Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50281 |
|
Vulnerability in craftcms/cms (CVE-2026-50281)
vulnerability in craftcms/cms (CVE-2026-50281). Risk of unauthorized operations or information disclosure. Exploitable via ``newAttributes``. Mitigation: upgrade to `5.9.21` or later.
|
| CVE-2026-48943 |
|
Vulnerability in c (CVE-2026-48943)
vulnerability in c (CVE-2026-48943). Risk of unauthorized operations or information disclosure. Exploitable via ``plg_user_k2``.
|
| CVE-2026-44495 |
|
Code Injection in axios (CVE-2026-44495)
code injection in axios (CVE-2026-44495). Confidential information can be exposed externally. Exploitable via ``Object.prototype.transformResponse``. Mitigation: upgrade to `1.15.0` or later.
|
| CVE-2026-44494 |
|
Vulnerability in axios (CVE-2026-44494)
vulnerability in axios (CVE-2026-44494). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `1.15.0` or later.
|
| CVE-2026-46625 |
|
Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
|
| CVE-2026-31252 |
|
Code Injection in deserialization (CVE-2026-31252)
code injection in deserialization (CVE-2026-31252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31251 |
|
Vulnerability in deserialization (CVE-2026-31251)
vulnerability in deserialization (CVE-2026-31251). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69690 |
|
Unsafe Deserialization in deserialization (CVE-2025-69690)
vulnerability in deserialization (CVE-2025-69690). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69691 |
|
Vulnerability in pfsense (CVE-2025-69691)
vulnerability in pfsense (CVE-2025-69691). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42264 |
|
Vulnerability in axios (CVE-2026-42264)
vulnerability in axios (CVE-2026-42264). Confidential information can be exposed externally. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2026-41139 |
|
Vulnerability in mathjs (CVE-2026-41139)
vulnerability in mathjs (CVE-2026-41139). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
|
| CVE-2026-42041 |
|
Authentication Bypass in axios (CVE-2026-42041)
authentication bypass in axios (CVE-2026-42041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-42044 |
|
Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
|
| CVE-2026-42033 |
|
Vulnerability in axios (CVE-2026-42033)
vulnerability in axios (CVE-2026-42033). Confidential information can be exposed externally. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-40897 |
|
Vulnerability in mathjs (CVE-2026-40897)
vulnerability in mathjs (CVE-2026-40897). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
|
| CVE-2026-40175 |
|
Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-33228 |
|
Vulnerability in webreflection (CVE-2026-33228)
vulnerability in webreflection (CVE-2026-33228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32640 |
|
Code Injection in simpleeval (CVE-2026-32640)
code injection in simpleeval (CVE-2026-32640). Successful exploitation can lead to full system takeover. Exploitable via ``names``. Mitigation: upgrade to `1.0.5` or later.
|
| CVE-2026-29063 |
|
Vulnerability in immutable-js (CVE-2026-29063)
vulnerability in immutable-js (CVE-2026-29063). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25521 |
|
Vulnerability in locutus (CVE-2026-25521)
vulnerability in locutus (CVE-2026-25521). Successful exploitation can lead to full system takeover.
|