Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44015 |
|
SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
|
| CVE-2026-30246 |
|
Vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-30246)
vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-30246). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-6553 |
|
Vulnerability in typo3/cms-backend (CVE-2026-6553)
vulnerability in typo3/cms-backend (CVE-2026-6553). Confidential information can be exposed externally. Exploitable via ``SetupModuleController``. Mitigation: upgrade to `14.3.0` or later.
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-32179 |
|
Vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179)
vulnerability in Microsoft.Native.Quic.MsQuic.OpenSSL (CVE-2026-32179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.4.18` or later.
|
| CVE-2026-40176 |
|
Vulnerability in getcomposer (CVE-2026-40176)
vulnerability in getcomposer (CVE-2026-40176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40261 |
|
Vulnerability in getcomposer (CVE-2026-40261)
vulnerability in getcomposer (CVE-2026-40261). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40194 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-40194)
vulnerability in phpseclib/phpseclib (CVE-2026-40194). Risk of unauthorized operations or information disclosure. Exploitable via ``e819a163c``. Mitigation: upgrade to `1.0.28` or later.
|
| CVE-2026-27140 |
|
Authorization Flaw in toolchain (CVE-2026-27140)
vulnerability in toolchain (CVE-2026-27140). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-32280 |
|
Vulnerability in stdlib (CVE-2026-32280)
vulnerability in stdlib (CVE-2026-32280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-32283 |
|
Vulnerability in stdlib (CVE-2026-32283)
vulnerability in stdlib (CVE-2026-32283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-33810 |
|
Vulnerability in stdlib (CVE-2026-33810)
vulnerability in stdlib (CVE-2026-33810). Confidential information can be exposed externally. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-41365 |
|
Authorization Flaw in openclaw (CVE-2026-41365)
vulnerability in openclaw (CVE-2026-41365). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.3.31` or later.
|
| CVE-2026-33186 |
|
Vulnerability in grpc (CVE-2026-33186)
vulnerability in grpc (CVE-2026-33186). Confidential information can be exposed externally. Exploitable via ``info.FullMethod``.
|
| CVE-2026-32935 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-32935)
vulnerability in phpseclib/phpseclib (CVE-2026-32935). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.27` or later.
|
| CVE-2026-25679 |
|
Vulnerability in stdlib (CVE-2026-25679)
vulnerability in stdlib (CVE-2026-25679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.8, 1.26.1` or later.
|
| CVE-2026-27137 |
|
Vulnerability in stdlib (CVE-2026-27137)
vulnerability in stdlib (CVE-2026-27137). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.1` or later.
|
| CVE-2026-29049 |
|
Vulnerability in chainguard.dev/melange (CVE-2026-29049)
vulnerability in chainguard.dev/melange (CVE-2026-29049). Risk of unauthorized operations or information disclosure. Exploitable via ``io.Copy``. Mitigation: upgrade to `0.43.4` or later.
|
| CVE-2026-28406 |
|
Path Traversal in chainguard (CVE-2026-28406)
path traversal in chainguard (CVE-2026-28406). Data can be tampered with by attackers. Exploitable via ``dest``.
|
| CVE-2026-25639 |
|
Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
|
| CVE-2025-61732 |
|
Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
|
| CGA-7jqj-8457-jm46 |
|
Vulnerability in amazon-ecs-agent-fips (CGA-7jqj-8457-jm46)
vulnerability in amazon-ecs-agent-fips (CGA-7jqj-8457-jm46). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.100.1-r2` or later.
|
| CVE-2025-61726 |
|
Vulnerability in stdlib (CVE-2025-61726)
vulnerability in stdlib (CVE-2025-61726). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-61731 |
|
Vulnerability in toolchain (CVE-2025-61731)
vulnerability in toolchain (CVE-2025-61731). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-69263 |
|
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
|
| CVE-2025-51741 |
|
Vulnerability in dos (CVE-2025-51741)
vulnerability in dos (CVE-2025-51741). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-9355 |
|
Vulnerability in CVE-2024-9355 (CVE-2024-9355)
vulnerability in CVE-2024-9355 (CVE-2024-9355). Confidential information can be exposed externally.
|
| CVE-2024-27289 |
|
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for...
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a s...
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2023-42917 KEV |
|
[KEV] Out-of-Bounds Write in Apple java (CVE-2023-42917)
out-of-bounds write in Apple java (CVE-2023-42917). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.8.0, 8.0.411` or later.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2023-41993 KEV |
|
[KEV] Vulnerability in Apple java (CVE-2023-41993)
vulnerability in Apple java (CVE-2023-41993). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.8.0, 8.0.411` or later.
|
| CVE-2019-11840 |
|
Vulnerability in c (CVE-2019-11840)
vulnerability in c (CVE-2019-11840). Confidential information can be exposed externally.
|
| CVE-2017-10891 |
|
Vulnerability in sony (CVE-2017-10891)
vulnerability in sony (CVE-2017-10891). Successful exploitation can lead to full system takeover.
|
| CVE-2015-5739 |
|
Vulnerability in golang (CVE-2015-5739)
vulnerability in golang (CVE-2015-5739). Successful exploitation can lead to full system takeover.
|
| CVE-2015-5740 |
|
Vulnerability in golang (CVE-2015-5740)
vulnerability in golang (CVE-2015-5740). Successful exploitation can lead to full system takeover.
|
| CVE-2017-0903 |
|
Unsafe Deserialization in deserialization (CVE-2017-0903)
vulnerability in deserialization (CVE-2017-0903). Successful exploitation can lead to full system takeover.
|
| CVE-2008-7315 |
|
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.
|
| CVE-2017-15041 |
|
Vulnerability in golang (CVE-2017-15041)
vulnerability in golang (CVE-2017-15041). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15042 |
|
Vulnerability in golang (CVE-2017-15042)
vulnerability in golang (CVE-2017-15042). Confidential information can be exposed externally.
|
| CVE-2017-1000097 |
|
Vulnerability in golang (CVE-2017-1000097)
vulnerability in golang (CVE-2017-1000097). Data can be tampered with by attackers.
|
| CVE-2017-1000098 |
|
Vulnerability in golang (CVE-2017-1000098)
vulnerability in golang (CVE-2017-1000098). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-0899 |
|
Vulnerability in rubygems (CVE-2017-0899)
vulnerability in rubygems (CVE-2017-0899). Successful exploitation can lead to full system takeover.
|
| CVE-2017-0900 |
|
Vulnerability in dos (CVE-2017-0900)
vulnerability in dos (CVE-2017-0900). Risk of unauthorized operations or information disclosure. Exploitable via ``query``.
|
| CVE-2017-0901 |
|
Path Traversal in rubygems (CVE-2017-0901)
path traversal in rubygems (CVE-2017-0901). Data can be tampered with by attackers.
|
| CVE-2017-0902 |
|
Vulnerability in rubygems (CVE-2017-0902)
vulnerability in rubygems (CVE-2017-0902). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8932 |
|
Vulnerability in golang (CVE-2017-8932)
vulnerability in golang (CVE-2017-8932). Confidential information can be exposed externally.
|