Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57278 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57277 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57274 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57276 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57275 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57272 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57273 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57271 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57270 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-13125 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-56285 |
|
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
|
| CVE-2026-58050 |
|
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey...
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey...
|
| CVE-2026-54100 |
|
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
|
| CVE-2026-53843 |
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
| CVE-2026-53782 |
|
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
|
| CVE-2026-47170 |
|
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HT...
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning,...
|
| CVE-2026-45541 |
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation pat...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied Sec-WebSocket-Protocol request...
|
| CVE-2026-48916 |
|
SSRF (Server-Side Request Forgery) in org.jenkins-ci.plugins:ldap (CVE-2026-48916)
SSRF in org.jenkins-ci.plugins:ldap (CVE-2026-48916). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `807.809.vd3a` or later.
|
| CVE-2026-48917 |
|
Unsafe Deserialization in org.jenkins-ci.plugins:ldap (CVE-2026-48917)
vulnerability in org.jenkins-ci.plugins:ldap (CVE-2026-48917). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `807.809.vd3a` or later.
|
| CVE-2026-5260 |
|
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret...
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret...
|
| CVE-2026-42560 |
|
Authentication Bypass in oauth (CVE-2026-42560)
authentication bypass in oauth (CVE-2026-42560). Confidential information can be exposed externally. Exploitable via ``user.ID``.
|
| CVE-2026-42454 |
|
OS Command Injection in docker (CVE-2026-42454)
OS command injection in docker (CVE-2026-42454). Successful exploitation can lead to full system takeover. Exploitable via `GET /docker/containers/`.
|
| CVE-2026-42354 |
|
Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
|
| CVE-2026-42193 |
|
Vulnerability in aws (CVE-2026-42193)
vulnerability in aws (CVE-2026-42193). Data can be tampered with by attackers.
|
| CVE-2026-41070 |
|
Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
|
| CVE-2026-37431 |
|
SQL Injection in sqli (CVE-2026-37431)
SQL injection in sqli (CVE-2026-37431). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44335 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
|
| CVE-2026-41512 |
|
Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
|
| CVE-2026-41500 |
|
Command Injection in electerm-project (CVE-2026-41500)
command injection in electerm-project (CVE-2026-41500). Successful exploitation can lead to full system takeover. Exploitable via ``releaseInfo.name``. Mitigation: upgrade to `> 3.2.0` or later.
|
| CVE-2026-42880 |
|
Information Disclosure in argo-cd (CVE-2026-42880)
vulnerability in argo-cd (CVE-2026-42880). Confidential information can be exposed externally.
|
| CVE-2026-33823 |
|
Vulnerability in microsoft (CVE-2026-33823)
vulnerability in microsoft (CVE-2026-33823). Confidential information can be exposed externally.
|
| CVE-2026-35428 |
|
Command Injection in microsoft (CVE-2026-35428)
command injection in microsoft (CVE-2026-35428). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30496 |
|
Vulnerability in android (CVE-2026-30496)
vulnerability in android (CVE-2026-30496). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-35579 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-38428 |
|
SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.
|
| CVE-2024-7399 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57728 KEV |
|
[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27351 KEV |
|
[KEV] Authentication Bypass in Papercut ngmf (CVE-2023-27351)
authentication bypass in Papercut ngmf (CVE-2023-27351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-27199 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21643 KEV |
|
[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2026-21643)
SQL injection in Fortinet forticlient-ems (CVE-2026-21643). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-3055 KEV |
|
[KEV] Out-of-Bounds Read in Citrix netscaler (CVE-2026-3055)
vulnerability in Citrix netscaler (CVE-2026-3055). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-3256 |
|
Vulnerability in ktat (CVE-2026-3256)
vulnerability in ktat (CVE-2026-3256). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33186 |
|
Vulnerability in grpc (CVE-2026-33186)
vulnerability in grpc (CVE-2026-33186). Confidential information can be exposed externally. Exploitable via ``info.FullMethod``.
|
| CVE-2023-48795 |
|
Vulnerability in russh (CVE-2023-48795)
vulnerability in russh (CVE-2023-48795). Data can be tampered with by attackers. Mitigation: upgrade to `0.40.2` or later.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2022-45597 |
|
Vulnerability in componentspace (CVE-2022-45597)
vulnerability in componentspace (CVE-2022-45597). Successful exploitation can lead to full system takeover.
|
| CVE-2022-20773 |
|
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
|
| CVE-2021-22703 |
|
Vulnerability in schneider-electric (CVE-2021-22703)
vulnerability in schneider-electric (CVE-2021-22703). Confidential information can be exposed externally.
|