Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2020-14779 |
|
Vulnerability in java (CVE-2020-14779)
vulnerability in java (CVE-2020-14779). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.281, 8.0.271, 11.0.9, 15.0.1` or later.
|
| CVE-2020-14664 |
|
Vulnerability in java (CVE-2020-14664)
vulnerability in java (CVE-2020-14664). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.8.0, 8.0.261` or later.
|
| CVE-2020-14621 |
|
Vulnerability in java (CVE-2020-14621)
vulnerability in java (CVE-2020-14621). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.271, 8.0.261, 11.0.8, 14.0.2` or later.
|
| CVE-2020-14593 |
|
Vulnerability in java (CVE-2020-14593)
vulnerability in java (CVE-2020-14593). Data can be tampered with by attackers. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.271, 8.0.261, 11.0.8, 14.0.2` or later.
|
| CVE-2020-14583 |
|
Vulnerability in java (CVE-2020-14583)
vulnerability in java (CVE-2020-14583). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.271, 8.0.261, 11.0.8, 14.0.2` or later.
|
| CVE-2020-14581 |
|
Vulnerability in java (CVE-2020-14581)
vulnerability in java (CVE-2020-14581). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.261, 11.0.8, 14.0.2` or later.
|
| CVE-2020-14579 |
|
Vulnerability in java (CVE-2020-14579)
vulnerability in java (CVE-2020-14579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.271, 8.0.261` or later.
|
| CVE-2020-14578 |
|
Vulnerability in java (CVE-2020-14578)
vulnerability in java (CVE-2020-14578). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.271, 8.0.261` or later.
|
| CVE-2020-14577 |
|
Vulnerability in java (CVE-2020-14577)
vulnerability in java (CVE-2020-14577). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 1.8.0, 7.0.271, 8.0.261, 11.0.8, 14.0.2` or later.
|
| CVE-2020-14573 |
|
Vulnerability in java (CVE-2020-14573)
vulnerability in java (CVE-2020-14573). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.8, 14.0.2` or later.
|
| CVE-2020-14562 |
|
Vulnerability in java (CVE-2020-14562)
vulnerability in java (CVE-2020-14562). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.8, 14.0.2` or later.
|
| CVE-2020-14556 |
|
Vulnerability in java (CVE-2020-14556)
vulnerability in java (CVE-2020-14556). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.261, 11.0.8, 14.0.2` or later.
|
| CVE-2026-35579 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-39383 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-39383). Confidential information can be exposed externally. Exploitable via ``FilterDeadline``. Mitigation: upgrade to `8.31.0` or later.
|
| CVE-2026-39852 |
|
Authentication Bypass in io.quarkus:quarkus-vertx-http (CVE-2026-39852)
authentication bypass in io.quarkus:quarkus-vertx-http (CVE-2026-39852). Confidential information can be exposed externally. Mitigation: upgrade to `3.35.1.1` or later.
|
| CVE-2026-35397 |
|
Path Traversal in jupyter-server (CVE-2026-35397)
path traversal in jupyter-server (CVE-2026-35397). Confidential information can be exposed externally. Exploitable via ``root_dir``. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-35453 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-32936 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32936)
vulnerability in github.com/coredns/coredns (CVE-2026-32936). Risk of unauthorized operations or information disclosure. Exploitable via ``dns``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33190 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-33190)
authentication bypass in github.com/coredns/coredns (CVE-2026-33190). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-33489 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-33489)
vulnerability in github.com/coredns/coredns (CVE-2026-33489). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-32934 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-32934)
vulnerability in github.com/coredns/coredns (CVE-2026-32934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2025-61669 |
|
Open Redirect in jupyter-server (CVE-2025-61669)
vulnerability in jupyter-server (CVE-2025-61669). Risk of unauthorized operations or information disclosure. Exploitable via ``google.com``. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-26956 |
|
Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
|
| CVE-2026-24120 |
|
Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
|
| CVE-2026-35527 |
|
SSRF (Server-Side Request Forgery) in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527)
SSRF in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527). Risk of unauthorized operations or information disclosure. Exploitable via ``restricted.images.servers``. Mitigation: upgrade to `7.0.0` or later.
|
| CVE-2026-44015 |
|
SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
|
| CVE-2026-30246 |
|
Information Disclosure in github.com/gofiber/fiber/v3 (CVE-2026-30246)
vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-30246). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-6553 |
|
Vulnerability in typo3/cms-backend (CVE-2026-6553)
vulnerability in typo3/cms-backend (CVE-2026-6553). Confidential information can be exposed externally. Exploitable via ``SetupModuleController``. Mitigation: upgrade to `14.3.0` or later.
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Risk of unauthorized operations or information disclosure. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-32179 |
|
Vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179)
vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.18` or later.
|
| CVE-2026-40194 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-40194)
vulnerability in phpseclib/phpseclib (CVE-2026-40194). Risk of unauthorized operations or information disclosure. Exploitable via ``e819a163c``. Mitigation: upgrade to `1.0.28` or later.
|
| CVE-2026-41365 |
|
Authorization Flaw in openclaw (CVE-2026-41365)
vulnerability in openclaw (CVE-2026-41365). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.3.31` or later.
|
| CVE-2026-32935 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-32935)
vulnerability in phpseclib/phpseclib (CVE-2026-32935). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.27` or later.
|
| CVE-2026-25639 |
|
Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
|
| CGA-7jqj-8457-jm46 |
|
Vulnerability in amazon-ecs-agent-fips (CGA-7jqj-8457-jm46)
vulnerability in amazon-ecs-agent-fips (CGA-7jqj-8457-jm46). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.100.1-r2` or later.
|
| CVE-2023-42917 KEV |
|
[KEV] Out-of-Bounds Write in Apple java (CVE-2023-42917)
out-of-bounds write in Apple java (CVE-2023-42917). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.8.0, 8.0.411` or later.
|
| CVE-2023-41993 KEV |
|
[KEV] Vulnerability in Apple java (CVE-2023-41993)
vulnerability in Apple java (CVE-2023-41993). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.8.0, 8.0.411` or later.
|