Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45585 |
|
Command Injection in microsoft (CVE-2026-45585)
command injection in microsoft (CVE-2026-45585). Successful exploitation can lead to full system takeover.
|
| CVE-2008-4250 KEV |
|
[KEV] Code Injection in Microsoft windows-2000 (CVE-2008-4250)
code injection in Microsoft windows-2000 (CVE-2008-4250). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2009-1537 KEV |
|
[KEV] Vulnerability in Microsoft directx (CVE-2009-1537)
vulnerability in Microsoft directx (CVE-2009-1537). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2010-0806 KEV |
|
[KEV] Vulnerability in Microsoft internet-explorer (CVE-2010-0806)
vulnerability in Microsoft internet-explorer (CVE-2010-0806). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2009-3459 KEV |
|
[KEV] Buffer Overflow in Adobe acrobat (CVE-2009-3459)
vulnerability in Adobe acrobat (CVE-2009-3459). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6365 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6365)
cross-site scripting in drupal (CVE-2026-6365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6366 |
|
Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
|
| CVE-2026-6367 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6367)
cross-site scripting in drupal (CVE-2026-6367). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.3.7` or later.
|
| CVE-2026-6871 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6871)
cross-site scripting in drupal (CVE-2026-6871). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6095 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2026-6095)
cross-site scripting in drupal (CVE-2026-6095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34234 |
|
OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34216 |
|
Vulnerability in CVE-2026-34216 (CVE-2026-34216)
vulnerability in CVE-2026-34216 (CVE-2026-34216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42526 |
|
Authorization Flaw in apache-airflow-providers-amazon (CVE-2026-42526)
vulnerability in apache-airflow-providers-amazon (CVE-2026-42526). Confidential information can be exposed externally. Exploitable via ``conn_id``. Mitigation: upgrade to `9.28.0` or later.
|
| CVE-2026-27173 |
|
Vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173)
vulnerability in apache-airflow-providers-cncf-kubernetes (CVE-2026-27173). Confidential information can be exposed externally. Mitigation: upgrade to `10.17.0` or later.
|
| CVE-2026-45802 |
|
Vulnerability in setasign/fpdi (CVE-2026-45802)
vulnerability in setasign/fpdi (CVE-2026-45802). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.7` or later.
|
| CVE-2026-46357 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46357). Risk of unauthorized operations or information disclosure. Exploitable via ``createSite``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-8073 |
|
Vulnerability in wordpress (CVE-2026-8073)
vulnerability in wordpress (CVE-2026-8073). Confidential information can be exposed externally.
|
| CVE-2026-8096 |
|
Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
|
| CVE-2026-6009 |
|
Unsafe Deserialization in net.sf.jasperreports:jasperreports (CVE-2026-6009)
vulnerability in net.sf.jasperreports:jasperreports (CVE-2026-6009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.0.7` or later.
|
| CVE-2026-5511 |
|
Vulnerability in tp-link (CVE-2026-5511)
vulnerability in tp-link (CVE-2026-5511). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46337 |
|
Path Traversal in WWBN/AVideo (CVE-2026-46337)
path traversal in WWBN/AVideo (CVE-2026-46337). Risk of unauthorized operations or information disclosure. Exploitable via `GET /view/img/image404Raw.php`.
|
| CVE-2026-56348 |
|
SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-8706 |
|
Information Disclosure in mozilla (CVE-2026-8706)
vulnerability in mozilla (CVE-2026-8706). Confidential information can be exposed externally.
|
| CVE-2026-45581 |
|
Vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581)
vulnerability in org.hyperledger.fabric-chaincode-java:fabric-chaincode-shim (CVE-2026-45581). Confidential information can be exposed externally. Mitigation: upgrade to `2.5.10` or later.
|
| CVE-2026-8711 |
|
Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46511 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46511). Risk of unauthorized operations or information disclosure. Exploitable via ``jwt``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46396 |
|
Cross-Site Scripting (XSS) in @haxtheweb/haxcms-nodejs (CVE-2026-46396)
cross-site scripting in @haxtheweb/haxcms-nodejs (CVE-2026-46396). Risk of unauthorized operations or information disclosure. Exploitable via ``src``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46395 |
|
Information Disclosure in @haxtheweb/haxcms-nodejs (CVE-2026-46395)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46395). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46391 |
|
Vulnerability in @haxtheweb/open-apis (CVE-2026-46391)
vulnerability in @haxtheweb/open-apis (CVE-2026-46391). Risk of unauthorized operations or information disclosure. Exploitable via ``cloudflared``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46496 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-46393 |
|
SSRF (Server-Side Request Forgery) in @haxtheweb/haxcms-nodejs (CVE-2026-46393)
SSRF in @haxtheweb/haxcms-nodejs (CVE-2026-46393). Risk of unauthorized operations or information disclosure. Exploitable via `POST /createSite`. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-8975 |
|
Buffer Overflow in mozilla (CVE-2026-8975)
vulnerability in mozilla (CVE-2026-8975). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8966 |
|
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151.
Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151.
|
| CVE-2026-8967 |
|
Information Disclosure in mozilla (CVE-2026-8967)
vulnerability in mozilla (CVE-2026-8967). Confidential information can be exposed externally.
|
| CVE-2026-8968 |
|
Vulnerability in mozilla (CVE-2026-8968)
vulnerability in mozilla (CVE-2026-8968). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8969 |
|
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151.
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151.
|
| CVE-2026-8970 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8970)
vulnerability in privilege-escalation (CVE-2026-8970). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8971 |
|
Vulnerability in mozilla (CVE-2026-8971)
vulnerability in mozilla (CVE-2026-8971). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8972 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8972)
vulnerability in privilege-escalation (CVE-2026-8972). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8973 |
|
Buffer Overflow in c (CVE-2026-8973)
vulnerability in c (CVE-2026-8973). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8974 |
|
Buffer Overflow in mozilla (CVE-2026-8974)
vulnerability in mozilla (CVE-2026-8974). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8957 |
|
Privilege Escalation in privilege-escalation (CVE-2026-8957)
vulnerability in privilege-escalation (CVE-2026-8957). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8958 |
|
Vulnerability in mozilla (CVE-2026-8958)
vulnerability in mozilla (CVE-2026-8958). Confidential information can be exposed externally.
|
| CVE-2026-8959 |
|
Vulnerability in mozilla (CVE-2026-8959)
vulnerability in mozilla (CVE-2026-8959). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8960 |
|
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.
Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151.
|
| CVE-2026-8961 |
|
Vulnerability in mozilla (CVE-2026-8961)
vulnerability in mozilla (CVE-2026-8961). Data can be tampered with by attackers.
|
| CVE-2026-8962 |
|
Vulnerability in mozilla (CVE-2026-8962)
vulnerability in mozilla (CVE-2026-8962). Confidential information can be exposed externally.
|
| CVE-2026-8963 |
|
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151.
Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151.
|
| CVE-2026-8964 |
|
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151.
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151.
|