Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-23462 |
|
Use-After-Free in c (CVE-2026-23462)
vulnerability in c (CVE-2026-23462). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23465 |
|
Vulnerability in c (CVE-2026-23465)
vulnerability in c (CVE-2026-23465). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31398 |
|
Vulnerability in c (CVE-2026-31398)
vulnerability in c (CVE-2026-31398). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31396 |
|
Use-After-Free in c (CVE-2026-31396)
vulnerability in c (CVE-2026-31396). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23474 |
|
Vulnerability in c (CVE-2026-23474)
vulnerability in c (CVE-2026-23474). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23469 |
|
Vulnerability in c (CVE-2026-23469)
vulnerability in c (CVE-2026-23469). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23449 |
|
Vulnerability in c (CVE-2026-23449)
vulnerability in c (CVE-2026-23449). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47099 |
|
Cross-Site Scripting (XSS) in telejson (CVE-2026-47099)
cross-site scripting in telejson (CVE-2026-47099). Risk of unauthorized operations or information disclosure. Exploitable via ``postMessage``. Mitigation: upgrade to `6.0.0` or later.
|
| CVE-2026-35466 |
|
Cross-Site Scripting (XSS) in cmu (CVE-2026-35466)
cross-site scripting in cmu (CVE-2026-35466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34829 |
|
Vulnerability in rack (CVE-2026-34829)
vulnerability in rack (CVE-2026-34829). Risk of unauthorized operations or information disclosure. Exploitable via ``BoundedIO``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-34827 |
|
Vulnerability in rack (CVE-2026-34827)
vulnerability in rack (CVE-2026-34827). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-34785 |
|
Vulnerability in rack (CVE-2026-34785)
vulnerability in rack (CVE-2026-34785). Confidential information can be exposed externally. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-34601 |
|
Vulnerability in CVE-2026-34601 (CVE-2026-34601)
vulnerability in CVE-2026-34601 (CVE-2026-34601). Data can be tampered with by attackers. Exploitable via ``DOMParser``.
|
| CVE-2026-26895 |
|
Vulnerability in enhancesoft (CVE-2026-26895)
vulnerability in enhancesoft (CVE-2026-26895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34876 |
|
Out-of-Bounds Read in c (CVE-2026-34876)
vulnerability in c (CVE-2026-34876). Confidential information can be exposed externally.
|
| CVE-2026-34072 |
|
Authentication Bypass in fccview (CVE-2026-34072)
authentication bypass in fccview (CVE-2026-34072). Confidential information can be exposed externally.
|
| CVE-2026-23401 |
|
Use-After-Free in c (CVE-2026-23401)
vulnerability in c (CVE-2026-23401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30279 |
|
Path Traversal in c (CVE-2026-30279)
path traversal in c (CVE-2026-30279). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34060 |
|
Code Injection in shopify (CVE-2026-34060)
code injection in shopify (CVE-2026-34060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33984 |
|
Vulnerability in c (CVE-2026-33984)
vulnerability in c (CVE-2026-33984). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33986 |
|
Vulnerability in c (CVE-2026-33986)
vulnerability in c (CVE-2026-33986). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21710 |
|
Vulnerability in CVE-2026-21710 (CVE-2026-21710)
vulnerability in CVE-2026-21710 (CVE-2026-21710). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``.
|
| CVE-2026-21717 |
|
Vulnerability in CVE-2026-21717 (CVE-2026-21717)
vulnerability in CVE-2026-21717 (CVE-2026-21717). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21713 |
|
Vulnerability in CVE-2026-21713 (CVE-2026-21713)
vulnerability in CVE-2026-21713 (CVE-2026-21713). Confidential information can be exposed externally.
|
| CVE-2026-34237 |
|
Vulnerability in io.modelcontextprotocol.sdk:mcp-core (CVE-2026-34237)
vulnerability in io.modelcontextprotocol.sdk:mcp-core (CVE-2026-34237). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.18.3` or later.
|
| CVE-2026-21712 |
|
Vulnerability in CVE-2026-21712 (CVE-2026-21712)
vulnerability in CVE-2026-21712 (CVE-2026-21712). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34226 |
|
Vulnerability in capricorn86 (CVE-2026-34226)
vulnerability in capricorn86 (CVE-2026-34226). Confidential information can be exposed externally. Exploitable via ``window.location``.
|
| CVE-2026-33943 |
|
Code Injection in capricorn86 (CVE-2026-33943)
code injection in capricorn86 (CVE-2026-33943). Successful exploitation can lead to full system takeover. Exploitable via ``ECMAScriptModuleCompiler``.
|
| CVE-2026-33941 |
|
Cross-Site Scripting (XSS) in handlebarsjs (CVE-2026-33941)
cross-site scripting in handlebarsjs (CVE-2026-33941). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33940 |
|
Code Injection in handlebarsjs (CVE-2026-33940)
code injection in handlebarsjs (CVE-2026-33940). Successful exploitation can lead to full system takeover. Exploitable via ``undefined``.
|
| CVE-2026-33939 |
|
Vulnerability in dos (CVE-2026-33939)
vulnerability in dos (CVE-2026-33939). Risk of unauthorized operations or information disclosure. Exploitable via ``undefined``.
|
| CVE-2026-33937 |
|
Code Injection in handlebarsjs (CVE-2026-33937)
code injection in handlebarsjs (CVE-2026-33937). Successful exploitation can lead to full system takeover. Exploitable via ``value``.
|
| CVE-2026-33938 |
|
Code Injection in handlebarsjs (CVE-2026-33938)
code injection in handlebarsjs (CVE-2026-33938). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33895 |
|
Vulnerability in digitalbazaar (CVE-2026-33895)
vulnerability in digitalbazaar (CVE-2026-33895). Data can be tampered with by attackers. Exploitable via ``crypto.verify``.
|
| CVE-2026-33896 |
|
Vulnerability in digitalbazaar (CVE-2026-33896)
vulnerability in digitalbazaar (CVE-2026-33896). Confidential information can be exposed externally. Exploitable via ``basicConstraints``.
|
| CVE-2026-33891 |
|
Vulnerability in dos (CVE-2026-33891)
vulnerability in dos (CVE-2026-33891). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33894 |
|
Vulnerability in digitalbazaar (CVE-2026-33894)
vulnerability in digitalbazaar (CVE-2026-33894). Data can be tampered with by attackers.
|
| CVE-2026-30567 |
|
Cross-Site Scripting (XSS) in ahsanriaz26gmailcom (CVE-2026-30567)
cross-site scripting in ahsanriaz26gmailcom (CVE-2026-30567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5010 |
|
Cross-Site Scripting (XSS) in CVE-2026-5010 (CVE-2026-5010)
cross-site scripting in CVE-2026-5010 (CVE-2026-5010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33728 |
|
Unsafe Deserialization in com.datadoghq:dd-java-agent (CVE-2026-33728)
vulnerability in com.datadoghq:dd-java-agent (CVE-2026-33728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.60.3` or later.
|
| CVE-2026-33701 |
|
Unsafe Deserialization in linuxfoundation (CVE-2026-33701)
vulnerability in linuxfoundation (CVE-2026-33701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4926 |
|
Vulnerability in c (CVE-2026-4926)
vulnerability in c (CVE-2026-4926). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30463 |
|
SQL Injection in sqli (CVE-2026-30463)
SQL injection in sqli (CVE-2026-30463). Confidential information can be exposed externally.
|
| CVE-2026-30457 |
|
Code Injection in thedaylightstudio (CVE-2026-30457)
code injection in thedaylightstudio (CVE-2026-30457). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34071 |
|
Cross-Site Scripting (XSS) in stirling (CVE-2026-34071)
cross-site scripting in stirling (CVE-2026-34071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29934 |
|
Cross-Site Scripting (XSS) in lightcms-project (CVE-2026-29934)
cross-site scripting in lightcms-project (CVE-2026-29934). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4809 |
|
Unrestricted File Upload in laravel (CVE-2026-4809)
vulnerability in laravel (CVE-2026-4809). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30587 |
|
Cross-Site Scripting (XSS) in seafile (CVE-2026-30587)
cross-site scripting in seafile (CVE-2026-30587). Confidential information can be exposed externally. Mitigation: upgrade to `13.0.17` or later.
|
| CVE-2026-34085 |
|
Vulnerability in c (CVE-2026-34085)
vulnerability in c (CVE-2026-34085). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26832 |
|
OS Command Injection in zapolnoch (CVE-2026-26832)
OS command injection in zapolnoch (CVE-2026-26832). Successful exploitation can lead to full system takeover.
|