Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9383 |
|
Vulnerability in sqli (CVE-2026-9383)
vulnerability in sqli (CVE-2026-9383). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9364 |
|
Vulnerability in sqli (CVE-2026-9364)
vulnerability in sqli (CVE-2026-9364). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9355 |
|
Vulnerability in sqli (CVE-2026-9355)
vulnerability in sqli (CVE-2026-9355). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9356 |
|
Vulnerability in sqli (CVE-2026-9356)
vulnerability in sqli (CVE-2026-9356). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9342 |
|
Vulnerability in sqli (CVE-2026-9342)
vulnerability in sqli (CVE-2026-9342). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25357 |
|
Code Injection in dolibarr/dolibarr (CVE-2018-25357)
code injection in dolibarr/dolibarr (CVE-2018-25357). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.8` or later.
|
| CVE-2018-25352 |
|
SQL Injection in wordpress (CVE-2018-25352)
SQL injection in wordpress (CVE-2018-25352). Confidential information can be exposed externally.
|
| CVE-2018-25349 |
|
Cross-Site Scripting (XSS) in CVE-2018-25349 (CVE-2018-25349)
cross-site scripting in CVE-2018-25349 (CVE-2018-25349). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25350 |
|
Vulnerability in CVE-2018-25350 (CVE-2018-25350)
vulnerability in CVE-2018-25350 (CVE-2018-25350). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25343 |
|
Cross-Site Request Forgery (CSRF) in CVE-2018-25343 (CVE-2018-25343)
vulnerability in CVE-2018-25343 (CVE-2018-25343). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25341 |
|
SQL Injection in sqli (CVE-2018-25341)
SQL injection in sqli (CVE-2018-25341). Confidential information can be exposed externally.
|
| CVE-2018-25342 |
|
SQL Injection in sqli (CVE-2018-25342)
SQL injection in sqli (CVE-2018-25342). Confidential information can be exposed externally.
|
| CVE-2026-9302 |
|
Vulnerability in CVE-2026-9302 (CVE-2026-9302)
vulnerability in CVE-2026-9302 (CVE-2026-9302). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25340 |
|
SQL Injection in sqli (CVE-2018-25340)
SQL injection in sqli (CVE-2018-25340). Confidential information can be exposed externally.
|
| CVE-2026-45659 KEV |
|
[KEV] Unsafe Deserialization in Microsoft deserialization (CVE-2026-45659)
vulnerability in Microsoft deserialization (CVE-2026-45659). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-23652 |
|
Command Injection in microsoft (CVE-2026-23652)
command injection in microsoft (CVE-2026-23652). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5843 |
|
Vulnerability in docker (CVE-2026-5843)
vulnerability in docker (CVE-2026-5843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5817 |
|
Vulnerability in docker (CVE-2026-5817)
vulnerability in docker (CVE-2026-5817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6406 |
|
Authorization Flaw in docker (CVE-2026-6406)
vulnerability in docker (CVE-2026-6406). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8670 |
|
Vulnerability in avantra (CVE-2026-8670)
vulnerability in avantra (CVE-2026-8670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8672 |
|
Vulnerability in avantra (CVE-2026-8672)
vulnerability in avantra (CVE-2026-8672). Confidential information can be exposed externally.
|
| CVE-2026-8673 |
|
Vulnerability in avantra (CVE-2026-8673)
vulnerability in avantra (CVE-2026-8673). Confidential information can be exposed externally.
|
| CVE-2026-8671 |
|
Vulnerability in avantra (CVE-2026-8671)
vulnerability in avantra (CVE-2026-8671). Data can be tampered with by attackers.
|
| CVE-2026-44930 |
|
Vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930)
vulnerability in org.apache.cxf.services.xkms:cxf-services-xkms-x509-repo-ldap (CVE-2026-44930). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-44417 |
|
Vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417)
vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-5289 |
|
Vulnerability in Google chrome (CVE-2026-5289)
vulnerability in Google chrome (CVE-2026-5289). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47166 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-47166)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47166). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-47165 |
|
Information Disclosure in Magick.NET-Q16-AnyCPU (CVE-2026-47165)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-47165). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-46693 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46693). Confidential information can be exposed externally. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-46692 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46692). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.12.0` or later.
|
| CVE-2026-7879 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7879)
vulnerability in concrete5/concrete5 (CVE-2026-7879). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47102 |
|
Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
|
| CVE-2026-8134 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8140 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8197 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47101 |
|
Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
|
| CVE-2026-46643 |
|
OS Command Injection in KnpLabs/knp-snappy (CVE-2026-46643)
OS command injection in KnpLabs/knp-snappy (CVE-2026-46643). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-46683 |
|
SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2026-48246 |
|
Vulnerability in CVE-2026-48246 (CVE-2026-48246)
vulnerability in CVE-2026-48246 (CVE-2026-48246). Confidential information can be exposed externally.
|
| CVE-2026-48245 |
|
Vulnerability in CVE-2026-48245 (CVE-2026-48245)
vulnerability in CVE-2026-48245 (CVE-2026-48245). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48248 |
|
Vulnerability in CVE-2026-48248 (CVE-2026-48248)
vulnerability in CVE-2026-48248 (CVE-2026-48248). Confidential information can be exposed externally.
|
| CVE-2026-48247 |
|
Vulnerability in CVE-2026-48247 (CVE-2026-48247)
vulnerability in CVE-2026-48247 (CVE-2026-48247). Confidential information can be exposed externally.
|
| CVE-2026-48249 |
|
Vulnerability in CVE-2026-48249 (CVE-2026-48249)
vulnerability in CVE-2026-48249 (CVE-2026-48249). Confidential information can be exposed externally.
|
| CVE-2026-48244 |
|
Vulnerability in CVE-2026-48244 (CVE-2026-48244)
vulnerability in CVE-2026-48244 (CVE-2026-48244). Risk of unauthorized operations or information disclosure.
|