Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8519 |
|
Vulnerability in c (CVE-2026-8519)
vulnerability in c (CVE-2026-8519). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8510 |
|
Vulnerability in google (CVE-2026-8510)
vulnerability in google (CVE-2026-8510). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8525 |
|
Vulnerability in google (CVE-2026-8525)
vulnerability in google (CVE-2026-8525). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8522 |
|
Use-After-Free in google (CVE-2026-8522)
vulnerability in google (CVE-2026-8522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8509 |
|
Vulnerability in Google chrome (CVE-2026-8509)
vulnerability in Google chrome (CVE-2026-8509). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44666 |
|
OS Command Injection in CVE-2026-44666 (CVE-2026-44666)
OS command injection in CVE-2026-44666 (CVE-2026-44666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.8` or later.
|
| CVE-2026-42847 |
|
SQL Injection in sqli (CVE-2026-42847)
SQL injection in sqli (CVE-2026-42847). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.5.3` or later.
|
| CVE-2026-27680 |
|
Vulnerability in sap (CVE-2026-27680)
vulnerability in sap (CVE-2026-27680). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41615 |
|
Information Disclosure in microsoft (CVE-2026-41615)
vulnerability in microsoft (CVE-2026-41615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42897 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
cross-site scripting in Microsoft exchange-server (CVE-2026-42897). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6332 |
|
Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
|
| CVE-2026-44511 |
|
Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
|
| CVE-2026-42555 |
|
Code Injection in com.ritense.valtimo:document (CVE-2026-42555)
code injection in com.ritense.valtimo:document (CVE-2026-42555). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/management/v1/document-definition/migrate`. Mitigation: upgrade to `12.32.0` or later.
|
| CVE-2026-20210 |
|
Vulnerability in cisco (CVE-2026-20210)
vulnerability in cisco (CVE-2026-20210). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20224 |
|
Vulnerability in cisco (CVE-2026-20224)
vulnerability in cisco (CVE-2026-20224). Confidential information can be exposed externally.
|
| CVE-2026-45292 |
|
Vulnerability in io.opentelemetry:opentelemetry-api (CVE-2026-45292)
vulnerability in io.opentelemetry:opentelemetry-api (CVE-2026-45292). Risk of unauthorized operations or information disclosure. Exploitable via ``W3CBaggagePropagator``. Mitigation: upgrade to `1.62.0` or later.
|
| CVE-2026-46480 |
|
Vulnerability in flowise (CVE-2026-46480)
vulnerability in flowise (CVE-2026-46480). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluators/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46479 |
|
Vulnerability in flowise (CVE-2026-46479)
vulnerability in flowise (CVE-2026-46479). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluations/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46478 |
|
Vulnerability in flowise (CVE-2026-46478)
vulnerability in flowise (CVE-2026-46478). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasetrows/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46477 |
|
Vulnerability in flowise (CVE-2026-46477)
vulnerability in flowise (CVE-2026-46477). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasets/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46476 |
|
Vulnerability in flowise (CVE-2026-46476)
vulnerability in flowise (CVE-2026-46476). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/customtemplates/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46475 |
|
Vulnerability in flowise (CVE-2026-46475)
vulnerability in flowise (CVE-2026-46475). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/assistants/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46444 |
|
Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-45732 |
|
Vulnerability in n8n (CVE-2026-45732)
vulnerability in n8n (CVE-2026-45732). Confidential information can be exposed externally. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44792 |
|
SQL Injection in n8n (CVE-2026-44792)
SQL injection in n8n (CVE-2026-44792). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44791 |
|
Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44790 |
|
Vulnerability in n8n (CVE-2026-44790)
vulnerability in n8n (CVE-2026-44790). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44789 |
|
Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44501 |
|
Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
|
| CVE-2026-44503 |
|
Open Redirect in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503)
vulnerability in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-20182 KEV |
|
[KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20209 |
|
Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20209)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20209). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41935 |
|
Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41937 |
|
Vulnerability in CVE-2026-41937 (CVE-2026-41937)
vulnerability in CVE-2026-41937 (CVE-2026-41937). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46443 |
|
Information Disclosure in flowise (CVE-2026-46443)
vulnerability in flowise (CVE-2026-46443). Confidential information can be exposed externally. Exploitable via ``credentialName``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46442 |
|
Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46441 |
|
Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46440 |
|
Vulnerability in flowise (CVE-2026-46440)
vulnerability in flowise (CVE-2026-46440). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-42863 |
|
Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-42862 |
|
Vulnerability in flowise (CVE-2026-42862)
vulnerability in flowise (CVE-2026-42862). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/tools/{toolId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-42861 |
|
Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-4031 |
|
Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
|
| CVE-2026-4029 |
|
Vulnerability in wordpress (CVE-2026-4029)
vulnerability in wordpress (CVE-2026-4029). Confidential information can be exposed externally.
|
| CVE-2026-4030 |
|
Vulnerability in wordpress (CVE-2026-4030)
vulnerability in wordpress (CVE-2026-4030). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45205 |
|
Vulnerability in org.apache.commons:commons-configuration2 (CVE-2026-45205)
vulnerability in org.apache.commons:commons-configuration2 (CVE-2026-45205). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.15.0` or later.
|
| CVE-2026-6512 |
|
Vulnerability in wordpress (CVE-2026-6512)
vulnerability in wordpress (CVE-2026-6512). Confidential information can be exposed externally.
|
| CVE-2026-6504 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6504)
cross-site scripting in wordpress (CVE-2026-6504). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6206 |
|
Vulnerability in wordpress (CVE-2026-6206)
vulnerability in wordpress (CVE-2026-6206). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6514 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6514)
SSRF in wordpress (CVE-2026-6514). Confidential information can be exposed externally.
|
| CVE-2026-6145 |
|
Vulnerability in wordpress (CVE-2026-6145)
vulnerability in wordpress (CVE-2026-6145). Risk of unauthorized operations or information disclosure.
|