Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41929 |
|
Cross-Site Scripting (XSS) in CVE-2026-41929 (CVE-2026-41929)
cross-site scripting in CVE-2026-41929 (CVE-2026-41929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8097 |
|
Vulnerability in sqli (CVE-2026-8097)
vulnerability in sqli (CVE-2026-8097). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8098 |
|
Vulnerability in sqli (CVE-2026-8098)
vulnerability in sqli (CVE-2026-8098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42047 |
|
Information Disclosure in inngest (CVE-2026-42047)
vulnerability in inngest (CVE-2026-42047). Confidential information can be exposed externally. Exploitable via ``GET``. Mitigation: upgrade to `3.54.0` or later.
|
| CVE-2026-41692 |
|
Cross-Site Scripting (XSS) in i18nextify (CVE-2026-41692)
cross-site scripting in i18nextify (CVE-2026-41692). Risk of unauthorized operations or information disclosure. Exploitable via ``i18nextify``. Mitigation: upgrade to `4.0.8` or later.
|
| CVE-2026-41691 |
|
Path Traversal in i18next-http-backend (CVE-2026-41691)
path traversal in i18next-http-backend (CVE-2026-41691). Risk of unauthorized operations or information disclosure. Exploitable via ``lng``. Mitigation: upgrade to `3.0.5` or later.
|
| CVE-2026-8088 |
|
Buffer Overflow in GDAL (CVE-2026-8088)
vulnerability in GDAL (CVE-2026-8088). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8087 |
|
Buffer Overflow in GDAL (CVE-2026-8087)
vulnerability in GDAL (CVE-2026-8087). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-42499 |
|
Vulnerability in golang (CVE-2026-42499)
vulnerability in golang (CVE-2026-42499). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-42501 |
|
Vulnerability in golang (CVE-2026-42501)
vulnerability in golang (CVE-2026-42501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39826 |
|
Vulnerability in golang (CVE-2026-39826)
vulnerability in golang (CVE-2026-39826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-42225 |
|
Vulnerability in c (CVE-2026-42225)
vulnerability in c (CVE-2026-42225). Data can be tampered with by attackers.
|
| CVE-2026-39825 |
|
Vulnerability in golang (CVE-2026-39825)
vulnerability in golang (CVE-2026-39825). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39836 |
|
Vulnerability in golang (CVE-2026-39836)
vulnerability in golang (CVE-2026-39836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39819 |
|
Vulnerability in golang (CVE-2026-39819)
vulnerability in golang (CVE-2026-39819). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39820 |
|
Vulnerability in golang (CVE-2026-39820)
vulnerability in golang (CVE-2026-39820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39823 |
|
Cross-Site Scripting (XSS) in golang (CVE-2026-39823)
cross-site scripting in golang (CVE-2026-39823). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-33811 |
|
Vulnerability in golang (CVE-2026-33811)
vulnerability in golang (CVE-2026-33811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-33814 |
|
Vulnerability in golang (CVE-2026-33814)
vulnerability in golang (CVE-2026-33814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-39817 |
|
Out-of-Bounds Write in golang (CVE-2026-39817)
out-of-bounds write in golang (CVE-2026-39817). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-42879 |
|
Unrestricted File Upload in facturascripts/facturascripts (CVE-2026-42879)
vulnerability in facturascripts/facturascripts (CVE-2026-42879). Risk of unauthorized operations or information disclosure. Exploitable via ``PHPSESSID``.
|
| CVE-2026-8086 |
|
Buffer Overflow in gdal (CVE-2026-8086)
vulnerability in gdal (CVE-2026-8086). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-8084 |
|
Buffer Overflow in gdal (CVE-2026-8084)
vulnerability in gdal (CVE-2026-8084). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.0` or later.
|
| CVE-2026-42215 |
|
OS Command Injection in GitPython (CVE-2026-42215)
OS command injection in GitPython (CVE-2026-42215). Successful exploitation can lead to full system takeover. Exploitable via ``upload_pack``. Mitigation: upgrade to `3.1.47` or later.
|
| CVE-2026-41906 |
|
Vulnerability in laravel (CVE-2026-41906)
vulnerability in laravel (CVE-2026-41906). Data can be tampered with by attackers.
|
| CVE-2026-42284 |
|
Vulnerability in GitPython (CVE-2026-42284)
vulnerability in GitPython (CVE-2026-42284). Successful exploitation can lead to full system takeover. Exploitable via ``multi_options``. Mitigation: upgrade to `3.1.47` or later.
|
| CVE-2026-41902 |
|
Vulnerability in laravel (CVE-2026-41902)
vulnerability in laravel (CVE-2026-41902). Confidential information can be exposed externally. Exploitable via `Referer header`.
|
| CVE-2026-36387 |
|
Unrestricted File Upload in CVE-2026-36387 (CVE-2026-36387)
vulnerability in CVE-2026-36387 (CVE-2026-36387). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36388 |
|
Cross-Site Scripting (XSS) in CVE-2026-36388 (CVE-2026-36388)
cross-site scripting in CVE-2026-36388 (CVE-2026-36388). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63703 |
|
Vulnerability in npm (CVE-2025-63703)
vulnerability in npm (CVE-2025-63703). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63704 |
|
Vulnerability in prototype-pollution (CVE-2025-63704)
vulnerability in prototype-pollution (CVE-2025-63704). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63705 |
|
OS Command Injection in node-ts-ocr (CVE-2025-63705)
OS command injection in node-ts-ocr (CVE-2025-63705). Successful exploitation can lead to full system takeover.
|
| SUSE-SU-2026:1753-1 |
|
Vulnerability in c (SUSE-SU-2026:1753-1)
vulnerability in c (SUSE-SU-2026:1753-1). Risk of unauthorized operations or information disclosure. Exploitable via ``schema_attr_enum_callback``.
|
| CVE-2026-8093 |
|
Buffer Overflow in mozilla (CVE-2026-8093)
vulnerability in mozilla (CVE-2026-8093). Successful exploitation can lead to full system takeover.
|
| SUSE-SU-2026:1744-1 |
|
Vulnerability in dos (SUSE-SU-2026:1744-1)
vulnerability in dos (SUSE-SU-2026:1744-1). Risk of unauthorized operations or information disclosure.
|
| SUSE-SU-2026:1741-1 |
|
Vulnerability in privilege-escalation (SUSE-SU-2026:1741-1)
vulnerability in privilege-escalation (SUSE-SU-2026:1741-1). Risk of unauthorized operations or information disclosure.
|
| SUSE-SU-2026:1740-1 |
|
Vulnerability in django (SUSE-SU-2026:1740-1)
vulnerability in django (SUSE-SU-2026:1740-1). Risk of unauthorized operations or information disclosure. Exploitable via ``ASGIRequest``.
|
| CVE-2026-41002 |
|
Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002). Confidential information can be exposed externally. Exploitable via ``spring.cloud.config.server.git.basedir``.
|
| CVE-2026-41139 |
|
Vulnerability in mathjs (CVE-2026-41139)
vulnerability in mathjs (CVE-2026-41139). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
|
| CVE-2026-42216 |
|
Out-of-Bounds Read in openexr (CVE-2026-42216)
vulnerability in openexr (CVE-2026-42216). Confidential information can be exposed externally. Exploitable via ``c13e0e1320a6652e02c5c90c6dbd984d532efe44``.
|
| CVE-2026-42217 |
|
Vulnerability in openexr (CVE-2026-42217)
vulnerability in openexr (CVE-2026-42217). Successful exploitation can lead to full system takeover. Exploitable via ``ImfIDManifest.cpp``.
|
| CVE-2026-44827 |
|
Code Injection in diffusers (CVE-2026-44827)
code injection in diffusers (CVE-2026-44827). Successful exploitation can lead to full system takeover. Exploitable via ``DiffusionPipeline.from_pretrained``. Mitigation: upgrade to `0.38.0` or later.
|
| CVE-2026-44312 |
|
Vulnerability in css_parser (CVE-2026-44312)
vulnerability in css_parser (CVE-2026-44312). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.22.0` or later.
|
| SUSE-SU-2026:1732-1 |
|
Vulnerability in dos (SUSE-SU-2026:1732-1)
vulnerability in dos (SUSE-SU-2026:1732-1). Risk of unauthorized operations or information disclosure. Exploitable via ``tt_var_load_item_variation_store``.
|
| SUSE-SU-2026:1731-1 |
|
Vulnerability in dos (SUSE-SU-2026:1731-1)
vulnerability in dos (SUSE-SU-2026:1731-1). Risk of unauthorized operations or information disclosure. Exploitable via ``tt_var_load_item_variation_store``.
|
| CVE-2026-46689 |
|
Vulnerability in scim_proto (CVE-2026-46689)
vulnerability in scim_proto (CVE-2026-46689). Risk of unauthorized operations or information disclosure. Exploitable via ``GET``. Mitigation: upgrade to `1.9.3` or later.
|
| CVE-2026-44244 |
|
Code Injection in GitPython (CVE-2026-44244)
code injection in GitPython (CVE-2026-44244). Successful exploitation can lead to full system takeover. Exploitable via ``configparser``. Mitigation: upgrade to `3.1.49` or later.
|
| CVE-2026-42559 |
|
Vulnerability in rmcp (CVE-2026-42559)
vulnerability in rmcp (CVE-2026-42559). Successful exploitation can lead to full system takeover. Exploitable via `Host header`. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-44240 |
|
Vulnerability in basic-ftp (CVE-2026-44240)
vulnerability in basic-ftp (CVE-2026-44240). Risk of unauthorized operations or information disclosure. Exploitable via ``FtpContext._partialResponse``. Mitigation: upgrade to `5.3.1` or later.
|
| CVE-2026-6691 |
|
Vulnerability in c (CVE-2026-6691)
vulnerability in c (CVE-2026-6691). Successful exploitation can lead to full system takeover.
|