Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42027 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-41471 |
|
Vulnerability in wordpress (CVE-2026-41471)
vulnerability in wordpress (CVE-2026-41471). Confidential information can be exposed externally.
|
| CVE-2026-40075 |
|
Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40075)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40075). Confidential information can be exposed externally. Exploitable via ``ModuleResourcesServlet``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-42475 |
|
SQL Injection in sqli (CVE-2026-42475)
SQL injection in sqli (CVE-2026-42475). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37503 |
|
Cross-Site Scripting (XSS) in v2board (CVE-2026-37503)
cross-site scripting in v2board (CVE-2026-37503). Confidential information can be exposed externally.
|
| CVE-2026-37504 |
|
Vulnerability in v2board (CVE-2026-37504)
vulnerability in v2board (CVE-2026-37504). Confidential information can be exposed externally. Exploitable via `Referer header`.
|
| CVE-2026-37505 |
|
SQL Injection in sqli (CVE-2026-37505)
SQL injection in sqli (CVE-2026-37505). Confidential information can be exposed externally.
|
| CVE-2026-37552 |
|
Unsafe Deserialization in deserialization (CVE-2026-37552)
vulnerability in deserialization (CVE-2026-37552). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23866 |
|
Vulnerability in whatsapp (CVE-2026-23866)
vulnerability in whatsapp (CVE-2026-23866). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23863 |
|
Vulnerability in whatsapp (CVE-2026-23863)
vulnerability in whatsapp (CVE-2026-23863). Data can be tampered with by attackers.
|
| CVE-2026-43038 |
|
Vulnerability in linux (CVE-2026-43038)
vulnerability in linux (CVE-2026-43038). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31431 KEV |
|
[KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6543 |
|
Code Injection in langflow (CVE-2026-6543)
code injection in langflow (CVE-2026-6543). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3345 |
|
Path Traversal in langflow (CVE-2026-3345)
path traversal in langflow (CVE-2026-3345). Confidential information can be exposed externally.
|
| CVE-2026-4502 |
|
Path Traversal in langflow (CVE-2026-4502)
path traversal in langflow (CVE-2026-4502). Data can be tampered with by attackers.
|
| CVE-2026-4503 |
|
Vulnerability in langflow (CVE-2026-4503)
vulnerability in langflow (CVE-2026-4503). Confidential information can be exposed externally.
|
| CVE-2026-3340 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-3340)
SSRF in ssrf (CVE-2026-3340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3346 |
|
SQL Injection in langflow (CVE-2026-3346)
SQL injection in langflow (CVE-2026-3346). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41940 KEV |
|
[KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-42249 |
|
Path Traversal in path-traversal (CVE-2026-42249)
path traversal in path-traversal (CVE-2026-42249). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42248 |
|
Vulnerability in ollama (CVE-2026-42248)
vulnerability in ollama (CVE-2026-42248). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40296 |
|
Cross-Site Scripting (XSS) in phpoffice/phpspreadsheet (CVE-2026-40296)
cross-site scripting in phpoffice/phpspreadsheet (CVE-2026-40296). Risk of unauthorized operations or information disclosure. Exploitable via ``General``. Mitigation: upgrade to `1.30.4` or later.
|
| CVE-2026-7323 |
|
Buffer Overflow in mozilla (CVE-2026-7323)
vulnerability in mozilla (CVE-2026-7323). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7322 |
|
Buffer Overflow in mozilla (CVE-2026-7322)
vulnerability in mozilla (CVE-2026-7322). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7320 |
|
Buffer Overflow in mozilla (CVE-2026-7320)
vulnerability in mozilla (CVE-2026-7320). Confidential information can be exposed externally.
|
| CVE-2026-7324 |
|
Buffer Overflow in mozilla (CVE-2026-7324)
vulnerability in mozilla (CVE-2026-7324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41603 |
|
Vulnerability in apache (CVE-2026-41603)
vulnerability in apache (CVE-2026-41603). Confidential information can be exposed externally.
|
| CVE-2026-41604 |
|
Out-of-Bounds Read in apache (CVE-2026-41604)
vulnerability in apache (CVE-2026-41604). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41607 |
|
Out-of-Bounds Read in apache (CVE-2026-41607)
vulnerability in apache (CVE-2026-41607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41605 |
|
Vulnerability in apache (CVE-2026-41605)
vulnerability in apache (CVE-2026-41605). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41606 |
|
Vulnerability in apache (CVE-2026-41606)
vulnerability in apache (CVE-2026-41606). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-48431 |
|
Vulnerability in apache (CVE-2025-48431)
vulnerability in apache (CVE-2025-48431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41602 |
|
Vulnerability in apache (CVE-2026-41602)
vulnerability in apache (CVE-2026-41602). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-1708 KEV |
|
[KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-32202 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2026-32202)
vulnerability in Microsoft windows (CVE-2026-32202). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-3087 |
|
Path Traversal in libpython (CVE-2026-3087)
path traversal in libpython (CVE-2026-3087). Data can be tampered with by attackers. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-38934 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-38934 (CVE-2026-38934)
vulnerability in CVE-2026-38934 (CVE-2026-38934). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38935 |
|
Cross-Site Scripting (XSS) in CVE-2026-38935 (CVE-2026-38935)
cross-site scripting in CVE-2026-38935 (CVE-2026-38935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38936 |
|
Cross-Site Scripting (XSS) in CVE-2026-38936 (CVE-2026-38936)
cross-site scripting in CVE-2026-38936 (CVE-2026-38936). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41465 |
|
Path Traversal in path-traversal (CVE-2026-41465)
path traversal in path-traversal (CVE-2026-41465). Confidential information can be exposed externally.
|
| CVE-2026-40514 |
|
Vulnerability in smartertools (CVE-2026-40514)
vulnerability in smartertools (CVE-2026-40514). Confidential information can be exposed externally.
|
| CVE-2026-40022 |
|
Vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022)
vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022). Confidential information can be exposed externally. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-33453 |
|
Vulnerability in apache (CVE-2026-33453)
vulnerability in apache (CVE-2026-33453). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27172 |
|
Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40858 |
|
Unsafe Deserialization in apache (CVE-2026-40858)
vulnerability in apache (CVE-2026-40858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33454 |
|
Unsafe Deserialization in apache (CVE-2026-33454)
vulnerability in apache (CVE-2026-33454). Confidential information can be exposed externally.
|
| CVE-2026-40453 |
|
Vulnerability in org.apache.camel:camel-coap (CVE-2026-40453)
vulnerability in org.apache.camel:camel-coap (CVE-2026-40453). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-40860 |
|
Unsafe Deserialization in apache (CVE-2026-40860)
vulnerability in apache (CVE-2026-40860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40473 |
|
Unsafe Deserialization in apache (CVE-2026-40473)
vulnerability in apache (CVE-2026-40473). Successful exploitation can lead to full system takeover.
|