Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2021-47935 |
|
Code Injection in sentry (CVE-2021-47935)
code injection in sentry (CVE-2021-47935). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.2` or later.
|
| CVE-2021-47924 |
|
Cross-Site Scripting (XSS) in CVE-2021-47924 (CVE-2021-47924)
cross-site scripting in CVE-2021-47924 (CVE-2021-47924). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8231 |
|
Vulnerability in sqli (CVE-2026-8231)
vulnerability in sqli (CVE-2026-8231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7263 |
|
Vulnerability in libphp (CVE-2026-7263)
vulnerability in libphp (CVE-2026-7263). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
|
| CVE-2026-6104 |
|
Out-of-Bounds Read in libphp (CVE-2026-6104)
vulnerability in libphp (CVE-2026-6104). Confidential information can be exposed externally. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
|
| CVE-2026-7568 |
|
Out-of-Bounds Read in libphp (CVE-2026-7568)
vulnerability in libphp (CVE-2026-7568). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7262 |
|
Vulnerability in libphp (CVE-2026-7262)
vulnerability in libphp (CVE-2026-7262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7261 |
|
Use-After-Free in libphp (CVE-2026-7261)
vulnerability in libphp (CVE-2026-7261). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7259 |
|
Vulnerability in libphp (CVE-2026-7259)
vulnerability in libphp (CVE-2026-7259). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7258 |
|
Out-of-Bounds Read in libphp (CVE-2026-7258)
vulnerability in libphp (CVE-2026-7258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-6735 |
|
Cross-Site Scripting (XSS) in libphp (CVE-2026-6735)
cross-site scripting in libphp (CVE-2026-6735). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-6722 |
|
Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2025-14179 |
|
SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-8194 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-8194 (CVE-2026-8194)
vulnerability in CVE-2026-8194 (CVE-2026-8194). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42605 |
|
Path Traversal in azuracast/azuracast (CVE-2026-42605)
path traversal in azuracast/azuracast (CVE-2026-42605). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/station/{station_id}/files/upload`. Mitigation: upgrade to `0.23.6` or later.
|
| CVE-2026-42569 |
|
Vulnerability in nabeel/phpvms (CVE-2026-42569)
vulnerability in nabeel/phpvms (CVE-2026-42569). Data can be tampered with by attackers. Mitigation: upgrade to `7.0.6` or later.
|
| CVE-2026-42562 |
|
Privilege Escalation in CVE-2026-42562 (CVE-2026-42562)
vulnerability in CVE-2026-42562 (CVE-2026-42562). Confidential information can be exposed externally. Exploitable via `PUT /api.php/v1/users/{id}.`.
|
| CVE-2026-8193 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-8193 (CVE-2026-8193)
SSRF in CVE-2026-8193 (CVE-2026-8193). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20040 |
|
OS Command Injection in Cisco ios-xr (CVE-2026-20040)
OS command injection in Cisco ios-xr (CVE-2026-20040). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20108 |
|
Cross-Site Scripting (XSS) in Cisco catalyst-sd-wan-manager (CVE-2026-20108)
cross-site scripting in Cisco catalyst-sd-wan-manager (CVE-2026-20108). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20147 |
|
Command Injection in Cisco dos (CVE-2026-20147)
command injection in Cisco dos (CVE-2026-20147). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20180 |
|
Path Traversal in Cisco dos (CVE-2026-20180)
path traversal in Cisco dos (CVE-2026-20180). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20136 |
|
Vulnerability in Cisco identity-services-engine (CVE-2026-20136)
vulnerability in Cisco identity-services-engine (CVE-2026-20136). Confidential information can be exposed externally.
|
| CVE-2026-20132 |
|
Cross-Site Scripting (XSS) in Cisco identity-services-engine (CVE-2026-20132)
cross-site scripting in Cisco identity-services-engine (CVE-2026-20132). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20193 |
|
Vulnerability in Cisco identity-services-engine (CVE-2026-20193)
vulnerability in Cisco identity-services-engine (CVE-2026-20193). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7363 |
|
Vulnerability in Google chrome (CVE-2026-7363)
vulnerability in Google chrome (CVE-2026-7363). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7896 |
|
Vulnerability in Google chrome (CVE-2026-7896)
vulnerability in Google chrome (CVE-2026-7896). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6297 |
|
Use-After-Free in Google chrome (CVE-2026-6297)
vulnerability in Google chrome (CVE-2026-6297). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6074 |
|
Vulnerability in cisa (CVE-2026-6074)
vulnerability in cisa (CVE-2026-6074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20074 |
|
Vulnerability in Cisco dos (CVE-2026-20074)
vulnerability in Cisco dos (CVE-2026-20074). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8209 |
|
Vulnerability in path-traversal (CVE-2026-8209)
vulnerability in path-traversal (CVE-2026-8209). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8208 |
|
Vulnerability in CVE-2026-8208 (CVE-2026-8208)
vulnerability in CVE-2026-8208 (CVE-2026-8208). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8207 |
|
SQL Injection in sqli (CVE-2026-8207)
SQL injection in sqli (CVE-2026-8207). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44966 |
|
Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42354 |
|
Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
|
| CVE-2026-42224 |
|
Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
cross-site scripting in ipl/web (CVE-2026-42224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.10.3` or later.
|
| CVE-2026-37709 |
|
Vulnerability in snipe/snipe-it (CVE-2026-37709)
vulnerability in snipe/snipe-it (CVE-2026-37709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-41517 |
|
Unrestricted File Upload in CVE-2026-41517 (CVE-2026-41517)
vulnerability in CVE-2026-41517 (CVE-2026-41517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7807 |
|
Path Traversal in smartertools (CVE-2026-7807)
path traversal in smartertools (CVE-2026-7807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42028 |
|
Path Traversal in path-traversal (CVE-2026-42028)
path traversal in path-traversal (CVE-2026-42028). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42072 |
|
Vulnerability in graph (CVE-2026-42072)
vulnerability in graph (CVE-2026-42072). Successful exploitation can lead to full system takeover. Exploitable via ``NORNICDB_ADDRESS``.
|
| CVE-2026-41887 |
|
Path Traversal in flarum/core (CVE-2026-41887)
path traversal in flarum/core (CVE-2026-41887). Confidential information can be exposed externally. Exploitable via `POST /api/settings`. Mitigation: upgrade to `2.0.0-rc.1` or later.
|
| CVE-2026-43420 |
|
Vulnerability in c (CVE-2026-43420)
vulnerability in c (CVE-2026-43420). Risk of unauthorized operations or information disclosure. Exploitable via ``i_nlink``.
|
| CVE-2026-41576 |
|
Cross-Site Scripting (XSS) in CVE-2026-41576 (CVE-2026-41576)
cross-site scripting in CVE-2026-41576 (CVE-2026-41576). Confidential information can be exposed externally.
|
| CVE-2026-41570 |
|
Vulnerability in phpunit/phpunit (CVE-2026-41570)
vulnerability in phpunit/phpunit (CVE-2026-41570). Successful exploitation can lead to full system takeover. Exploitable via ``auto_prepend_file``. Mitigation: upgrade to `13.1.6` or later.
|
| CVE-2026-37431 |
|
SQL Injection in sqli (CVE-2026-37431)
SQL injection in sqli (CVE-2026-37431). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67486 |
|
Vulnerability in dolibarr (CVE-2025-67486)
vulnerability in dolibarr (CVE-2025-67486). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44336 |
|
Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
|
| CVE-2026-39816 |
|
Vulnerability in nifi (CVE-2026-39816)
vulnerability in nifi (CVE-2026-39816). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.0` or later.
|
| CVE-2026-25077 |
|
Code Injection in apache (CVE-2026-25077)
code injection in apache (CVE-2026-25077). Successful exploitation can lead to full system takeover.
|