Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45062 |
|
Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
|
| CVE-2026-35453 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-40176 |
|
Vulnerability in getcomposer (CVE-2026-40176)
vulnerability in getcomposer (CVE-2026-40176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40261 |
|
Vulnerability in getcomposer (CVE-2026-40261)
vulnerability in getcomposer (CVE-2026-40261). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40194 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-40194)
vulnerability in phpseclib/phpseclib (CVE-2026-40194). Risk of unauthorized operations or information disclosure. Exploitable via ``e819a163c``. Mitigation: upgrade to `1.0.28` or later.
|
| CVE-2026-32935 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-32935)
vulnerability in phpseclib/phpseclib (CVE-2026-32935). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.27` or later.
|