Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44496 |
|
Vulnerability in axios (CVE-2026-44496)
vulnerability in axios (CVE-2026-44496). Risk of unauthorized operations or information disclosure. Exploitable via ``document.cookie``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-44488 |
|
Vulnerability in axios (CVE-2026-44488)
vulnerability in axios (CVE-2026-44488). Risk of unauthorized operations or information disclosure. Exploitable via ``fetch``. Mitigation: upgrade to `1.16.0` or later.
|
| CVE-2026-44487 |
|
Vulnerability in axios (CVE-2026-44487)
vulnerability in axios (CVE-2026-44487). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-44486 |
|
Information Disclosure in axios (CVE-2026-44486)
vulnerability in axios (CVE-2026-44486). Confidential information can be exposed externally. Exploitable via `GET /start`. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-41010 |
|
OS Command Injection in c (CVE-2026-41010)
OS command injection in c (CVE-2026-41010). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `282.1.12` or later.
|
| CVE-2026-10737 |
|
Vulnerability in wordpress (CVE-2026-10737)
vulnerability in wordpress (CVE-2026-10737). Confidential information can be exposed externally.
|
| CVE-2026-41011 |
|
OS Command Injection in c (CVE-2026-41011)
OS command injection in c (CVE-2026-41011). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `282.1.12` or later.
|
| CVE-2026-10777 |
|
A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
|
| CVE-2026-10771 |
|
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
|
| CVE-2026-44016 |
|
Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-44017 |
|
Path Traversal in docling (CVE-2026-44017)
path traversal in docling (CVE-2026-44017). Successful exploitation can lead to full system takeover. Exploitable via ``SecurityError``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-8874 |
|
Vulnerability in c (CVE-2026-8874)
vulnerability in c (CVE-2026-8874). Data can be tampered with by attackers.
|
| CVE-2026-8876 |
|
Vulnerability in securly (CVE-2026-8876)
vulnerability in securly (CVE-2026-8876). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8879 |
|
Vulnerability in securly (CVE-2026-8879)
vulnerability in securly (CVE-2026-8879). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8888 |
|
Vulnerability in dos (CVE-2026-8888)
vulnerability in dos (CVE-2026-8888). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46265 |
|
Vulnerability in c (CVE-2026-46265)
vulnerability in c (CVE-2026-46265). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46264 |
|
Use-After-Free in c (CVE-2026-46264)
vulnerability in c (CVE-2026-46264). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46260 |
|
Out-of-Bounds Read in c (CVE-2026-46260)
vulnerability in c (CVE-2026-46260). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46251 |
|
Vulnerability in c (CVE-2026-46251)
vulnerability in c (CVE-2026-46251). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46263 |
|
Out-of-Bounds Read in c (CVE-2026-46263)
vulnerability in c (CVE-2026-46263). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37460 |
|
Vulnerability in c (CVE-2026-37460)
vulnerability in c (CVE-2026-37460). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10704 |
|
Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10694 |
|
Vulnerability in CVE-2026-10694 (CVE-2026-10694)
vulnerability in CVE-2026-10694 (CVE-2026-10694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35482 |
|
Authorization Flaw in CVE-2026-35482 (CVE-2026-35482)
vulnerability in CVE-2026-35482 (CVE-2026-35482). Successful exploitation can lead to full system takeover. Exploitable via ``returnClass``.
|
| CVE-2026-31942 |
|
Vulnerability in librechat (CVE-2026-31942)
vulnerability in librechat (CVE-2026-31942). Data can be tampered with by attackers. Exploitable via `PUT /api/keys`.
|
| CVE-2026-10620 |
|
Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49143 |
|
Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
|
| CVE-2026-47265 |
|
Vulnerability in aiohttp (CVE-2026-47265)
vulnerability in aiohttp (CVE-2026-47265). Confidential information can be exposed externally. Exploitable via ``cookies``. Mitigation: upgrade to `3.14.0` or later.
|
| CVE-2026-1829 |
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
| CVE-2026-10608 |
|
Vulnerability in sqli (CVE-2026-10608)
vulnerability in sqli (CVE-2026-10608). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10607 |
|
Vulnerability in sqli (CVE-2026-10607)
vulnerability in sqli (CVE-2026-10607). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64390 |
|
Vulnerability in privilege-escalation (CVE-2025-64390)
vulnerability in privilege-escalation (CVE-2025-64390). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10606 |
|
Vulnerability in sqli (CVE-2026-10606)
vulnerability in sqli (CVE-2026-10606). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10046 |
|
Out-of-Bounds Write in c (CVE-2026-10046)
out-of-bounds write in c (CVE-2026-10046). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10047 |
|
Out-of-Bounds Write in c (CVE-2026-10047)
out-of-bounds write in c (CVE-2026-10047). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7313 |
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
|
| CVE-2026-7195 |
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
|
| CVE-2026-39555 |
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
| CVE-2026-39553 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2026-39552 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-69369 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-68886 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-58707 |
|
Vulnerability in CVE-2025-58707 (CVE-2025-58707)
vulnerability in CVE-2025-58707 (CVE-2025-58707). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58897 |
|
Vulnerability in CVE-2025-58897 (CVE-2025-58897)
vulnerability in CVE-2025-58897 (CVE-2025-58897). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53440 |
|
Vulnerability in CVE-2025-53440 (CVE-2025-53440)
vulnerability in CVE-2025-53440 (CVE-2025-53440). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58705 |
|
Vulnerability in CVE-2025-58705 (CVE-2025-58705)
vulnerability in CVE-2025-58705 (CVE-2025-58705). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58024 |
|
Vulnerability in CVE-2025-58024 (CVE-2025-58024)
vulnerability in CVE-2025-58024 (CVE-2025-58024). Successful exploitation can lead to full system takeover.
|
| CVE-2022-0492 KEV |
|
[KEV] Authentication Bypass in Linux c (CVE-2022-0492)
authentication bypass in Linux c (CVE-2022-0492). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24752 |
|
Cross-Site Scripting (XSS) in accellion (CVE-2026-24752)
cross-site scripting in accellion (CVE-2026-24752). Confidential information can be exposed externally.
|
| CVE-2026-49491 |
|
SQL Injection in sqli (CVE-2026-49491)
SQL injection in sqli (CVE-2026-49491). Confidential information can be exposed externally.
|