Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-45369 OS Command Injection in utcp-cli (CVE-2026-45369)
OS command injection in utcp-cli (CVE-2026-45369). Successful exploitation can lead to full system takeover. Exploitable via ``_substitute_utcp_args``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-46509 Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-45672 Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-45395 Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45348 Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
cross-site scripting in pyload-ng (CVE-2026-45348). Confidential information can be exposed externally. Exploitable via `POST /flash/add`.
CVE-2026-42570 Vulnerability in devalue (CVE-2026-42570)
vulnerability in devalue (CVE-2026-42570). Risk of unauthorized operations or information disclosure. Exploitable via ``devalue.parse``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-8597 Vulnerability in sagemaker (CVE-2026-8597)
vulnerability in sagemaker (CVE-2026-8597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-43907 Vulnerability in cpp (CVE-2026-43907)
vulnerability in cpp (CVE-2026-43907). Data can be tampered with by attackers. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43905 Vulnerability in cpp (CVE-2026-43905)
vulnerability in cpp (CVE-2026-43905). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43904 Out-of-Bounds Write in cpp (CVE-2026-43904)
out-of-bounds write in cpp (CVE-2026-43904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43903 Out-of-Bounds Write in cpp (CVE-2026-43903)
out-of-bounds write in cpp (CVE-2026-43903). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-8596 Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-44633 Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
CVE-2026-44586 Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
cross-site scripting in CVE-2026-44586 (CVE-2026-44586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-6332 Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
CVE-2026-45011 Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
CVE-2026-45013 Vulnerability in apostrophe (CVE-2026-45013)
vulnerability in apostrophe (CVE-2026-45013). Confidential information can be exposed externally. Exploitable via `POST /api/v1/login/reset-request`.
CVE-2026-45012 SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
CVE-2026-44511 Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
CVE-2026-42594 Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594). Risk of unauthorized operations or information disclosure. Exploitable via `GET /version`. Mitigation: upgrade to `8.32.0` or later.
CVE-2026-41935 Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
CVE-2026-41937 Vulnerability in CVE-2026-41937 (CVE-2026-41937)
vulnerability in CVE-2026-41937 (CVE-2026-41937). Successful exploitation can lead to full system takeover.
CVE-2026-4031 Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
CVE-2026-7377 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7377)
cross-site scripting in gitlab (CVE-2026-7377). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-7481 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7481)
cross-site scripting in gitlab (CVE-2026-7481). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-6073 Cross-Site Scripting (XSS) in gitlab (CVE-2026-6073)
cross-site scripting in gitlab (CVE-2026-6073). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-46419 Vulnerability in CVE-2026-46419 (CVE-2026-46419)
vulnerability in CVE-2026-46419 (CVE-2026-46419). Successful exploitation can lead to full system takeover.
CVE-2026-44471 Vulnerability in gix-fs (CVE-2026-44471)
vulnerability in gix-fs (CVE-2026-44471). Successful exploitation can lead to full system takeover. Exploitable via ``payload``. Mitigation: upgrade to `0.21.1` or later.
CVE-2026-45055 Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
CVE-2026-45708 Code Injection in CVE-2026-45708 (CVE-2026-45708)
code injection in CVE-2026-45708 (CVE-2026-45708). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.3` or later.
CVE-2026-42561 Vulnerability in python-multipart (CVE-2026-42561)
vulnerability in python-multipart (CVE-2026-42561). Risk of unauthorized operations or information disclosure. Exploitable via ``MultipartParser``. Mitigation: upgrade to `0.0.27` or later.
CVE-2026-42304 Vulnerability in Twisted (CVE-2026-42304)
vulnerability in Twisted (CVE-2026-42304). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.4.0rc2` or later.
CVE-2026-42550 SQL Injection in flightphp/core (CVE-2026-42550)
SQL injection in flightphp/core (CVE-2026-42550). Successful exploitation can lead to full system takeover. Exploitable via ``UPDATE``. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-42551 Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-42552 Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-44004 Vulnerability in vm2 (CVE-2026-44004)
vulnerability in vm2 (CVE-2026-44004). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer.alloc``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43998 Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44001 Vulnerability in vm2 (CVE-2026-44001)
vulnerability in vm2 (CVE-2026-44001). Risk of unauthorized operations or information disclosure. Exploitable via ``onRejected``. Mitigation: upgrade to `3.11.0` or later.
CVE-2024-55045 Vulnerability in c (CVE-2024-55045)
vulnerability in c (CVE-2024-55045). Risk of unauthorized operations or information disclosure.
CVE-2020-37223 Vulnerability in c (CVE-2020-37223)
vulnerability in c (CVE-2020-37223). Successful exploitation can lead to full system takeover.
CVE-2020-37218 SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
CVE-2020-37222 Cross-Site Scripting (XSS) in c (CVE-2020-37222)
cross-site scripting in c (CVE-2020-37222). Risk of unauthorized operations or information disclosure.
CVE-2026-45152 OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
OS command injection in gitlab.com/uniget-org/cli (CVE-2026-45152). Successful exploitation can lead to full system takeover. Exploitable via ``check``. Mitigation: upgrade to `0.27.1` or later.
CVE-2026-45136 OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
CVE-2026-45134 Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-44724 OS Command Injection in systeminformation (CVE-2026-44724)
OS command injection in systeminformation (CVE-2026-44724). Successful exploitation can lead to full system takeover. Exploitable via ``systeminformation``. Mitigation: upgrade to `5.31.6` or later.
CVE-2026-37430 Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
CVE-2026-6177 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
CVE-2026-3425 Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
CVE-2026-7635 Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →