Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2026-47310 Use-After-Free in samsung (CVE-2026-47310)
vulnerability in samsung (CVE-2026-47310). Successful exploitation can lead to full system takeover.
CVE-2025-15609 Vulnerability in wordpress (CVE-2025-15609)
vulnerability in wordpress (CVE-2025-15609). Confidential information can be exposed externally.
CVE-2026-47308 Vulnerability in samsung (CVE-2026-47308)
vulnerability in samsung (CVE-2026-47308). Risk of unauthorized operations or information disclosure.
CVE-2026-47307 Vulnerability in dos (CVE-2026-47307)
vulnerability in dos (CVE-2026-47307). Risk of unauthorized operations or information disclosure.
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
CVE-2026-46559 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46557 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46557)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46557). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46523 ImageMagick: Use-After-Free in MSL decoder.
ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46522 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46521 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46520 ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
CVE-2026-45664 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45624 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45624)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45624). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45682 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45682)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45682). Risk of unauthorized operations or information disclosure. Exploitable via ``CappedConcurrentHashMap``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45683 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45683)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45683). Risk of unauthorized operations or information disclosure. Exploitable via ``bpf_probe_read``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45731 Path Traversal in WWBN/AVideo (CVE-2026-45731)
path traversal in WWBN/AVideo (CVE-2026-45731). Confidential information can be exposed externally. Exploitable via `POST /view/update.php`.
CVE-2026-45492 Vulnerability in microsoft (CVE-2026-45492)
vulnerability in microsoft (CVE-2026-45492). Risk of unauthorized operations or information disclosure.
CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-42822 Authentication Bypass in microsoft (CVE-2026-42822)
authentication bypass in microsoft (CVE-2026-42822). Successful exploitation can lead to full system takeover.
CVE-2026-29962 Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
CVE-2026-29964 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
CVE-2026-29965 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.
CVE-2026-29963 Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
CVE-2026-45031 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-42306 Vulnerability in github.com/docker/docker (CVE-2026-42306)
vulnerability in github.com/docker/docker (CVE-2026-42306). Data can be tampered with by attackers. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-41568 Vulnerability in github.com/docker/docker (CVE-2026-41568)
vulnerability in github.com/docker/docker (CVE-2026-41568). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-45358 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45358)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45358). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45359 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45359)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45359). Confidential information can be exposed externally. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45701 Vulnerability in sulu/sulu (CVE-2026-45701)
vulnerability in sulu/sulu (CVE-2026-45701). Risk of unauthorized operations or information disclosure. Exploitable via ``User.php``. Mitigation: upgrade to `2.6.23` or later.
CVE-2026-45300 Information Disclosure in org.asynchttpclient:async-http-client (CVE-2026-45300)
vulnerability in org.asynchttpclient:async-http-client (CVE-2026-45300). Confidential information can be exposed externally. Exploitable via ``Cookie``. Mitigation: upgrade to `2.15.0` or later.
CVE-2026-20685 Vulnerability in apple (CVE-2026-20685)
vulnerability in apple (CVE-2026-20685). Confidential information can be exposed externally.
CVE-2026-45660 SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
CVE-2026-42326 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-42326)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-42326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-39079 Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
CVE-2026-45135 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
CVE-2026-45620 Vulnerability in WWBN/AVideo (CVE-2026-45620)
vulnerability in WWBN/AVideo (CVE-2026-45620). Risk of unauthorized operations or information disclosure. Exploitable via ``d9cdc7024``.
CVE-2026-42009 Vulnerability in dos (CVE-2026-42009)
vulnerability in dos (CVE-2026-42009). Risk of unauthorized operations or information disclosure.
CVE-2026-8803 Vulnerability in CVE-2026-8803 (CVE-2026-8803)
vulnerability in CVE-2026-8803 (CVE-2026-8803). Risk of unauthorized operations or information disclosure.
CVE-2026-8802 Path Traversal in path-traversal (CVE-2026-8802)
path traversal in path-traversal (CVE-2026-8802). Risk of unauthorized operations or information disclosure.
CVE-2026-1631 Vulnerability in wordpress (CVE-2026-1631)
vulnerability in wordpress (CVE-2026-1631). Risk of unauthorized operations or information disclosure.
CVE-2026-3220 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3220)
cross-site scripting in wordpress (CVE-2026-3220). Successful exploitation can lead to full system takeover.
CVE-2026-6379 SQL Injection in wordpress (CVE-2026-6379)
SQL injection in wordpress (CVE-2026-6379). Confidential information can be exposed externally.
CVE-2026-6381 Path Traversal in wordpress (CVE-2026-6381)
path traversal in wordpress (CVE-2026-6381). Successful exploitation can lead to full system takeover.
CVE-2026-6495 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6495)
cross-site scripting in wordpress (CVE-2026-6495). Risk of unauthorized operations or information disclosure.
CVE-2026-8785 Vulnerability in sqli (CVE-2026-8785)
vulnerability in sqli (CVE-2026-8785). Risk of unauthorized operations or information disclosure.
CVE-2026-8771 Vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771)
vulnerability in org.linlinjava:litemall-wx-api (CVE-2026-8771). Risk of unauthorized operations or information disclosure.
CVE-2026-8773 Vulnerability in CVE-2026-8773 (CVE-2026-8773)
vulnerability in CVE-2026-8773 (CVE-2026-8773). Risk of unauthorized operations or information disclosure.
CVE-2026-8759 Vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759)
vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759). Risk of unauthorized operations or information disclosure.
CVE-2018-25335 Vulnerability in wordpress (CVE-2018-25335)
vulnerability in wordpress (CVE-2018-25335). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →