Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8093 |
|
Buffer Overflow in mozilla (CVE-2026-8093)
vulnerability in mozilla (CVE-2026-8093). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8094 |
|
Code Injection in firefox (CVE-2026-8094)
code injection in firefox (CVE-2026-8094). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8090 |
|
Use-After-Free in mozilla (CVE-2026-8090)
vulnerability in mozilla (CVE-2026-8090). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7924 |
|
Vulnerability in chromium (CVE-2026-7924)
vulnerability in chromium (CVE-2026-7924). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `148.0.7778.96-1~deb12u1` or later.
|
| CVE-2026-7925 |
|
Vulnerability in chromium (CVE-2026-7925)
vulnerability in chromium (CVE-2026-7925). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `148.0.7778.96-1~deb12u1` or later.
|
| CVE-2026-7923 |
|
Vulnerability in chromium (CVE-2026-7923)
vulnerability in chromium (CVE-2026-7923). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `148.0.7778.96-1~deb12u1` or later.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-8018 |
|
Vulnerability in google (CVE-2026-8018)
vulnerability in google (CVE-2026-8018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7989 |
|
Vulnerability in google (CVE-2026-7989)
vulnerability in google (CVE-2026-7989). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7979 |
|
Vulnerability in google (CVE-2026-7979)
vulnerability in google (CVE-2026-7979). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7959 |
|
Vulnerability in google (CVE-2026-7959)
vulnerability in google (CVE-2026-7959). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7946 |
|
Vulnerability in google (CVE-2026-7946)
vulnerability in google (CVE-2026-7946). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7932 |
|
Vulnerability in chromium (CVE-2026-7932)
vulnerability in chromium (CVE-2026-7932). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `148.0.7778.96-1~deb12u1` or later.
|
| CVE-2026-7910 |
|
Use-After-Free in google (CVE-2026-7910)
vulnerability in google (CVE-2026-7910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7915 |
|
Vulnerability in google (CVE-2026-7915)
vulnerability in google (CVE-2026-7915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7916 |
|
Vulnerability in google (CVE-2026-7916)
vulnerability in google (CVE-2026-7916). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7902 |
|
Out-of-Bounds Read in google (CVE-2026-7902)
vulnerability in google (CVE-2026-7902). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20195 |
|
Vulnerability in cisco (CVE-2026-20195)
vulnerability in cisco (CVE-2026-20195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20652 |
|
Vulnerability in java (CVE-2026-20652)
vulnerability in java (CVE-2026-20652). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20644 |
|
Buffer Overflow in java (CVE-2026-20644)
vulnerability in java (CVE-2026-20644). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20636 |
|
Buffer Overflow in java (CVE-2026-20636)
vulnerability in java (CVE-2026-20636). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20635 |
|
Buffer Overflow in java (CVE-2026-20635)
vulnerability in java (CVE-2026-20635). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20608 |
|
Vulnerability in java (CVE-2026-20608)
vulnerability in java (CVE-2026-20608). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2025-43457 |
|
Use-After-Free in java (CVE-2025-43457)
vulnerability in java (CVE-2025-43457). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-5081 |
|
Vulnerability in apache (CVE-2026-5081)
vulnerability in apache (CVE-2026-5081). Confidential information can be exposed externally.
|
| CVE-2026-43208 |
|
Vulnerability in linux (CVE-2026-43208)
vulnerability in linux (CVE-2026-43208). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43186 |
|
Vulnerability in c (CVE-2026-43186)
vulnerability in c (CVE-2026-43186). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43185 |
|
Vulnerability in linux (CVE-2026-43185)
vulnerability in linux (CVE-2026-43185). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43125 |
|
Out-of-Bounds Write in linux (CVE-2026-43125)
out-of-bounds write in linux (CVE-2026-43125). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43114 |
|
Vulnerability in c (CVE-2026-43114)
vulnerability in c (CVE-2026-43114). Confidential information can be exposed externally.
|
| CVE-2026-43083 |
|
Vulnerability in linux (CVE-2026-43083)
vulnerability in linux (CVE-2026-43083). Confidential information can be exposed externally.
|
| CVE-2026-7572 |
|
Vulnerability in www.velocidex.com/golang/velociraptor (CVE-2026-7572)
vulnerability in www.velocidex.com/golang/velociraptor (CVE-2026-7572). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.76.5` or later.
|
| CVE-2026-28780 |
|
Vulnerability in apache (CVE-2026-28780)
vulnerability in apache (CVE-2026-28780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0300 KEV |
|
[KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-43882 |
|
Vulnerability in wwbn/avideo (CVE-2026-43882)
vulnerability in wwbn/avideo (CVE-2026-43882). Risk of unauthorized operations or information disclosure. Exploitable via ``title``.
|
| CVE-2026-44167 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-44167)
vulnerability in phpseclib/phpseclib (CVE-2026-44167). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.29` or later.
|
| CVE-2026-35453 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-35453)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-35453). Risk of unauthorized operations or information disclosure. Exploitable via ``formatColor``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-38428 |
|
SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.
|
| CVE-2026-43071 |
|
Vulnerability in c (CVE-2026-43071)
vulnerability in c (CVE-2026-43071). Confidential information can be exposed externally.
|
| CVE-2026-43067 |
|
Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43868 |
|
Vulnerability in thrift (CVE-2026-43868)
vulnerability in thrift (CVE-2026-43868). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.0` or later.
|
| CVE-2026-43869 |
|
Vulnerability in org.apache.thrift:libthrift (CVE-2026-43869)
vulnerability in org.apache.thrift:libthrift (CVE-2026-43869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.0` or later.
|
| CVE-2026-38751 |
|
Unrestricted File Upload in devcode-it/openstamanager (CVE-2026-38751)
vulnerability in devcode-it/openstamanager (CVE-2026-38751). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25863 |
|
Vulnerability in wordpress (CVE-2026-25863)
vulnerability in wordpress (CVE-2026-25863). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42811 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42027 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-42809 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809). Successful exploitation can lead to full system takeover. Exploitable via ``location``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42440 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-42812 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812). Successful exploitation can lead to full system takeover. Exploitable via ``write.metadata.path``. Mitigation: upgrade to `1.4.1` or later.
|