Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-40372 Vulnerability in csharp (CVE-2026-40372)
vulnerability in csharp (CVE-2026-40372). Confidential information can be exposed externally.
CVE-2026-30452 Vulnerability in textpattern (CVE-2026-30452)
vulnerability in textpattern (CVE-2026-30452). Data can be tampered with by attackers.
CVE-2025-41029 SQL Injection in sqli (CVE-2025-41029)
SQL injection in sqli (CVE-2025-41029). Risk of unauthorized operations or information disclosure.
CVE-2026-6754 Use-After-Free in mozilla (CVE-2026-6754)
vulnerability in mozilla (CVE-2026-6754). Risk of unauthorized operations or information disclosure.
CVE-2026-31019 OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.
CVE-2026-31018 Code Injection in dolibarr (CVE-2026-31018)
code injection in dolibarr (CVE-2026-31018). Successful exploitation can lead to full system takeover.
CVE-2025-10354 Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
CVE-2026-3317 Cross-Site Scripting (XSS) in CVE-2026-3317 (CVE-2026-3317)
cross-site scripting in CVE-2026-3317 (CVE-2026-3317). Risk of unauthorized operations or information disclosure.
CVE-2026-6058 Vulnerability in c (CVE-2026-6058)
vulnerability in c (CVE-2026-6058). Risk of unauthorized operations or information disclosure.
CVE-2026-41245 Path Traversal in path-traversal (CVE-2026-41245)
path traversal in path-traversal (CVE-2026-41245). Data can be tampered with by attackers. Exploitable via ``LocalFolderExtractor``.
CVE-2026-5963 SQL Injection in csharp (CVE-2026-5963)
SQL injection in csharp (CVE-2026-5963). Successful exploitation can lead to full system takeover.
CVE-2026-5964 SQL Injection in csharp (CVE-2026-5964)
SQL injection in csharp (CVE-2026-5964). Successful exploitation can lead to full system takeover.
CVE-2026-41242 Code Injection in protobufjs-project (CVE-2026-41242)
code injection in protobufjs-project (CVE-2026-41242). Successful exploitation can lead to full system takeover.
CVE-2026-40192 Vulnerability in pillow (CVE-2026-40192)
vulnerability in pillow (CVE-2026-40192). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.2.0` or later.
CVE-2026-41253 Vulnerability in c (CVE-2026-41253)
vulnerability in c (CVE-2026-41253). Confidential information can be exposed externally.
CVE-2026-40477 Vulnerability in thymeleaf (CVE-2026-40477)
vulnerability in thymeleaf (CVE-2026-40477). Successful exploitation can lead to full system takeover.
CVE-2026-40478 Vulnerability in thymeleaf (CVE-2026-40478)
vulnerability in thymeleaf (CVE-2026-40478). Successful exploitation can lead to full system takeover.
CVE-2026-29013 Out-of-Bounds Read in c (CVE-2026-29013)
vulnerability in c (CVE-2026-29013). Successful exploitation can lead to full system takeover.
CVE-2026-33436 Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
CVE-2026-5718 Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
CVE-2026-41113 OS Command Injection in c (CVE-2026-41113)
OS command injection in c (CVE-2026-41113). Successful exploitation can lead to full system takeover.
CVE-2026-40170 ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
CVE-2026-43995 SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-56270 Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-41205 Path Traversal in Mako (CVE-2026-41205)
path traversal in Mako (CVE-2026-41205). Confidential information can be exposed externally. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.11` or later.
CVE-2026-27820 Vulnerability in zlib (CVE-2026-27820)
vulnerability in zlib (CVE-2026-27820). Successful exploitation can lead to full system takeover. Exploitable via ``zstream_buffer_ungets``. Mitigation: upgrade to `3.0.1` or later.
CVE-2026-5426 Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
CVE-2026-31843 Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
CVE-2026-40176 Vulnerability in getcomposer (CVE-2026-40176)
vulnerability in getcomposer (CVE-2026-40176). Successful exploitation can lead to full system takeover.
CVE-2026-40261 Vulnerability in getcomposer (CVE-2026-40261)
vulnerability in getcomposer (CVE-2026-40261). Successful exploitation can lead to full system takeover.
CVE-2025-41118 Vulnerability in c (CVE-2025-41118)
vulnerability in c (CVE-2025-41118). Confidential information can be exposed externally.
CVE-2026-30461 Command Injection in thedaylightstudio (CVE-2026-30461)
command injection in thedaylightstudio (CVE-2026-30461). Confidential information can be exposed externally.
CVE-2026-5588 Vulnerability in CVE-2026-5588 (CVE-2026-5588)
vulnerability in CVE-2026-5588 (CVE-2026-5588). Data can be tampered with by attackers.
CVE-2026-5598 Vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598)
vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598). Confidential information can be exposed externally. Mitigation: upgrade to `1.80.2` or later.
CVE-2026-3505 Vulnerability in CVE-2026-3505 (CVE-2026-3505)
vulnerability in CVE-2026-3505 (CVE-2026-3505). Risk of unauthorized operations or information disclosure.
CVE-2026-0636 Vulnerability in CVE-2026-0636 (CVE-2026-0636)
vulnerability in CVE-2026-0636 (CVE-2026-0636). Risk of unauthorized operations or information disclosure.
CVE-2025-14813 Vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813)
vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813). Confidential information can be exposed externally. Exploitable via ``G3413CTRBlockCipher``. Mitigation: upgrade to `1.84` or later.
CVE-2025-40899 Cross-Site Scripting (XSS) in c (CVE-2025-40899)
cross-site scripting in c (CVE-2025-40899). Data can be tampered with by attackers.
CVE-2026-23666 Vulnerability in csharp (CVE-2026-23666)
vulnerability in csharp (CVE-2026-23666). Risk of unauthorized operations or information disclosure.
CVE-2025-65134 Cross-Site Scripting (XSS) in CVE-2025-65134 (CVE-2025-65134)
cross-site scripting in CVE-2025-65134 (CVE-2025-65134). Risk of unauthorized operations or information disclosure.
CVE-2026-33116 Vulnerability in csharp (CVE-2026-33116)
vulnerability in csharp (CVE-2026-33116). Risk of unauthorized operations or information disclosure.
CVE-2026-32203 Vulnerability in csharp (CVE-2026-32203)
vulnerability in csharp (CVE-2026-32203). Risk of unauthorized operations or information disclosure.
CVE-2026-5713 Vulnerability in python-min (CVE-2026-5713)
vulnerability in python-min (CVE-2026-5713). Risk of unauthorized operations or information disclosure.
CVE-2026-37980 Cross-Site Scripting (XSS) in redhat (CVE-2026-37980)
cross-site scripting in redhat (CVE-2026-37980). Confidential information can be exposed externally. Exploitable via ``organization.alias``.
CVE-2026-27674 Code Injection in sap (CVE-2026-27674)
code injection in sap (CVE-2026-27674). Risk of unauthorized operations or information disclosure.
CVE-2026-28291 OS Command Injection in simple-git-project (CVE-2026-28291)
OS command injection in simple-git-project (CVE-2026-28291). Successful exploitation can lead to full system takeover.
CVE-2026-6192 Vulnerability in c (CVE-2026-6192)
vulnerability in c (CVE-2026-6192). Risk of unauthorized operations or information disclosure.
CVE-2025-69627 Use-After-Free in gonitro (CVE-2025-69627)
vulnerability in gonitro (CVE-2025-69627). Successful exploitation can lead to full system takeover.
CVE-2025-63743 Cross-Site Scripting (XSS) in CVE-2025-63743 (CVE-2025-63743)
cross-site scripting in CVE-2025-63743 (CVE-2025-63743). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.3.2` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →