Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-44836 Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-45130 Vulnerability in c (CVE-2026-45130)
vulnerability in c (CVE-2026-45130). Risk of unauthorized operations or information disclosure.
CVE-2026-42451 Cross-Site Scripting (XSS) in CVE-2026-42451 (CVE-2026-42451)
cross-site scripting in CVE-2026-42451 (CVE-2026-42451). Confidential information can be exposed externally.
CVE-2026-42351 Path Traversal in pygeoapi (CVE-2026-42351)
path traversal in pygeoapi (CVE-2026-42351). Confidential information can be exposed externally. Mitigation: upgrade to `0.23.3` or later.
CVE-2026-42352 SSRF (Server-Side Request Forgery) in pygeoapi (CVE-2026-42352)
SSRF in pygeoapi (CVE-2026-42352). Confidential information can be exposed externally. Exploitable via ``subscriber``. Mitigation: upgrade to `0.23.3` or later.
CVE-2026-42343 Vulnerability in dos (CVE-2026-42343)
vulnerability in dos (CVE-2026-42343). Risk of unauthorized operations or information disclosure.
CVE-2026-42224 Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
cross-site scripting in ipl/web (CVE-2026-42224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.10.3` or later.
CVE-2026-44844 Vulnerability in eml_parser (CVE-2026-44844)
vulnerability in eml_parser (CVE-2026-44844). Risk of unauthorized operations or information disclosure. Exploitable via ``RecursionError``. Mitigation: upgrade to `3.0.1` or later.
CVE-2026-44843 Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
CVE-2026-37709 Vulnerability in snipe/snipe-it (CVE-2026-37709)
vulnerability in snipe/snipe-it (CVE-2026-37709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-44568 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44568)
cross-site scripting in open-webui (CVE-2026-44568). Risk of unauthorized operations or information disclosure. Exploitable via ``AccountPending.svelte``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-42212 Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
CVE-2026-42199 Vulnerability in grid (CVE-2026-42199)
vulnerability in grid (CVE-2026-42199). Risk of unauthorized operations or information disclosure. Exploitable via ``get_unchecked``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-42205 Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
CVE-2026-42193 Vulnerability in aws (CVE-2026-42193)
vulnerability in aws (CVE-2026-42193). Data can be tampered with by attackers.
CVE-2026-41517 Unrestricted File Upload in CVE-2026-41517 (CVE-2026-41517)
vulnerability in CVE-2026-41517 (CVE-2026-41517). Risk of unauthorized operations or information disclosure.
CVE-2026-44728 Vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728)
vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.0-alpha.13` or later.
CVE-2026-42189 Vulnerability in russh (CVE-2026-42189)
vulnerability in russh (CVE-2026-42189). Risk of unauthorized operations or information disclosure. Exploitable via ``read_userauth_info_response``. Mitigation: upgrade to `0.60.1` or later.
CVE-2026-44680 SQL Injection in @mikro-orm/sql (CVE-2026-44680)
SQL injection in @mikro-orm/sql (CVE-2026-44680). Confidential information can be exposed externally. Exploitable via ``Platform.quoteIdentifier``. Mitigation: upgrade to `7.0.14` or later.
CVE-2026-41511 Vulnerability in OpenMcdf (CVE-2026-41511)
vulnerability in OpenMcdf (CVE-2026-41511). Risk of unauthorized operations or information disclosure. Exploitable via ``LeftSiblingID``. Mitigation: upgrade to `3.1.3` or later.
CVE-2026-44502 SSRF (Server-Side Request Forgery) in bugsink (CVE-2026-44502)
SSRF in bugsink (CVE-2026-44502). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.3` or later.
CVE-2026-44588 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588). Risk of unauthorized operations or information disclosure. Exploitable via ``getAttribute``.
CVE-2026-44721 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44714 Vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714)
vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714). Data can be tampered with by attackers. Exploitable via ``P2PKH``. Mitigation: upgrade to `0.17.1` or later.
CVE-2026-42030 Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
CVE-2026-42028 Path Traversal in path-traversal (CVE-2026-42028)
path traversal in path-traversal (CVE-2026-42028). Risk of unauthorized operations or information disclosure.
CVE-2026-42072 Vulnerability in graph (CVE-2026-42072)
vulnerability in graph (CVE-2026-42072). Successful exploitation can lead to full system takeover. Exploitable via ``NORNICDB_ADDRESS``.
CVE-2026-41887 Path Traversal in flarum/core (CVE-2026-41887)
path traversal in flarum/core (CVE-2026-41887). Confidential information can be exposed externally. Exploitable via `POST /api/settings`. Mitigation: upgrade to `2.0.0-rc.1` or later.
CVE-2026-38360 Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
CVE-2026-7768 Vulnerability in @fastify/accepts-serializer (CVE-2026-7768)
vulnerability in @fastify/accepts-serializer (CVE-2026-7768). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `6.0.4` or later.
CVE-2026-44670 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670). Risk of unauthorized operations or information disclosure. Exploitable via ``outerHTML``. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
CVE-2026-44009 Vulnerability in vm2 (CVE-2026-44009)
vulnerability in vm2 (CVE-2026-44009). Successful exploitation can lead to full system takeover. Exploitable via ``handleException``. Mitigation: upgrade to `3.11.2` or later.
CVE-2026-44499 Vulnerability in zebrad (CVE-2026-44499)
vulnerability in zebrad (CVE-2026-44499). Risk of unauthorized operations or information disclosure. Exploitable via ``inv``. Mitigation: upgrade to `4.4.0` or later.
CVE-2026-41886 Vulnerability in locize (CVE-2026-41886)
vulnerability in locize (CVE-2026-41886). Data can be tampered with by attackers. Exploitable via ``locize``. Mitigation: upgrade to `4.0.21` or later.
CVE-2026-42353 Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-42794 Cross-Site Scripting (XSS) in absinthe_plug (CVE-2026-42794)
cross-site scripting in absinthe_plug (CVE-2026-42794). Risk of unauthorized operations or information disclosure.
CVE-2026-41885 Path Traversal in i18next-locize-backend (CVE-2026-41885)
path traversal in i18next-locize-backend (CVE-2026-41885). Risk of unauthorized operations or information disclosure. Exploitable via ``lng``. Mitigation: upgrade to `9.0.2` or later.
CVE-2026-41683 Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41693 Path Traversal in i18next-fs-backend (CVE-2026-41693)
path traversal in i18next-fs-backend (CVE-2026-41693). Confidential information can be exposed externally. Exploitable via ``lng``. Mitigation: upgrade to `2.6.4` or later.
CVE-2026-41690 Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41591 Cross-Site Scripting (XSS) in marko (CVE-2026-41591)
cross-site scripting in marko (CVE-2026-41591). Risk of unauthorized operations or information disclosure. Exploitable via ``_escape_script``. Mitigation: upgrade to `5.38.36` or later.
CVE-2026-29975 Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
CVE-2026-29972 Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
CVE-2026-44008 Vulnerability in vm2 (CVE-2026-44008)
vulnerability in vm2 (CVE-2026-44008). Successful exploitation can lead to full system takeover. Exploitable via ``neutralizeArraySpeciesBatch``. Mitigation: upgrade to `3.11.2` or later.
CVE-2026-40295 Open Redirect in devise (CVE-2026-40295)
vulnerability in devise (CVE-2026-40295). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `5.0.4` or later.
CVE-2026-44500 Vulnerability in zebra-network (CVE-2026-44500)
vulnerability in zebra-network (CVE-2026-44500). Risk of unauthorized operations or information disclosure. Exploitable via ``headers``. Mitigation: upgrade to `6.0.0` or later.
CVE-2026-44498 Vulnerability in zebrad (CVE-2026-44498)
vulnerability in zebrad (CVE-2026-44498). Data can be tampered with by attackers. Exploitable via ``MAX_BLOCK_SIGOPS``. Mitigation: upgrade to `4.4.0` or later.
CVE-2026-44497 Vulnerability in zfnd (CVE-2026-44497)
vulnerability in zfnd (CVE-2026-44497). Data can be tampered with by attackers. Exploitable via ``zcashd``. Mitigation: upgrade to `4.4.0` or later.
CVE-2026-43474 Vulnerability in c (CVE-2026-43474)
vulnerability in c (CVE-2026-43474). Risk of unauthorized operations or information disclosure.
CVE-2026-43466 Vulnerability in c (CVE-2026-43466)
vulnerability in c (CVE-2026-43466). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →