (CSRF) in CVE-2026-8194 (CVE-2026-8194)
vulnerability in CVE-2026-8194 (CVE-2026-8194). Risk of unauthorized operations or information disclosure.
CVE-2026-42605 Path Traversal in azuracast/azuracast (CVE-2026-42605)
path traversal in azuracast/azuracast (CVE-2026-42605). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/station/{station_id}/files/upload`. Mitigation: upgrade to `0.23.6` or later.
CVE-2026-42569 Vulnerability in nabeel/phpvms (CVE-2026-42569)
vulnerability in nabeel/phpvms (CVE-2026-42569). Data can be tampered with by attackers. Mitigation: upgrade to `7.0.6` or later.
CVE-2026-42245 Vulnerability in net-imap (CVE-2026-42245)
vulnerability in net-imap (CVE-2026-42245). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseReader``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-42246 Vulnerability in net-imap (CVE-2026-42246)
vulnerability in net-imap (CVE-2026-42246). Confidential information can be exposed externally. Exploitable via ``STARTTLS``. Mitigation: upgrade to `0.3.10` or later.
CVE-2026-42562 Privilege Escalation in CVE-2026-42562 (CVE-2026-42562)
vulnerability in CVE-2026-42562 (CVE-2026-42562). Confidential information can be exposed externally. Exploitable via `PUT /api.php/v1/users/{id}.`.
CVE-2026-42256 Vulnerability in net-imap (CVE-2026-42256)
vulnerability in net-imap (CVE-2026-42256). Risk of unauthorized operations or information disclosure. Exploitable via ``Timeout``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-42257 Command Injection in net-imap (CVE-2026-42257)
command injection in net-imap (CVE-2026-42257). Successful exploitation can lead to full system takeover. Exploitable via ``CRLF``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-42258 Command Injection in net-imap (CVE-2026-42258)
command injection in net-imap (CVE-2026-42258). Data can be tampered with by attackers. Exploitable via ``flag``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-8193 SSRF (Server-Side Request Forgery) in CVE-2026-8193 (CVE-2026-8193)
SSRF in CVE-2026-8193 (CVE-2026-8193). Risk of unauthorized operations or information disclosure.
CVE-2026-8191 Command Injection in c (CVE-2026-8191)
command injection in c (CVE-2026-8191). Risk of unauthorized operations or information disclosure.
CVE-2026-6074 Vulnerability in cisa (CVE-2026-6074)
vulnerability in cisa (CVE-2026-6074). Successful exploitation can lead to full system takeover.
CVE-2026-8186 Buffer Overflow in c (CVE-2026-8186)
vulnerability in c (CVE-2026-8186). Risk of unauthorized operations or information disclosure.
CVE-2026-8187 Vulnerability in c (CVE-2026-8187)
vulnerability in c (CVE-2026-8187). Risk of unauthorized operations or information disclosure.
CVE-2026-42311 Vulnerability in pillow (CVE-2026-42311)
vulnerability in pillow (CVE-2026-42311). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `12.2.0` or later.
CVE-2026-42310 Vulnerability in pillow (CVE-2026-42310)
vulnerability in pillow (CVE-2026-42310). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.2.0` or later.
CVE-2026-42309 Vulnerability in pillow (CVE-2026-42309)
vulnerability in pillow (CVE-2026-42309). Risk of unauthorized operations or information disclosure. Exploitable via ``ImagePath.Path``. Mitigation: upgrade to `12.2.0` or later.
CVE-2026-42308 Vulnerability in pillow (CVE-2026-42308)
vulnerability in pillow (CVE-2026-42308). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.2.0` or later.
CVE-2026-8209 Vulnerability in path-traversal (CVE-2026-8209)
vulnerability in path-traversal (CVE-2026-8209). Risk of unauthorized operations or information disclosure.
CVE-2026-8208 Vulnerability in CVE-2026-8208 (CVE-2026-8208)
vulnerability in CVE-2026-8208 (CVE-2026-8208). Risk of unauthorized operations or information disclosure.
CVE-2026-42301 Vulnerability in pyp2spec (CVE-2026-42301)
vulnerability in pyp2spec (CVE-2026-42301). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
CVE-2026-41311 Vulnerability in liquidjs (CVE-2026-41311)
vulnerability in liquidjs (CVE-2026-41311). Risk of unauthorized operations or information disclosure. Exploitable via ``getBlockRender``. Mitigation: upgrade to `10.25.7` or later.
CVE-2026-8207 SQL Injection in sqli (CVE-2026-8207)
SQL injection in sqli (CVE-2026-8207). Risk of unauthorized operations or information disclosure.
CVE-2026-44458 Vulnerability in hono (CVE-2026-44458)
vulnerability in hono (CVE-2026-44458). Risk of unauthorized operations or information disclosure. Exploitable via ``style``. Mitigation: upgrade to `4.12.18` or later.
CVE-2026-44459 Vulnerability in hono (CVE-2026-44459)
vulnerability in hono (CVE-2026-44459). Risk of unauthorized operations or information disclosure. Exploitable via ``exp``. Mitigation: upgrade to `4.12.18` or later.
CVE-2026-44966 Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
CVE-2026-44457 Vulnerability in hono (CVE-2026-44457)
vulnerability in hono (CVE-2026-44457). Risk of unauthorized operations or information disclosure. Exploitable via ``private``. Mitigation: upgrade to `4.12.18` or later.
CVE-2026-42455 Cross-Site Scripting (XSS) in CVE-2026-42455 (CVE-2026-42455)
cross-site scripting in CVE-2026-42455 (CVE-2026-42455). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/archives/`.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-44897 Cross-Site Scripting (XSS) in mistune (CVE-2026-44897)
cross-site scripting in mistune (CVE-2026-44897). Risk of unauthorized operations or information disclosure. Exploitable via ``toc_1``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-44983 Vulnerability in smallbitvec (CVE-2026-44983)
vulnerability in smallbitvec (CVE-2026-44983). Risk of unauthorized operations or information disclosure. Exploitable via ``smallbitvec``.
CVE-2026-44788 Path Traversal in SharpCompress (CVE-2026-44788)
path traversal in SharpCompress (CVE-2026-44788). Data can be tampered with by attackers. Exploitable via ``WriteToDirectoryInternal``.
CVE-2026-44900 Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
CVE-2026-44896 Cross-Site Scripting (XSS) in mistune (CVE-2026-44896)
cross-site scripting in mistune (CVE-2026-44896). Risk of unauthorized operations or information disclosure. Exploitable via ``figclass``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-44708 Cross-Site Scripting (XSS) in mistune (CVE-2026-44708)
cross-site scripting in mistune (CVE-2026-44708). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape``.
CVE-2026-44837 Vulnerability in view_component (CVE-2026-44837)
vulnerability in view_component (CVE-2026-44837). Confidential information can be exposed externally. Exploitable via `GET /_system_test_entrypoint`. Mitigation: upgrade to `4.9.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →