Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-44496 Vulnerability in axios (CVE-2026-44496)
vulnerability in axios (CVE-2026-44496). Risk of unauthorized operations or information disclosure. Exploitable via ``document.cookie``. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-44488 Vulnerability in axios (CVE-2026-44488)
vulnerability in axios (CVE-2026-44488). Risk of unauthorized operations or information disclosure. Exploitable via ``fetch``. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-44487 Vulnerability in axios (CVE-2026-44487)
vulnerability in axios (CVE-2026-44487). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-44486 Information Disclosure in axios (CVE-2026-44486)
vulnerability in axios (CVE-2026-44486). Confidential information can be exposed externally. Exploitable via `GET /start`. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-41010 OS Command Injection in c (CVE-2026-41010)
OS command injection in c (CVE-2026-41010). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `282.1.12` or later.
CVE-2026-10737 Vulnerability in wordpress (CVE-2026-10737)
vulnerability in wordpress (CVE-2026-10737). Confidential information can be exposed externally.
CVE-2026-41011 OS Command Injection in c (CVE-2026-41011)
OS command injection in c (CVE-2026-41011). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `282.1.12` or later.
CVE-2026-10777 A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
CVE-2026-10771 A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
CVE-2026-44016 Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-44017 Path Traversal in docling (CVE-2026-44017)
path traversal in docling (CVE-2026-44017). Successful exploitation can lead to full system takeover. Exploitable via ``SecurityError``. Mitigation: upgrade to `2.91.0` or later.
CVE-2026-8874 Vulnerability in c (CVE-2026-8874)
vulnerability in c (CVE-2026-8874). Data can be tampered with by attackers.
CVE-2026-8876 Vulnerability in securly (CVE-2026-8876)
vulnerability in securly (CVE-2026-8876). Risk of unauthorized operations or information disclosure.
CVE-2026-8879 Vulnerability in securly (CVE-2026-8879)
vulnerability in securly (CVE-2026-8879). Risk of unauthorized operations or information disclosure.
CVE-2026-8888 Vulnerability in dos (CVE-2026-8888)
vulnerability in dos (CVE-2026-8888). Risk of unauthorized operations or information disclosure.
CVE-2026-46265 Vulnerability in c (CVE-2026-46265)
vulnerability in c (CVE-2026-46265). Risk of unauthorized operations or information disclosure.
CVE-2026-46264 Use-After-Free in c (CVE-2026-46264)
vulnerability in c (CVE-2026-46264). Successful exploitation can lead to full system takeover.
CVE-2026-46260 Out-of-Bounds Read in c (CVE-2026-46260)
vulnerability in c (CVE-2026-46260). Successful exploitation can lead to full system takeover.
CVE-2026-46251 Vulnerability in c (CVE-2026-46251)
vulnerability in c (CVE-2026-46251). Successful exploitation can lead to full system takeover.
CVE-2026-46263 Out-of-Bounds Read in c (CVE-2026-46263)
vulnerability in c (CVE-2026-46263). Successful exploitation can lead to full system takeover.
CVE-2026-37460 Vulnerability in c (CVE-2026-37460)
vulnerability in c (CVE-2026-37460). Risk of unauthorized operations or information disclosure.
CVE-2026-10704 Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
CVE-2026-10694 Vulnerability in CVE-2026-10694 (CVE-2026-10694)
vulnerability in CVE-2026-10694 (CVE-2026-10694). Risk of unauthorized operations or information disclosure.
CVE-2026-35482 Authorization Flaw in CVE-2026-35482 (CVE-2026-35482)
vulnerability in CVE-2026-35482 (CVE-2026-35482). Successful exploitation can lead to full system takeover. Exploitable via ``returnClass``.
CVE-2026-31942 Vulnerability in librechat (CVE-2026-31942)
vulnerability in librechat (CVE-2026-31942). Data can be tampered with by attackers. Exploitable via `PUT /api/keys`.
CVE-2026-10620 Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
CVE-2026-49143 Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
CVE-2026-47265 Vulnerability in aiohttp (CVE-2026-47265)
vulnerability in aiohttp (CVE-2026-47265). Confidential information can be exposed externally. Exploitable via ``cookies``. Mitigation: upgrade to `3.14.0` or later.
CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
CVE-2026-10608 Vulnerability in sqli (CVE-2026-10608)
vulnerability in sqli (CVE-2026-10608). Risk of unauthorized operations or information disclosure.
CVE-2026-10607 Vulnerability in sqli (CVE-2026-10607)
vulnerability in sqli (CVE-2026-10607). Risk of unauthorized operations or information disclosure.
CVE-2025-64390 Vulnerability in privilege-escalation (CVE-2025-64390)
vulnerability in privilege-escalation (CVE-2025-64390). Successful exploitation can lead to full system takeover.
CVE-2026-10606 Vulnerability in sqli (CVE-2026-10606)
vulnerability in sqli (CVE-2026-10606). Risk of unauthorized operations or information disclosure.
CVE-2026-10046 Out-of-Bounds Write in c (CVE-2026-10046)
out-of-bounds write in c (CVE-2026-10046). Successful exploitation can lead to full system takeover.
CVE-2026-10047 Out-of-Bounds Write in c (CVE-2026-10047)
out-of-bounds write in c (CVE-2026-10047). Successful exploitation can lead to full system takeover.
CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CVE-2026-39555 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. ...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. ...
CVE-2026-39553 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2025-69369 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2025-68886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2025-58707 Vulnerability in CVE-2025-58707 (CVE-2025-58707)
vulnerability in CVE-2025-58707 (CVE-2025-58707). Successful exploitation can lead to full system takeover.
CVE-2025-58897 Vulnerability in CVE-2025-58897 (CVE-2025-58897)
vulnerability in CVE-2025-58897 (CVE-2025-58897). Successful exploitation can lead to full system takeover.
CVE-2025-53440 Vulnerability in CVE-2025-53440 (CVE-2025-53440)
vulnerability in CVE-2025-53440 (CVE-2025-53440). Successful exploitation can lead to full system takeover.
CVE-2025-58705 Vulnerability in CVE-2025-58705 (CVE-2025-58705)
vulnerability in CVE-2025-58705 (CVE-2025-58705). Successful exploitation can lead to full system takeover.
CVE-2025-58024 Vulnerability in CVE-2025-58024 (CVE-2025-58024)
vulnerability in CVE-2025-58024 (CVE-2025-58024). Successful exploitation can lead to full system takeover.
CVE-2022-0492 KEV [KEV] Authentication Bypass in Linux c (CVE-2022-0492)
authentication bypass in Linux c (CVE-2022-0492). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-24752 Cross-Site Scripting (XSS) in accellion (CVE-2026-24752)
cross-site scripting in accellion (CVE-2026-24752). Confidential information can be exposed externally.
CVE-2026-49491 SQL Injection in sqli (CVE-2026-49491)
SQL injection in sqli (CVE-2026-49491). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →