Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-36221 |
|
Vulnerability in ibm (CVE-2025-36221)
vulnerability in ibm (CVE-2025-36221). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14290 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-14290)
SSRF in ssrf (CVE-2025-14290). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36126 |
|
Cross-Site Scripting (XSS) in ibm (CVE-2025-36126)
cross-site scripting in ibm (CVE-2025-36126). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36145 |
|
Vulnerability in ibm (CVE-2025-36145)
vulnerability in ibm (CVE-2025-36145). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13755 |
|
Vulnerability in ibm (CVE-2025-13755)
vulnerability in ibm (CVE-2025-13755). Confidential information can be exposed externally.
|
| CVE-2026-48687 |
|
OS Command Injection in c (CVE-2026-48687)
OS command injection in c (CVE-2026-48687). Successful exploitation can lead to full system takeover. Exploitable via ``date``.
|
| CVE-2026-40564 |
|
Vulnerability in apache (CVE-2026-40564)
vulnerability in apache (CVE-2026-40564). Confidential information can be exposed externally.
|
| CVE-2026-4480 |
|
OS Command Injection in redhat (CVE-2026-4480)
OS command injection in redhat (CVE-2026-4480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45247 KEV |
|
[KEV] Unsafe Deserialization in Mirasvit full-page-cache-warmer (CVE-2026-45247)
vulnerability in Mirasvit full-page-cache-warmer (CVE-2026-45247). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-42785 |
|
Code Injection in CVE-2026-42785 (CVE-2026-42785)
code injection in CVE-2026-42785 (CVE-2026-42785). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9542 |
|
Vulnerability in sqli (CVE-2026-9542)
vulnerability in sqli (CVE-2026-9542). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8174 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-8174)
vulnerability in wordpress (CVE-2026-8174). Data can be tampered with by attackers.
|
| CVE-2026-39661 |
|
Vulnerability in CVE-2026-39661 (CVE-2026-39661)
vulnerability in CVE-2026-39661 (CVE-2026-39661). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9518 |
|
Cross-Site Scripting (XSS) in CVE-2026-9518 (CVE-2026-9518)
cross-site scripting in CVE-2026-9518 (CVE-2026-9518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9526 |
|
Vulnerability in sqli (CVE-2026-9526)
vulnerability in sqli (CVE-2026-9526). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9527 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-9527)
cross-site scripting in c (CVE-2026-9527). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9528 |
|
Vulnerability in sqli (CVE-2026-9528)
vulnerability in sqli (CVE-2026-9528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9525 |
|
Vulnerability in sqli (CVE-2026-9525)
vulnerability in sqli (CVE-2026-9525). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9517 |
|
Vulnerability in CVE-2026-9517 (CVE-2026-9517)
vulnerability in CVE-2026-9517 (CVE-2026-9517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8376 |
|
Vulnerability in c (CVE-2026-8376)
vulnerability in c (CVE-2026-8376). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9485 |
|
Cross-Site Scripting (XSS) in CVE-2026-9485 (CVE-2026-9485)
cross-site scripting in CVE-2026-9485 (CVE-2026-9485). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9484 |
|
Vulnerability in CVE-2026-9484 (CVE-2026-9484)
vulnerability in CVE-2026-9484 (CVE-2026-9484). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43828 |
|
Vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828)
vulnerability in org.apache.shiro:shiro-web (CVE-2026-43828). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-44598 |
|
Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-44598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-43827 |
|
Vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-43827). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-48589 |
|
Open Redirect in org.apache.shiro:shiro-jakarta-ee (CVE-2026-48589)
vulnerability in org.apache.shiro:shiro-jakarta-ee (CVE-2026-48589). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-9483 |
|
Vulnerability in CVE-2026-9483 (CVE-2026-9483)
vulnerability in CVE-2026-9483 (CVE-2026-9483). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9474 |
|
Vulnerability in sqli (CVE-2026-9474)
vulnerability in sqli (CVE-2026-9474). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9470 |
|
Vulnerability in sqli (CVE-2026-9470)
vulnerability in sqli (CVE-2026-9470). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9469 |
|
Vulnerability in sqli (CVE-2026-9469)
vulnerability in sqli (CVE-2026-9469). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9471 |
|
Cross-Site Scripting (XSS) in CVE-2026-9471 (CVE-2026-9471)
cross-site scripting in CVE-2026-9471 (CVE-2026-9471). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9078 |
|
Vulnerability in mozilla (CVE-2026-9078)
vulnerability in mozilla (CVE-2026-9078). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42782 |
|
Vulnerability in org.apache.syncope.core:syncope-core-spring (CVE-2026-42782)
vulnerability in org.apache.syncope.core:syncope-core-spring (CVE-2026-42782). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-42797 |
|
Vulnerability in org.apache.syncope.core:syncope-core-provisioning-api (CVE-2026-42797)
vulnerability in org.apache.syncope.core:syncope-core-provisioning-api (CVE-2026-42797). Confidential information can be exposed externally. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2018-25370 |
|
Cross-Site Request Forgery (CSRF) in CVE-2018-25370 (CVE-2018-25370)
vulnerability in CVE-2018-25370 (CVE-2018-25370). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25372 |
|
SQL Injection in sqli (CVE-2018-25372)
SQL injection in sqli (CVE-2018-25372). Confidential information can be exposed externally.
|
| CVE-2018-25374 |
|
Path Traversal in c (CVE-2018-25374)
path traversal in c (CVE-2018-25374). Confidential information can be exposed externally.
|
| CVE-2018-25362 |
|
SQL Injection in sqli (CVE-2018-25362)
SQL injection in sqli (CVE-2018-25362). Confidential information can be exposed externally.
|
| CVE-2018-25363 |
|
Cross-Site Request Forgery (CSRF) in CVE-2018-25363 (CVE-2018-25363)
vulnerability in CVE-2018-25363 (CVE-2018-25363). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25364 |
|
SQL Injection in sqli (CVE-2018-25364)
SQL injection in sqli (CVE-2018-25364). Confidential information can be exposed externally.
|
| CVE-2026-9451 |
|
Vulnerability in sqli (CVE-2026-9451)
vulnerability in sqli (CVE-2026-9451). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9449 |
|
Vulnerability in sqli (CVE-2026-9449)
vulnerability in sqli (CVE-2026-9449). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9450 |
|
Vulnerability in sqli (CVE-2026-9450)
vulnerability in sqli (CVE-2026-9450). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9446 |
|
Vulnerability in sqli (CVE-2026-9446)
vulnerability in sqli (CVE-2026-9446). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9444 |
|
Vulnerability in sqli (CVE-2026-9444)
vulnerability in sqli (CVE-2026-9444). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9445 |
|
Vulnerability in CVE-2026-9445 (CVE-2026-9445)
vulnerability in CVE-2026-9445 (CVE-2026-9445). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9447 |
|
Vulnerability in sqli (CVE-2026-9447)
vulnerability in sqli (CVE-2026-9447). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9448 |
|
Cross-Site Scripting (XSS) in CVE-2026-9448 (CVE-2026-9448)
cross-site scripting in CVE-2026-9448 (CVE-2026-9448). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46745 |
|
Vulnerability in apache-airflow-providers-fab (CVE-2026-46745)
vulnerability in apache-airflow-providers-fab (CVE-2026-46745). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.4` or later.
|
| CVE-2026-45361 |
|
Vulnerability in apache-airflow-providers-google (CVE-2026-45361)
vulnerability in apache-airflow-providers-google (CVE-2026-45361). Successful exploitation can lead to full system takeover. Exploitable via ``ComputeEngineSSHHook``. Mitigation: upgrade to `22.0.0` or later.
|