Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-42851 Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
CVE-2026-53724 Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
CVE-2026-53725 Information Disclosure in parse-server (CVE-2026-53725)
vulnerability in parse-server (CVE-2026-53725). Risk of unauthorized operations or information disclosure. Exploitable via ``get``. Mitigation: upgrade to `9.9.1-alpha.5` or later.
CVE-2026-53726 Vulnerability in parse-server (CVE-2026-53726)
vulnerability in parse-server (CVE-2026-53726). Risk of unauthorized operations or information disclosure. Exploitable via ``Relation``. Mitigation: upgrade to `8.6.80` or later.
CVE-2026-50008 Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
CVE-2026-12043 Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
CVE-2026-8828 Vulnerability in CVE-2026-8828 (CVE-2026-8828)
vulnerability in CVE-2026-8828 (CVE-2026-8828). Risk of unauthorized operations or information disclosure.
CVE-2026-50085 Vulnerability in c (CVE-2026-50085)
vulnerability in c (CVE-2026-50085). Data can be tampered with by attackers.
CVE-2026-50086 Vulnerability in c (CVE-2026-50086)
vulnerability in c (CVE-2026-50086). Successful exploitation can lead to full system takeover.
CVE-2026-50087 Vulnerability in c (CVE-2026-50087)
vulnerability in c (CVE-2026-50087). Confidential information can be exposed externally.
CVE-2026-50088 Vulnerability in c (CVE-2026-50088)
vulnerability in c (CVE-2026-50088). Confidential information can be exposed externally.
CVE-2026-50089 Open Redirect in c (CVE-2026-50089)
vulnerability in c (CVE-2026-50089). Risk of unauthorized operations or information disclosure.
CVE-2026-50090 Vulnerability in c (CVE-2026-50090)
vulnerability in c (CVE-2026-50090). Confidential information can be exposed externally.
CVE-2026-50091 Vulnerability in c (CVE-2026-50091)
vulnerability in c (CVE-2026-50091). Confidential information can be exposed externally.
CVE-2026-50082 Vulnerability in c (CVE-2026-50082)
vulnerability in c (CVE-2026-50082). Risk of unauthorized operations or information disclosure.
CVE-2026-50083 Vulnerability in c (CVE-2026-50083)
vulnerability in c (CVE-2026-50083). Confidential information can be exposed externally.
CVE-2026-50084 Vulnerability in c (CVE-2026-50084)
vulnerability in c (CVE-2026-50084). Confidential information can be exposed externally.
CVE-2026-45833 Code Injection in trychroma (CVE-2026-45833)
code injection in trychroma (CVE-2026-45833). Successful exploitation can lead to full system takeover.
CVE-2026-45830 Vulnerability in trychroma (CVE-2026-45830)
vulnerability in trychroma (CVE-2026-45830). Successful exploitation can lead to full system takeover.
CVE-2026-45831 Authorization Flaw in trychroma (CVE-2026-45831)
vulnerability in trychroma (CVE-2026-45831). Successful exploitation can lead to full system takeover.
CVE-2026-45832 Vulnerability in trychroma (CVE-2026-45832)
vulnerability in trychroma (CVE-2026-45832). Successful exploitation can lead to full system takeover.
CVE-2026-44967 Vulnerability in c (CVE-2026-44967)
vulnerability in c (CVE-2026-44967). Risk of unauthorized operations or information disclosure.
CVE-2026-53787 Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
CVE-2026-53721 Vulnerability in nuxt (CVE-2026-53721)
vulnerability in nuxt (CVE-2026-53721). Confidential information can be exposed externally. Exploitable via ``routeRules``. Mitigation: upgrade to `3.21.7` or later.
CVE-2026-53722 Cross-Site Scripting (XSS) in nuxt (CVE-2026-53722)
cross-site scripting in nuxt (CVE-2026-53722). Risk of unauthorized operations or information disclosure. Exploitable via ``href``. Mitigation: upgrade to `3.21.7` or later.
CVE-2026-54133 Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
CVE-2026-49993 Vulnerability in @nuxt/webpack-builder (CVE-2026-49993)
vulnerability in @nuxt/webpack-builder (CVE-2026-49993). Confidential information can be exposed externally. Exploitable via ``Origin``. Mitigation: upgrade to `3.21.7` or later.
CVE-2026-12066 Vulnerability in CVE-2026-12066 (CVE-2026-12066)
vulnerability in CVE-2026-12066 (CVE-2026-12066). Risk of unauthorized operations or information disclosure.
CVE-2026-48914 Vulnerability in c (CVE-2026-48914)
vulnerability in c (CVE-2026-48914). Risk of unauthorized operations or information disclosure.
CVE-2026-20746 Vulnerability in CVE-2026-20746 (CVE-2026-20746)
vulnerability in CVE-2026-20746 (CVE-2026-20746). Risk of unauthorized operations or information disclosure.
CVE-2026-9125 Cross-Site Scripting (XSS) in wordpress (CVE-2026-9125)
cross-site scripting in wordpress (CVE-2026-9125). Risk of unauthorized operations or information disclosure.
CVE-2026-11933 A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when...
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when...
CVE-2026-45418 SQL Injection in sqli (CVE-2026-45418)
SQL injection in sqli (CVE-2026-45418). Successful exploitation can lead to full system takeover. Exploitable via `POST /actions/subtitle_edit.php`.
CVE-2026-45060 SQL Injection in sqli (CVE-2026-45060)
SQL injection in sqli (CVE-2026-45060). Successful exploitation can lead to full system takeover.
CVE-2026-48109 Vulnerability in MessagePack (CVE-2026-48109)
vulnerability in MessagePack (CVE-2026-48109). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-53782 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
CVE-2026-46489 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
CVE-2026-52859 Out-of-Bounds Read in c (CVE-2026-52859)
vulnerability in c (CVE-2026-52859). Risk of unauthorized operations or information disclosure.
CVE-2026-53701 Out-of-Bounds Write in c (CVE-2026-53701)
out-of-bounds write in c (CVE-2026-53701). Risk of unauthorized operations or information disclosure.
CVE-2026-52858 Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
CVE-2026-52860 Code Injection in vim (CVE-2026-52860)
code injection in vim (CVE-2026-52860). Successful exploitation can lead to full system takeover.
CVE-2026-47169 Vulnerability in c (CVE-2026-47169)
vulnerability in c (CVE-2026-47169). Risk of unauthorized operations or information disclosure.
CVE-2026-47167 Code Injection in vim (CVE-2026-47167)
code injection in vim (CVE-2026-47167). Risk of unauthorized operations or information disclosure.
CVE-2026-11774 An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
CVE-2026-46698 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46698)
SSRF in wordpress (CVE-2026-46698). Risk of unauthorized operations or information disclosure.
CVE-2026-48546 Vulnerability in CVE-2026-48546 (CVE-2026-48546)
vulnerability in CVE-2026-48546 (CVE-2026-48546). Confidential information can be exposed externally.
CVE-2026-46697 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
CVE-2026-49982 Vulnerability in tmp (CVE-2026-49982)
vulnerability in tmp (CVE-2026-49982). Data can be tampered with by attackers. Exploitable via ``_assertPath``. Mitigation: upgrade to `0.2.7` or later.
CVE-2026-8406 Vulnerability in CVE-2026-8406 (CVE-2026-8406)
vulnerability in CVE-2026-8406 (CVE-2026-8406). Risk of unauthorized operations or information disclosure.
CVE-2026-38581 SQL Injection in sqli (CVE-2026-38581)
SQL injection in sqli (CVE-2026-38581). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →