Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42311 |
|
Vulnerability in pillow (CVE-2026-42311)
vulnerability in pillow (CVE-2026-42311). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `12.2.0` or later.
|
| CVE-2026-42301 |
|
Vulnerability in pyp2spec (CVE-2026-42301)
vulnerability in pyp2spec (CVE-2026-42301). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2026-41311 |
|
Vulnerability in liquidjs (CVE-2026-41311)
vulnerability in liquidjs (CVE-2026-41311). Risk of unauthorized operations or information disclosure. Exploitable via ``getBlockRender``. Mitigation: upgrade to `10.25.7` or later.
|
| CVE-2026-44966 |
|
Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44983 |
|
Vulnerability in smallbitvec (CVE-2026-44983)
vulnerability in smallbitvec (CVE-2026-44983). Risk of unauthorized operations or information disclosure. Exploitable via ``smallbitvec``.
|
| CVE-2026-44900 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
|
| CVE-2026-42352 |
|
SSRF (Server-Side Request Forgery) in pygeoapi (CVE-2026-42352)
SSRF in pygeoapi (CVE-2026-42352). Confidential information can be exposed externally. Exploitable via ``subscriber``. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42351 |
|
Path Traversal in pygeoapi (CVE-2026-42351)
path traversal in pygeoapi (CVE-2026-42351). Confidential information can be exposed externally. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42224 |
|
Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
cross-site scripting in ipl/web (CVE-2026-42224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.10.3` or later.
|
| CVE-2026-44843 |
|
Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
|
| CVE-2026-42205 |
|
Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
|
| CVE-2026-44728 |
|
Vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728)
vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.0-alpha.13` or later.
|
| CVE-2026-42189 |
|
Vulnerability in russh (CVE-2026-42189)
vulnerability in russh (CVE-2026-42189). Risk of unauthorized operations or information disclosure. Exploitable via ``read_userauth_info_response``. Mitigation: upgrade to `0.60.1` or later.
|
| CVE-2026-44680 |
|
SQL Injection in @mikro-orm/sql (CVE-2026-44680)
SQL injection in @mikro-orm/sql (CVE-2026-44680). Confidential information can be exposed externally. Exploitable via ``Platform.quoteIdentifier``. Mitigation: upgrade to `7.0.14` or later.
|
| CVE-2026-44721 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44714 |
|
Vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714)
vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714). Data can be tampered with by attackers. Exploitable via ``P2PKH``. Mitigation: upgrade to `0.17.1` or later.
|
| CVE-2026-7768 |
|
Vulnerability in @fastify/accepts-serializer (CVE-2026-7768)
vulnerability in @fastify/accepts-serializer (CVE-2026-7768). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-41886 |
|
Vulnerability in locize (CVE-2026-41886)
vulnerability in locize (CVE-2026-41886). Data can be tampered with by attackers. Exploitable via ``locize``. Mitigation: upgrade to `4.0.21` or later.
|
| CVE-2026-42353 |
|
Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41683 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41690 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41693 |
|
Path Traversal in i18next-fs-backend (CVE-2026-41693)
path traversal in i18next-fs-backend (CVE-2026-41693). Confidential information can be exposed externally. Exploitable via ``lng``. Mitigation: upgrade to `2.6.4` or later.
|
| CVE-2026-29975 |
|
Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29972 |
|
Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44498 |
|
Vulnerability in zebrad (CVE-2026-44498)
vulnerability in zebrad (CVE-2026-44498). Data can be tampered with by attackers. Exploitable via ``MAX_BLOCK_SIGOPS``. Mitigation: upgrade to `4.4.0` or later.
|
| CVE-2026-43466 |
|
Vulnerability in c (CVE-2026-43466)
vulnerability in c (CVE-2026-43466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43456 |
|
Vulnerability in c (CVE-2026-43456)
vulnerability in c (CVE-2026-43456). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43449 |
|
Out-of-Bounds Read in c (CVE-2026-43449)
vulnerability in c (CVE-2026-43449). Confidential information can be exposed externally.
|
| CVE-2026-43434 |
|
Vulnerability in c (CVE-2026-43434)
vulnerability in c (CVE-2026-43434). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43408 |
|
Vulnerability in c (CVE-2026-43408)
vulnerability in c (CVE-2026-43408). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43388 |
|
Use-After-Free in c (CVE-2026-43388)
vulnerability in c (CVE-2026-43388). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43368 |
|
Vulnerability in c (CVE-2026-43368)
vulnerability in c (CVE-2026-43368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41584 |
|
Vulnerability in zebrad (CVE-2026-41584)
vulnerability in zebrad (CVE-2026-41584). Risk of unauthorized operations or information disclosure. Exploitable via ``orchard``. Mitigation: upgrade to `4.3.1` or later.
|
| CVE-2026-41576 |
|
Cross-Site Scripting (XSS) in CVE-2026-41576 (CVE-2026-41576)
cross-site scripting in CVE-2026-41576 (CVE-2026-41576). Confidential information can be exposed externally.
|
| CVE-2026-41570 |
|
Vulnerability in phpunit/phpunit (CVE-2026-41570)
vulnerability in phpunit/phpunit (CVE-2026-41570). Successful exploitation can lead to full system takeover. Exploitable via ``auto_prepend_file``. Mitigation: upgrade to `13.1.6` or later.
|
| CVE-2026-41524 |
|
Cross-Site Scripting (XSS) in laravel (CVE-2026-41524)
cross-site scripting in laravel (CVE-2026-41524). Confidential information can be exposed externally.
|
| CVE-2025-67486 |
|
Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44338 |
|
Vulnerability in PraisonAI (CVE-2026-44338)
vulnerability in PraisonAI (CVE-2026-44338). Risk of unauthorized operations or information disclosure. Exploitable via `POST /chat`. Mitigation: upgrade to `4.6.34` or later.
|
| CVE-2026-43345 |
|
Vulnerability in c (CVE-2026-43345)
vulnerability in c (CVE-2026-43345). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43322 |
|
Use-After-Free in c (CVE-2026-43322)
vulnerability in c (CVE-2026-43322). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43290 |
|
Vulnerability in c (CVE-2026-43290)
vulnerability in c (CVE-2026-43290). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41493 |
|
Path Traversal in yard (CVE-2026-41493)
path traversal in yard (CVE-2026-41493). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.42` or later.
|
| CVE-2025-13836 |
|
Vulnerability in python (CVE-2025-13836)
vulnerability in python (CVE-2025-13836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.10.20, 3.11.15, 3.12.13, 3.13.11, 3.14.1` or later.
|
| CVE-2026-5127 |
|
Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32178 |
|
Vulnerability in dotnet (CVE-2026-32178)
vulnerability in dotnet (CVE-2026-32178). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2026-26171 |
|
Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2025-67888 |
|
OS Command Injection in CVE-2025-67888 (CVE-2025-67888)
OS command injection in CVE-2025-67888 (CVE-2025-67888). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-33288 |
|
SQL Injection in sqli (CVE-2024-33288)
SQL injection in sqli (CVE-2024-33288). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8133 |
|
Vulnerability in sqli (CVE-2026-8133)
vulnerability in sqli (CVE-2026-8133). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8132 |
|
Vulnerability in sqli (CVE-2026-8132)
vulnerability in sqli (CVE-2026-8132). Risk of unauthorized operations or information disclosure.
|