Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43086 |
|
Vulnerability in c (CVE-2026-43086)
vulnerability in c (CVE-2026-43086). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43080 |
|
Vulnerability in c (CVE-2026-43080)
vulnerability in c (CVE-2026-43080). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43084 |
|
Use-After-Free in c (CVE-2026-43084)
vulnerability in c (CVE-2026-43084). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43079 |
|
Vulnerability in c (CVE-2026-43079)
vulnerability in c (CVE-2026-43079). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43075 |
|
Out-of-Bounds Write in c (CVE-2026-43075)
out-of-bounds write in c (CVE-2026-43075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43074 |
|
Vulnerability in c (CVE-2026-43074)
vulnerability in c (CVE-2026-43074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43882 |
|
Vulnerability in wwbn/avideo (CVE-2026-43882)
vulnerability in wwbn/avideo (CVE-2026-43882). Risk of unauthorized operations or information disclosure. Exploitable via ``title``.
|
| CVE-2026-44903 |
|
Cross-Site Scripting (XSS) in github.com/prometheus/prometheus (CVE-2026-44903)
cross-site scripting in github.com/prometheus/prometheus (CVE-2026-44903). Risk of unauthorized operations or information disclosure. Exploitable via ``label_replace``. Mitigation: upgrade to `2.7.2` or later.
|
| CVE-2026-44167 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-44167)
vulnerability in phpseclib/phpseclib (CVE-2026-44167). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.29` or later.
|
| CVE-2026-39383 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383). Confidential information can be exposed externally. Exploitable via ``FilterDeadline``. Mitigation: upgrade to `8.31.0` or later.
|
| CVE-2026-35579 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-39852 |
|
Authorization Flaw in io.quarkus:quarkus-vertx-http (CVE-2026-39852)
vulnerability in io.quarkus:quarkus-vertx-http (CVE-2026-39852). Confidential information can be exposed externally. Mitigation: upgrade to `3.35.1.1` or later.
|
| CVE-2026-35453 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-33489 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-33489)
vulnerability in github.com/coredns/coredns (CVE-2026-33489). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-32936 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32936)
vulnerability in github.com/coredns/coredns (CVE-2026-32936). Risk of unauthorized operations or information disclosure. Exploitable via ``dns``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33190 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-33190)
authentication bypass in github.com/coredns/coredns (CVE-2026-33190). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33420 |
|
Vulnerability in dani-garcia (CVE-2026-33420)
vulnerability in dani-garcia (CVE-2026-33420). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/organizations/{org_id}/collections/details`.
|
| CVE-2026-32934 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32934)
vulnerability in github.com/coredns/coredns (CVE-2026-32934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-31835 |
|
Vulnerability in dos (CVE-2026-31835)
vulnerability in dos (CVE-2026-31835). Risk of unauthorized operations or information disclosure. Exploitable via ``authenticatorData``.
|
| CVE-2026-43065 |
|
Vulnerability in c (CVE-2026-43065)
vulnerability in c (CVE-2026-43065). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43069 |
|
Vulnerability in c (CVE-2026-43069)
vulnerability in c (CVE-2026-43069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38432 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-38432)
cross-site scripting in frappe (CVE-2026-38432). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40110 |
|
Vulnerability in jupyter-server (CVE-2026-40110)
vulnerability in jupyter-server (CVE-2026-40110). Confidential information can be exposed externally. Exploitable via ``allow_origin_pat``. Mitigation: upgrade to `057869a327c46730afede3eab0ca2d2` or later.
|
| CVE-2026-43071 |
|
Vulnerability in c (CVE-2026-43071)
vulnerability in c (CVE-2026-43071). Confidential information can be exposed externally.
|
| CVE-2026-43067 |
|
Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39103 |
|
Vulnerability in c (CVE-2026-39103)
vulnerability in c (CVE-2026-39103). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-54348 |
|
Vulnerability in c (CVE-2023-54348)
vulnerability in c (CVE-2023-54348). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42039 |
|
Vulnerability in axios (CVE-2026-42039)
vulnerability in axios (CVE-2026-42039). Risk of unauthorized operations or information disclosure. Exploitable via `POST /forward`. Mitigation: upgrade to `0.31.1` or later.
|
| CVE-2026-38751 |
|
Unrestricted File Upload in devcode-it/openstamanager (CVE-2026-38751)
vulnerability in devcode-it/openstamanager (CVE-2026-38751). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41686 |
|
Vulnerability in @anthropic-ai/sdk (CVE-2026-41686)
vulnerability in @anthropic-ai/sdk (CVE-2026-41686). Risk of unauthorized operations or information disclosure. Exploitable via ``BetaLocalFilesystemMemoryTool``. Mitigation: upgrade to `0.91.1` or later.
|
| CVE-2026-25863 |
|
Vulnerability in wordpress (CVE-2026-25863)
vulnerability in wordpress (CVE-2026-25863). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29004 |
|
Vulnerability in c (CVE-2026-29004)
vulnerability in c (CVE-2026-29004). Data can be tampered with by attackers.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2025-70071 |
|
Vulnerability in cpp (CVE-2025-70071)
vulnerability in cpp (CVE-2025-70071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42796 |
|
Vulnerability in workiva (CVE-2026-42796)
vulnerability in workiva (CVE-2026-42796). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42088 |
|
Vulnerability in openc3 (CVE-2026-42088)
vulnerability in openc3 (CVE-2026-42088). Confidential information can be exposed externally.
|
| CVE-2026-42087 |
|
SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.
|
| CVE-2026-41471 |
|
Vulnerability in wordpress (CVE-2026-41471)
vulnerability in wordpress (CVE-2026-41471). Confidential information can be exposed externally.
|
| CVE-2026-29514 |
|
Vulnerability in CVE-2026-29514 (CVE-2026-29514)
vulnerability in CVE-2026-29514 (CVE-2026-29514). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26332 |
|
Code Injection in vm2-project (CVE-2026-26332)
code injection in vm2-project (CVE-2026-26332). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26956 |
|
Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
|
| CVE-2026-24781 |
|
Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
|
| CVE-2026-24120 |
|
Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
|
| CVE-2026-24118 |
|
Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
|
| CVE-2026-35527 |
|
SSRF (Server-Side Request Forgery) in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527)
SSRF in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527). Risk of unauthorized operations or information disclosure. Exploitable via ``restricted.images.servers``. Mitigation: upgrade to `7.0.0` or later.
|
| CVE-2025-70069 |
|
Vulnerability in cpp (CVE-2025-70069)
vulnerability in cpp (CVE-2025-70069). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70072 |
|
Out-of-Bounds Read in cpp (CVE-2025-70072)
vulnerability in cpp (CVE-2025-70072). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70070 |
|
Vulnerability in cpp (CVE-2025-70070)
vulnerability in cpp (CVE-2025-70070). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42367 |
|
Vulnerability in c (CVE-2026-42367)
vulnerability in c (CVE-2026-42367). Confidential information can be exposed externally.
|