Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45369 |
|
OS Command Injection in utcp-cli (CVE-2026-45369)
OS command injection in utcp-cli (CVE-2026-45369). Successful exploitation can lead to full system takeover. Exploitable via ``_substitute_utcp_args``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-46509 |
|
Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
|
| CVE-2026-45672 |
|
Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
|
| CVE-2026-45395 |
|
Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
|
| CVE-2026-45348 |
|
Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
cross-site scripting in pyload-ng (CVE-2026-45348). Confidential information can be exposed externally. Exploitable via `POST /flash/add`.
|
| CVE-2026-42570 |
|
Vulnerability in devalue (CVE-2026-42570)
vulnerability in devalue (CVE-2026-42570). Risk of unauthorized operations or information disclosure. Exploitable via ``devalue.parse``. Mitigation: upgrade to `5.8.1` or later.
|
| CVE-2026-8597 |
|
Vulnerability in sagemaker (CVE-2026-8597)
vulnerability in sagemaker (CVE-2026-8597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-43907 |
|
Vulnerability in cpp (CVE-2026-43907)
vulnerability in cpp (CVE-2026-43907). Data can be tampered with by attackers. Mitigation: upgrade to `3.0.18.0` or later.
|
| CVE-2026-43905 |
|
Vulnerability in cpp (CVE-2026-43905)
vulnerability in cpp (CVE-2026-43905). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
|
| CVE-2026-43904 |
|
Out-of-Bounds Write in cpp (CVE-2026-43904)
out-of-bounds write in cpp (CVE-2026-43904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
|
| CVE-2026-43903 |
|
Out-of-Bounds Write in cpp (CVE-2026-43903)
out-of-bounds write in cpp (CVE-2026-43903). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
|
| CVE-2026-8596 |
|
Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
|
| CVE-2026-44633 |
|
Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
|
| CVE-2026-44586 |
|
Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
cross-site scripting in CVE-2026-44586 (CVE-2026-44586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-6332 |
|
Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
|
| CVE-2026-45011 |
|
Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
|
| CVE-2026-45013 |
|
Vulnerability in apostrophe (CVE-2026-45013)
vulnerability in apostrophe (CVE-2026-45013). Confidential information can be exposed externally. Exploitable via `POST /api/v1/login/reset-request`.
|
| CVE-2026-45012 |
|
SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
|
| CVE-2026-44511 |
|
Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
|
| CVE-2026-42594 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594). Risk of unauthorized operations or information disclosure. Exploitable via `GET /version`. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-41935 |
|
Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41937 |
|
Vulnerability in CVE-2026-41937 (CVE-2026-41937)
vulnerability in CVE-2026-41937 (CVE-2026-41937). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4031 |
|
Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
|
| CVE-2026-7377 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-7377)
cross-site scripting in gitlab (CVE-2026-7377). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-7481 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-7481)
cross-site scripting in gitlab (CVE-2026-7481). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-6073 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-6073)
cross-site scripting in gitlab (CVE-2026-6073). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-46419 |
|
Vulnerability in CVE-2026-46419 (CVE-2026-46419)
vulnerability in CVE-2026-46419 (CVE-2026-46419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44471 |
|
Vulnerability in gix-fs (CVE-2026-44471)
vulnerability in gix-fs (CVE-2026-44471). Successful exploitation can lead to full system takeover. Exploitable via ``payload``. Mitigation: upgrade to `0.21.1` or later.
|
| CVE-2026-45055 |
|
Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
|
| CVE-2026-45708 |
|
Code Injection in CVE-2026-45708 (CVE-2026-45708)
code injection in CVE-2026-45708 (CVE-2026-45708). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.3` or later.
|
| CVE-2026-42561 |
|
Vulnerability in python-multipart (CVE-2026-42561)
vulnerability in python-multipart (CVE-2026-42561). Risk of unauthorized operations or information disclosure. Exploitable via ``MultipartParser``. Mitigation: upgrade to `0.0.27` or later.
|
| CVE-2026-42304 |
|
Vulnerability in Twisted (CVE-2026-42304)
vulnerability in Twisted (CVE-2026-42304). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.4.0rc2` or later.
|
| CVE-2026-42550 |
|
SQL Injection in flightphp/core (CVE-2026-42550)
SQL injection in flightphp/core (CVE-2026-42550). Successful exploitation can lead to full system takeover. Exploitable via ``UPDATE``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42551 |
|
Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42552 |
|
Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-44004 |
|
Vulnerability in vm2 (CVE-2026-44004)
vulnerability in vm2 (CVE-2026-44004). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer.alloc``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43998 |
|
Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44001 |
|
Vulnerability in vm2 (CVE-2026-44001)
vulnerability in vm2 (CVE-2026-44001). Risk of unauthorized operations or information disclosure. Exploitable via ``onRejected``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2024-55045 |
|
Vulnerability in c (CVE-2024-55045)
vulnerability in c (CVE-2024-55045). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37223 |
|
Vulnerability in c (CVE-2020-37223)
vulnerability in c (CVE-2020-37223). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37218 |
|
SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
|
| CVE-2020-37222 |
|
Cross-Site Scripting (XSS) in c (CVE-2020-37222)
cross-site scripting in c (CVE-2020-37222). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45152 |
|
OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
OS command injection in gitlab.com/uniget-org/cli (CVE-2026-45152). Successful exploitation can lead to full system takeover. Exploitable via ``check``. Mitigation: upgrade to `0.27.1` or later.
|
| CVE-2026-45136 |
|
OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
|
| CVE-2026-45134 |
|
Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44724 |
|
OS Command Injection in systeminformation (CVE-2026-44724)
OS command injection in systeminformation (CVE-2026-44724). Successful exploitation can lead to full system takeover. Exploitable via ``systeminformation``. Mitigation: upgrade to `5.31.6` or later.
|
| CVE-2026-37430 |
|
Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6177 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3425 |
|
Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7635 |
|
Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
|