Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-41042 |
|
Vulnerability in apache (CVE-2026-41042)
vulnerability in apache (CVE-2026-41042). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23698 |
|
Unrestricted File Upload in apache (CVE-2026-23698)
vulnerability in apache (CVE-2026-23698). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23697 |
|
Unrestricted File Upload in apache (CVE-2026-23697)
vulnerability in apache (CVE-2026-23697). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43825 |
|
Unsafe Deserialization in apache (CVE-2026-43825)
vulnerability in apache (CVE-2026-43825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56139 |
|
Vulnerability in apache (CVE-2026-56139)
vulnerability in apache (CVE-2026-56139). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49365 |
|
Vulnerability in apache (CVE-2026-49365)
vulnerability in apache (CVE-2026-49365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49098 |
|
Vulnerability in c (CVE-2026-49098)
vulnerability in c (CVE-2026-49098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46590 |
|
Unsafe Deserialization in apache (CVE-2026-46590)
vulnerability in apache (CVE-2026-46590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42527 |
|
Unsafe Deserialization in csharp (CVE-2026-42527)
vulnerability in csharp (CVE-2026-42527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40859 |
|
Unsafe Deserialization in apache (CVE-2026-40859)
vulnerability in apache (CVE-2026-40859). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40047 |
|
Vulnerability in apache (CVE-2026-40047)
vulnerability in apache (CVE-2026-40047). Confidential information can be exposed externally. Exploitable via ``docling``.
|
| CVE-2026-43867 |
|
Unsafe Deserialization in apache (CVE-2026-43867)
vulnerability in apache (CVE-2026-43867). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43866 |
|
Unsafe Deserialization in apache (CVE-2026-43866)
vulnerability in apache (CVE-2026-43866). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46453 |
|
Vulnerability in apache (CVE-2026-46453)
vulnerability in apache (CVE-2026-46453). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43865 |
|
Unsafe Deserialization in csharp (CVE-2026-43865)
vulnerability in csharp (CVE-2026-43865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24012 |
|
Vulnerability in apache (CVE-2026-24012)
vulnerability in apache (CVE-2026-24012). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47896 |
|
Path Traversal in csharp (CVE-2026-47896)
path traversal in csharp (CVE-2026-47896). Confidential information can be exposed externally.
|
| CVE-2026-47898 |
|
XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47897 |
|
Path Traversal in csharp (CVE-2026-47897)
path traversal in csharp (CVE-2026-47897). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52760 |
|
Cross-Site Scripting (XSS) in apache (CVE-2026-52760)
cross-site scripting in apache (CVE-2026-52760). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48946 |
|
Unrestricted File Upload in apache (CVE-2026-48946)
vulnerability in apache (CVE-2026-48946). Risk of unauthorized operations or information disclosure. Exploitable via ``shell.php``.
|
| CVE-2026-49257 |
|
Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-41000 |
|
Vulnerability in c (CVE-2026-41000)
vulnerability in c (CVE-2026-41000). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45569 |
|
Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
|
| CVE-2026-45566 |
|
Open Redirect in nginx (CVE-2026-45566)
vulnerability in nginx (CVE-2026-45566). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45564 |
|
OS Command Injection in c (CVE-2026-45564)
OS command injection in c (CVE-2026-45564). Successful exploitation can lead to full system takeover. Exploitable via `POST /config/versions/`.
|
| CVE-2026-45558 |
|
Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
|
| CVE-2026-45560 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-45560)
cross-site scripting in c (CVE-2026-45560). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25699 |
|
Vulnerability in c (CVE-2026-25699)
vulnerability in c (CVE-2026-25699). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50076 |
|
Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
|
| CVE-2026-47065 |
|
Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45426 |
|
Authorization Flaw in apache-airflow (CVE-2026-45426)
vulnerability in apache-airflow (CVE-2026-45426). Risk of unauthorized operations or information disclosure. Exploitable via ``sub``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40961 |
|
Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-48557 |
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
| CVE-2026-48207 |
|
Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
|
| CVE-2018-25324 |
|
Vulnerability in wordpress (CVE-2018-25324)
vulnerability in wordpress (CVE-2018-25324). Confidential information can be exposed externally.
|
| CVE-2026-41258 |
|
Code Injection in org.openmrs.api:openmrs-api (CVE-2026-41258)
code injection in org.openmrs.api:openmrs-api (CVE-2026-41258). Successful exploitation can lead to full system takeover. Exploitable via ``VelocityEngine``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-35194 |
|
Code Injection in flink (CVE-2026-35194)
code injection in flink (CVE-2026-35194). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.4, 2.0.2, 2.1.1, 2.2.1` or later.
|
| CVE-2026-6722 |
|
Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-44966 |
|
Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
|
| CVE-2013-10075 |
|
Vulnerability in apache (CVE-2013-10075)
vulnerability in apache (CVE-2013-10075). Confidential information can be exposed externally.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-27172 |
|
Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40858 |
|
Unsafe Deserialization in apache (CVE-2026-40858)
vulnerability in apache (CVE-2026-40858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40473 |
|
Unsafe Deserialization in apache (CVE-2026-40473)
vulnerability in apache (CVE-2026-40473). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40048 |
|
Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
|
| CVE-2026-25747 |
|
Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2022-36124 |
|
Vulnerability in apache-avro (CVE-2022-36124)
vulnerability in apache-avro (CVE-2022-36124). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.0` or later.
|