Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44836 |
|
Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-45130 |
|
Vulnerability in c (CVE-2026-45130)
vulnerability in c (CVE-2026-45130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42451 |
|
Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
|
| CVE-2026-42351 |
|
Path Traversal in pygeoapi (CVE-2026-42351)
path traversal in pygeoapi (CVE-2026-42351). Confidential information can be exposed externally. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42352 |
|
SSRF (Server-Side Request Forgery) in pygeoapi (CVE-2026-42352)
SSRF in pygeoapi (CVE-2026-42352). Confidential information can be exposed externally. Exploitable via ``subscriber``. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42343 |
|
Vulnerability in dos (CVE-2026-42343)
vulnerability in dos (CVE-2026-42343). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42224 |
|
Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
cross-site scripting in ipl/web (CVE-2026-42224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.10.3` or later.
|
| CVE-2026-44844 |
|
Vulnerability in eml_parser (CVE-2026-44844)
vulnerability in eml_parser (CVE-2026-44844). Risk of unauthorized operations or information disclosure. Exploitable via ``RecursionError``. Mitigation: upgrade to `3.0.1` or later.
|
| CVE-2026-44843 |
|
Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
|
| CVE-2026-37709 |
|
Vulnerability in snipe/snipe-it (CVE-2026-37709)
vulnerability in snipe/snipe-it (CVE-2026-37709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-44568 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44568)
cross-site scripting in open-webui (CVE-2026-44568). Risk of unauthorized operations or information disclosure. Exploitable via ``AccountPending.svelte``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-42212 |
|
Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42199 |
|
Vulnerability in grid (CVE-2026-42199)
vulnerability in grid (CVE-2026-42199). Risk of unauthorized operations or information disclosure. Exploitable via ``get_unchecked``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-42205 |
|
Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
|
| CVE-2026-42193 |
|
Vulnerability in aws (CVE-2026-42193)
vulnerability in aws (CVE-2026-42193). Data can be tampered with by attackers.
|
| CVE-2026-41517 |
|
Unrestricted File Upload in CVE-2026-41517 (CVE-2026-41517)
vulnerability in CVE-2026-41517 (CVE-2026-41517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44728 |
|
Vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728)
vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.0-alpha.13` or later.
|
| CVE-2026-42189 |
|
Vulnerability in russh (CVE-2026-42189)
vulnerability in russh (CVE-2026-42189). Risk of unauthorized operations or information disclosure. Exploitable via ``read_userauth_info_response``. Mitigation: upgrade to `0.60.1` or later.
|
| CVE-2026-44680 |
|
SQL Injection in @mikro-orm/sql (CVE-2026-44680)
SQL injection in @mikro-orm/sql (CVE-2026-44680). Confidential information can be exposed externally. Exploitable via ``Platform.quoteIdentifier``. Mitigation: upgrade to `7.0.14` or later.
|
| CVE-2026-41511 |
|
Vulnerability in OpenMcdf (CVE-2026-41511)
vulnerability in OpenMcdf (CVE-2026-41511). Risk of unauthorized operations or information disclosure. Exploitable via ``LeftSiblingID``. Mitigation: upgrade to `3.1.3` or later.
|
| CVE-2026-44502 |
|
SSRF (Server-Side Request Forgery) in bugsink (CVE-2026-44502)
SSRF in bugsink (CVE-2026-44502). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.3` or later.
|
| CVE-2026-44588 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588). Risk of unauthorized operations or information disclosure. Exploitable via ``getAttribute``.
|
| CVE-2026-44721 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44714 |
|
Vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714)
vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714). Data can be tampered with by attackers. Exploitable via ``P2PKH``. Mitigation: upgrade to `0.17.1` or later.
|
| CVE-2026-42030 |
|
Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42028 |
|
Path Traversal in path-traversal (CVE-2026-42028)
path traversal in path-traversal (CVE-2026-42028). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42072 |
|
Vulnerability in graph (CVE-2026-42072)
vulnerability in graph (CVE-2026-42072). Successful exploitation can lead to full system takeover. Exploitable via ``NORNICDB_ADDRESS``.
|
| CVE-2026-41887 |
|
Path Traversal in flarum/core (CVE-2026-41887)
path traversal in flarum/core (CVE-2026-41887). Confidential information can be exposed externally. Exploitable via `POST /api/settings`. Mitigation: upgrade to `2.0.0-rc.1` or later.
|
| CVE-2026-38360 |
|
Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7768 |
|
Vulnerability in @fastify/accepts-serializer (CVE-2026-7768)
vulnerability in @fastify/accepts-serializer (CVE-2026-7768). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-44670 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670). Risk of unauthorized operations or information disclosure. Exploitable via ``outerHTML``. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
|
| CVE-2026-44009 |
|
Vulnerability in vm2 (CVE-2026-44009)
vulnerability in vm2 (CVE-2026-44009). Successful exploitation can lead to full system takeover. Exploitable via ``handleException``. Mitigation: upgrade to `3.11.2` or later.
|
| CVE-2026-44499 |
|
Vulnerability in zebrad (CVE-2026-44499)
vulnerability in zebrad (CVE-2026-44499). Risk of unauthorized operations or information disclosure. Exploitable via ``inv``. Mitigation: upgrade to `4.4.0` or later.
|
| CVE-2026-41886 |
|
Vulnerability in locize (CVE-2026-41886)
vulnerability in locize (CVE-2026-41886). Data can be tampered with by attackers. Exploitable via ``locize``. Mitigation: upgrade to `4.0.21` or later.
|
| CVE-2026-42353 |
|
Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-42794 |
|
Cross-Site Scripting (XSS) in absinthe_plug (CVE-2026-42794)
cross-site scripting in absinthe_plug (CVE-2026-42794). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41885 |
|
Path Traversal in i18next-locize-backend (CVE-2026-41885)
path traversal in i18next-locize-backend (CVE-2026-41885). Risk of unauthorized operations or information disclosure. Exploitable via ``lng``. Mitigation: upgrade to `9.0.2` or later.
|
| CVE-2026-41683 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41693 |
|
Path Traversal in i18next-fs-backend (CVE-2026-41693)
path traversal in i18next-fs-backend (CVE-2026-41693). Confidential information can be exposed externally. Exploitable via ``lng``. Mitigation: upgrade to `2.6.4` or later.
|
| CVE-2026-41690 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41591 |
|
Cross-Site Scripting (XSS) in marko (CVE-2026-41591)
cross-site scripting in marko (CVE-2026-41591). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape_script``. Mitigation: upgrade to `5.38.36` or later.
|
| CVE-2026-29975 |
|
Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29972 |
|
Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44008 |
|
Vulnerability in vm2 (CVE-2026-44008)
vulnerability in vm2 (CVE-2026-44008). Successful exploitation can lead to full system takeover. Exploitable via ``neutralizeArraySpeciesBatch``. Mitigation: upgrade to `3.11.2` or later.
|
| CVE-2026-40295 |
|
Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
|
| CVE-2026-44500 |
|
Vulnerability in zebra-network (CVE-2026-44500)
vulnerability in zebra-network (CVE-2026-44500). Risk of unauthorized operations or information disclosure. Exploitable via ``headers``. Mitigation: upgrade to `6.0.0` or later.
|
| CVE-2026-44498 |
|
Vulnerability in zebrad (CVE-2026-44498)
vulnerability in zebrad (CVE-2026-44498). Data can be tampered with by attackers. Exploitable via ``MAX_BLOCK_SIGOPS``. Mitigation: upgrade to `4.4.0` or later.
|
| CVE-2026-44497 |
|
Vulnerability in zfnd (CVE-2026-44497)
vulnerability in zfnd (CVE-2026-44497). Data can be tampered with by attackers. Exploitable via ``zcashd``. Mitigation: upgrade to `4.4.0` or later.
|
| CVE-2026-43474 |
|
Vulnerability in c (CVE-2026-43474)
vulnerability in c (CVE-2026-43474). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43466 |
|
Vulnerability in c (CVE-2026-43466)
vulnerability in c (CVE-2026-43466). Risk of unauthorized operations or information disclosure.
|