Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-32640 |
|
Code Injection in simpleeval (CVE-2026-32640)
code injection in simpleeval (CVE-2026-32640). Successful exploitation can lead to full system takeover. Exploitable via ``names``. Mitigation: upgrade to `1.0.5` or later.
|
| CVE-2026-32304 |
|
Code Injection in locutus (CVE-2026-32304)
code injection in locutus (CVE-2026-32304). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.14` or later.
|
| CVE-2025-13702 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2025-13702)
cross-site scripting in ibm (CVE-2025-13702). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32597 |
|
Vulnerability in pyjwt (CVE-2026-32597)
vulnerability in pyjwt (CVE-2026-32597). Data can be tampered with by attackers. Exploitable via ``crit``. Mitigation: upgrade to `2.12.0` or later.
|
| CVE-2026-2229 |
|
Vulnerability in c (CVE-2026-2229)
vulnerability in c (CVE-2026-2229). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1526 |
|
Vulnerability in nodejs (CVE-2026-1526)
vulnerability in nodejs (CVE-2026-1526). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32274 |
|
Path Traversal in black (CVE-2026-32274)
path traversal in black (CVE-2026-32274). Data can be tampered with by attackers.
|
| CVE-2025-61154 |
|
Vulnerability in c (CVE-2025-61154)
vulnerability in c (CVE-2025-61154). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13462 |
|
Vulnerability in CVE-2025-13462 (CVE-2025-13462)
vulnerability in CVE-2025-13462 (CVE-2025-13462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32141 |
|
Vulnerability in webreflection (CVE-2026-32141)
vulnerability in webreflection (CVE-2026-32141). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-28356 |
|
Vulnerability in dos (CVE-2026-28356)
vulnerability in dos (CVE-2026-28356). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.2` or later.
|
| CVE-2026-30951 |
|
SQL Injection in sqli (CVE-2026-30951)
SQL injection in sqli (CVE-2026-30951). Confidential information can be exposed externally. Mitigation: upgrade to `6.37.8` or later.
|
| CVE-2026-31812 |
|
Vulnerability in dos (CVE-2026-31812)
vulnerability in dos (CVE-2026-31812). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.11.14` or later.
|
| CVE-2026-28292 |
|
OS Command Injection in simple-git-project (CVE-2026-28292)
OS command injection in simple-git-project (CVE-2026-28292). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26130 |
|
Vulnerability in csharp (CVE-2026-26130)
vulnerability in csharp (CVE-2026-26130). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13902 |
|
Cross-Site Scripting (XSS) in schneider-electric (CVE-2025-13902)
cross-site scripting in schneider-electric (CVE-2025-13902). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29786 |
|
Path Traversal in c (CVE-2026-29786)
path traversal in c (CVE-2026-29786). Data can be tampered with by attackers.
|
| CVE-2026-29186 |
|
Vulnerability in linuxfoundation (CVE-2026-29186)
vulnerability in linuxfoundation (CVE-2026-29186). Confidential information can be exposed externally.
|
| CVE-2026-25679 |
|
Vulnerability in stdlib (CVE-2026-25679)
vulnerability in stdlib (CVE-2026-25679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.8, 1.26.1` or later.
|
| CVE-2026-27137 |
|
Vulnerability in stdlib (CVE-2026-27137)
vulnerability in stdlib (CVE-2026-27137). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.1` or later.
|
| CVE-2025-69654 |
|
Vulnerability in dos (CVE-2025-69654)
vulnerability in dos (CVE-2025-69654). Risk of unauthorized operations or information disclosure. Exploitable via ``qjs``.
|
| CVE-2026-29063 |
|
Vulnerability in immutable-js (CVE-2026-29063)
vulnerability in immutable-js (CVE-2026-29063). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69653 |
|
Vulnerability in c (CVE-2025-69653)
vulnerability in c (CVE-2025-69653). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29091 |
|
Vulnerability in locutus (CVE-2026-29091)
vulnerability in locutus (CVE-2026-29091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2752 |
|
Vulnerability in csharp (CVE-2026-2752)
vulnerability in csharp (CVE-2026-2752). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29062 |
|
Vulnerability in dos (CVE-2026-29062)
vulnerability in dos (CVE-2026-29062). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29074 |
|
Vulnerability in svgo (CVE-2026-29074)
vulnerability in svgo (CVE-2026-29074). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28802 |
|
Vulnerability in authlib (CVE-2026-28802)
vulnerability in authlib (CVE-2026-28802). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69534 |
|
Vulnerability in markdown (CVE-2025-69534)
vulnerability in markdown (CVE-2025-69534). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.8.1` or later.
|
| CVE-2026-3520 |
|
Vulnerability in dos (CVE-2026-3520)
vulnerability in dos (CVE-2026-3520). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15558 |
|
Vulnerability in c (CVE-2025-15558)
vulnerability in c (CVE-2025-15558). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23238 |
|
Vulnerability in c (CVE-2026-23238)
vulnerability in c (CVE-2026-23238). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29049 |
|
Vulnerability in chainguard.dev/melange (CVE-2026-29049)
vulnerability in chainguard.dev/melange (CVE-2026-29049). Risk of unauthorized operations or information disclosure. Exploitable via ``io.Copy``. Mitigation: upgrade to `0.43.4` or later.
|
| CVE-2026-28517 |
|
OS Command Injection in opendcim (CVE-2026-28517)
OS command injection in opendcim (CVE-2026-28517). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2293 |
|
Authorization Flaw in nestjs (CVE-2026-2293)
vulnerability in nestjs (CVE-2026-2293). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3304 |
|
Vulnerability in dos (CVE-2026-3304)
vulnerability in dos (CVE-2026-3304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2359 |
|
Vulnerability in dos (CVE-2026-2359)
vulnerability in dos (CVE-2026-2359). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24351 |
|
Cross-Site Scripting (XSS) in pluxml (CVE-2026-24351)
cross-site scripting in pluxml (CVE-2026-24351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28364 |
|
Vulnerability in c (CVE-2026-28364)
vulnerability in c (CVE-2026-28364). Confidential information can be exposed externally.
|
| CVE-2026-27509 |
|
Vulnerability in unitree (CVE-2026-27509)
vulnerability in unitree (CVE-2026-27509). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27970 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
cross-site scripting in angular (CVE-2026-27970). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27959 |
|
Vulnerability in koajs (CVE-2026-27959)
vulnerability in koajs (CVE-2026-27959). Data can be tampered with by attackers. Exploitable via `Host header`.
|
| CVE-2026-27830 |
|
Code Injection in deserialization (CVE-2026-27830)
code injection in deserialization (CVE-2026-27830). Successful exploitation can lead to full system takeover. Exploitable via ``javax.naming.Reference``.
|
| CVE-2026-26955 |
|
Out-of-Bounds Write in c (CVE-2026-26955)
out-of-bounds write in c (CVE-2026-26955). Successful exploitation can lead to full system takeover. Exploitable via ``xfreerdp``.
|
| CVE-2026-27727 |
|
Vulnerability in mchange (CVE-2026-27727)
vulnerability in mchange (CVE-2026-27727). Successful exploitation can lead to full system takeover. Exploitable via ``factoryClassLocation``.
|
| CVE-2026-27606 |
|
Path Traversal in path-traversal (CVE-2026-27606)
path traversal in path-traversal (CVE-2026-27606). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26351 |
|
Cross-Site Scripting (XSS) in getsimple-ce (CVE-2026-26351)
cross-site scripting in getsimple-ce (CVE-2026-26351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2797 |
|
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
|
| CVE-2026-2795 |
|
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 148.
|
| CVE-2026-2796 |
|
Vulnerability in mozilla (CVE-2026-2796)
vulnerability in mozilla (CVE-2026-2796). Successful exploitation can lead to full system takeover.
|