Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40372 |
|
Vulnerability in csharp (CVE-2026-40372)
vulnerability in csharp (CVE-2026-40372). Confidential information can be exposed externally.
|
| CVE-2026-30452 |
|
Vulnerability in textpattern (CVE-2026-30452)
vulnerability in textpattern (CVE-2026-30452). Data can be tampered with by attackers.
|
| CVE-2025-41029 |
|
SQL Injection in sqli (CVE-2025-41029)
SQL injection in sqli (CVE-2025-41029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6754 |
|
Use-After-Free in mozilla (CVE-2026-6754)
vulnerability in mozilla (CVE-2026-6754). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31019 |
|
OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31018 |
|
Code Injection in dolibarr (CVE-2026-31018)
code injection in dolibarr (CVE-2026-31018). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10354 |
|
Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3317 |
|
Cross-Site Scripting (XSS) in CVE-2026-3317 (CVE-2026-3317)
cross-site scripting in CVE-2026-3317 (CVE-2026-3317). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6058 |
|
Vulnerability in c (CVE-2026-6058)
vulnerability in c (CVE-2026-6058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41245 |
|
Path Traversal in path-traversal (CVE-2026-41245)
path traversal in path-traversal (CVE-2026-41245). Data can be tampered with by attackers. Exploitable via ``LocalFolderExtractor``.
|
| CVE-2026-5963 |
|
SQL Injection in csharp (CVE-2026-5963)
SQL injection in csharp (CVE-2026-5963). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5964 |
|
SQL Injection in csharp (CVE-2026-5964)
SQL injection in csharp (CVE-2026-5964). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41242 |
|
Code Injection in protobufjs-project (CVE-2026-41242)
code injection in protobufjs-project (CVE-2026-41242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40192 |
|
Vulnerability in pillow (CVE-2026-40192)
vulnerability in pillow (CVE-2026-40192). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.2.0` or later.
|
| CVE-2026-41253 |
|
Vulnerability in c (CVE-2026-41253)
vulnerability in c (CVE-2026-41253). Confidential information can be exposed externally.
|
| CVE-2026-40477 |
|
Vulnerability in thymeleaf (CVE-2026-40477)
vulnerability in thymeleaf (CVE-2026-40477). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40478 |
|
Vulnerability in thymeleaf (CVE-2026-40478)
vulnerability in thymeleaf (CVE-2026-40478). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29013 |
|
Out-of-Bounds Read in c (CVE-2026-29013)
vulnerability in c (CVE-2026-29013). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33436 |
|
Vulnerability in stirlingpdf (CVE-2026-33436)
vulnerability in stirlingpdf (CVE-2026-33436). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41113 |
|
OS Command Injection in c (CVE-2026-41113)
OS command injection in c (CVE-2026-41113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40170 |
|
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-56270 |
|
Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-41205 |
|
Path Traversal in Mako (CVE-2026-41205)
path traversal in Mako (CVE-2026-41205). Confidential information can be exposed externally. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.11` or later.
|
| CVE-2026-27820 |
|
Vulnerability in zlib (CVE-2026-27820)
vulnerability in zlib (CVE-2026-27820). Successful exploitation can lead to full system takeover. Exploitable via ``zstream_buffer_ungets``. Mitigation: upgrade to `3.0.1` or later.
|
| CVE-2026-5426 |
|
Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
|
| CVE-2026-31843 |
|
Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40316 |
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
|
| CVE-2026-40176 |
|
Vulnerability in getcomposer (CVE-2026-40176)
vulnerability in getcomposer (CVE-2026-40176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40261 |
|
Vulnerability in getcomposer (CVE-2026-40261)
vulnerability in getcomposer (CVE-2026-40261). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41118 |
|
Vulnerability in c (CVE-2025-41118)
vulnerability in c (CVE-2025-41118). Confidential information can be exposed externally.
|
| CVE-2026-30461 |
|
Command Injection in thedaylightstudio (CVE-2026-30461)
command injection in thedaylightstudio (CVE-2026-30461). Confidential information can be exposed externally.
|
| CVE-2026-5588 |
|
Vulnerability in CVE-2026-5588 (CVE-2026-5588)
vulnerability in CVE-2026-5588 (CVE-2026-5588). Data can be tampered with by attackers.
|
| CVE-2026-5598 |
|
Vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598)
vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598). Confidential information can be exposed externally. Mitigation: upgrade to `1.80.2` or later.
|
| CVE-2026-3505 |
|
Vulnerability in CVE-2026-3505 (CVE-2026-3505)
vulnerability in CVE-2026-3505 (CVE-2026-3505). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0636 |
|
Vulnerability in CVE-2026-0636 (CVE-2026-0636)
vulnerability in CVE-2026-0636 (CVE-2026-0636). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14813 |
|
Vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813)
vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813). Confidential information can be exposed externally. Exploitable via ``G3413CTRBlockCipher``. Mitigation: upgrade to `1.84` or later.
|
| CVE-2025-40899 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-40899)
cross-site scripting in c (CVE-2025-40899). Data can be tampered with by attackers.
|
| CVE-2026-23666 |
|
Vulnerability in csharp (CVE-2026-23666)
vulnerability in csharp (CVE-2026-23666). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65134 |
|
Cross-Site Scripting (XSS) in CVE-2025-65134 (CVE-2025-65134)
cross-site scripting in CVE-2025-65134 (CVE-2025-65134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33116 |
|
Vulnerability in csharp (CVE-2026-33116)
vulnerability in csharp (CVE-2026-33116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32203 |
|
Vulnerability in csharp (CVE-2026-32203)
vulnerability in csharp (CVE-2026-32203). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5713 |
|
Vulnerability in python-min (CVE-2026-5713)
vulnerability in python-min (CVE-2026-5713). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37980 |
|
Cross-Site Scripting (XSS) in redhat (CVE-2026-37980)
cross-site scripting in redhat (CVE-2026-37980). Confidential information can be exposed externally. Exploitable via ``organization.alias``.
|
| CVE-2026-27674 |
|
Code Injection in sap (CVE-2026-27674)
code injection in sap (CVE-2026-27674). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28291 |
|
OS Command Injection in simple-git-project (CVE-2026-28291)
OS command injection in simple-git-project (CVE-2026-28291). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6192 |
|
Vulnerability in c (CVE-2026-6192)
vulnerability in c (CVE-2026-6192). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69627 |
|
Use-After-Free in gonitro (CVE-2025-69627)
vulnerability in gonitro (CVE-2025-69627). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63743 |
|
Cross-Site Scripting (XSS) in CVE-2025-63743 (CVE-2025-63743)
cross-site scripting in CVE-2025-63743 (CVE-2025-63743). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.3.2` or later.
|