Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40858 |
|
Unsafe Deserialization in apache (CVE-2026-40858)
vulnerability in apache (CVE-2026-40858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40048 |
|
Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
|
| CVE-2026-40473 |
|
Unsafe Deserialization in apache (CVE-2026-40473)
vulnerability in apache (CVE-2026-40473). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6951 |
|
Code Injection in simple-git (CVE-2026-6951)
code injection in simple-git (CVE-2026-6951). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.36.0` or later.
|
| CVE-2026-41433 |
|
Path Traversal in opentelemetry (CVE-2026-41433)
path traversal in opentelemetry (CVE-2026-41433). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-33662 |
|
Vulnerability in c (CVE-2026-33662)
vulnerability in c (CVE-2026-33662). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42044 |
|
Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2026-42043 |
|
Vulnerability in axios (CVE-2026-42043)
vulnerability in axios (CVE-2026-42043). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-42041 |
|
Authentication Bypass in axios (CVE-2026-42041)
authentication bypass in axios (CVE-2026-42041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-42033 |
|
Vulnerability in axios (CVE-2026-42033)
vulnerability in axios (CVE-2026-42033). Confidential information can be exposed externally. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-41140 |
|
Path Traversal in path-traversal (CVE-2026-41140)
path traversal in path-traversal (CVE-2026-41140). Data can be tampered with by attackers. Mitigation: upgrade to `2.3.4` or later.
|
| CVE-2026-40897 |
|
Vulnerability in mathjs (CVE-2026-40897)
vulnerability in mathjs (CVE-2026-40897). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
|
| CVE-2026-42239 |
|
Vulnerability in @budibase/backend-core (CVE-2026-42239)
vulnerability in @budibase/backend-core (CVE-2026-42239). Confidential information can be exposed externally. Exploitable via ``document.cookie``. Mitigation: upgrade to `3.35.10` or later.
|
| CVE-2026-41316 |
|
Vulnerability in erb (CVE-2026-41316)
vulnerability in erb (CVE-2026-41316). Successful exploitation can lead to full system takeover. Exploitable via ``Marshal.load``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-31635 |
|
Vulnerability in c (CVE-2026-31635)
vulnerability in c (CVE-2026-31635). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31630 |
|
Vulnerability in c (CVE-2026-31630)
vulnerability in c (CVE-2026-31630). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31626 |
|
Vulnerability in c (CVE-2026-31626)
vulnerability in c (CVE-2026-31626). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31625 |
|
Vulnerability in c (CVE-2026-31625)
vulnerability in c (CVE-2026-31625). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31607 |
|
Out-of-Bounds Write in c (CVE-2026-31607)
out-of-bounds write in c (CVE-2026-31607). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31599 |
|
Vulnerability in c (CVE-2026-31599)
vulnerability in c (CVE-2026-31599). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31597 |
|
Use-After-Free in c (CVE-2026-31597)
vulnerability in c (CVE-2026-31597). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31596 |
|
Vulnerability in c (CVE-2026-31596)
vulnerability in c (CVE-2026-31596). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31585 |
|
Vulnerability in c (CVE-2026-31585)
vulnerability in c (CVE-2026-31585). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31586 |
|
Use-After-Free in c (CVE-2026-31586)
vulnerability in c (CVE-2026-31586). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31587 |
|
Use-After-Free in c (CVE-2026-31587)
vulnerability in c (CVE-2026-31587). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31578 |
|
Use-After-Free in c (CVE-2026-31578)
vulnerability in c (CVE-2026-31578). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31581 |
|
Use-After-Free in c (CVE-2026-31581)
vulnerability in c (CVE-2026-31581). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33317 |
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mis...
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds...
|
| CVE-2024-57728 KEV |
|
[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-28525 |
|
Out-of-Bounds Read in c (CVE-2026-28525)
vulnerability in c (CVE-2026-28525). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41213 |
|
Vulnerability in node-oauth (CVE-2026-41213)
vulnerability in node-oauth (CVE-2026-41213). Confidential information can be exposed externally.
|
| CVE-2026-3007 |
|
Cross-Site Scripting (XSS) in CVE-2026-3007 (CVE-2026-3007)
cross-site scripting in CVE-2026-3007 (CVE-2026-3007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41182 |
|
Information Disclosure in CVE-2026-41182 (CVE-2026-41182)
vulnerability in CVE-2026-41182 (CVE-2026-41182). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41673 |
|
Vulnerability in @xmldom/xmldom (CVE-2026-41673)
vulnerability in @xmldom/xmldom (CVE-2026-41673). Risk of unauthorized operations or information disclosure. Exploitable via ``node.textContent``. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-41674 |
|
Vulnerability in @xmldom/xmldom (CVE-2026-41674)
vulnerability in @xmldom/xmldom (CVE-2026-41674). Data can be tampered with by attackers. Exploitable via ``DocumentType``. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-41675 |
|
Vulnerability in @xmldom/xmldom (CVE-2026-41675)
vulnerability in @xmldom/xmldom (CVE-2026-41675). Data can be tampered with by attackers. Exploitable via ``data``. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-6019 |
|
Vulnerability in libpython (CVE-2026-6019)
vulnerability in libpython (CVE-2026-6019). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-3673 |
|
Cross-Site Scripting (XSS) in frappe (CVE-2026-3673)
cross-site scripting in frappe (CVE-2026-3673). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41672 |
|
Vulnerability in @xmldom/xmldom (CVE-2026-41672)
vulnerability in @xmldom/xmldom (CVE-2026-41672). Data can be tampered with by attackers. Exploitable via ``node.data``. Mitigation: upgrade to `0.9.10` or later.
|
| CVE-2026-41650 |
|
Vulnerability in fast-xml-parser (CVE-2026-41650)
vulnerability in fast-xml-parser (CVE-2026-41650). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.7.0` or later.
|
| CVE-2026-32885 |
|
Path Traversal in ddev (CVE-2026-32885)
path traversal in ddev (CVE-2026-32885). Data can be tampered with by attackers.
|
| CVE-2026-6859 |
|
Vulnerability in redhat (CVE-2026-6859)
vulnerability in redhat (CVE-2026-6859). Successful exploitation can lead to full system takeover. Exploitable via ``linux_train.py``.
|
| CVE-2026-41651 |
|
Vulnerability in c (CVE-2026-41651)
vulnerability in c (CVE-2026-41651). Successful exploitation can lead to full system takeover. Exploitable via ``RUNNING``.
|
| CVE-2026-31500 |
|
Use-After-Free in c (CVE-2026-31500)
vulnerability in c (CVE-2026-31500). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31437 |
|
Vulnerability in c (CVE-2026-31437)
vulnerability in c (CVE-2026-31437). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41144 |
|
Vulnerability in cpp (CVE-2026-41144)
vulnerability in cpp (CVE-2026-41144). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22016 |
|
Information Disclosure in c (CVE-2026-22016)
vulnerability in c (CVE-2026-22016). Confidential information can be exposed externally.
|
| CVE-2026-40895 |
|
Information Disclosure in follow-redirects-project (CVE-2026-40895)
vulnerability in follow-redirects-project (CVE-2026-40895). Confidential information can be exposed externally. Exploitable via `Cookie header`. Mitigation: upgrade to `1.16.0` or later.
|
| CVE-2026-34314 |
|
Vulnerability in c (CVE-2026-34314)
vulnerability in c (CVE-2026-34314). Confidential information can be exposed externally.
|
| CVE-2026-21999 |
|
Information Disclosure in c (CVE-2026-21999)
vulnerability in c (CVE-2026-21999). Confidential information can be exposed externally.
|