Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-27852 |
|
Cross-Site Scripting (XSS) in garmin (CVE-2025-27852)
cross-site scripting in garmin (CVE-2025-27852). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45053 |
|
Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-45054 |
|
SQL Injection in CVE-2026-45054 (CVE-2026-45054)
SQL injection in CVE-2026-45054 (CVE-2026-45054). Confidential information can be exposed externally. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-45055 |
|
Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
|
| CVE-2026-45708 |
|
Code Injection in CVE-2026-45708 (CVE-2026-45708)
code injection in CVE-2026-45708 (CVE-2026-45708). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.3` or later.
|
| CVE-2026-44376 |
|
Cross-Site Scripting (XSS) in CVE-2026-44376 (CVE-2026-44376)
cross-site scripting in CVE-2026-44376 (CVE-2026-44376). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44377 |
|
Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-42550 |
|
SQL Injection in flightphp/core (CVE-2026-42550)
SQL injection in flightphp/core (CVE-2026-42550). Successful exploitation can lead to full system takeover. Exploitable via ``UPDATE``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42551 |
|
Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42552 |
|
Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42548 |
|
Cross-Site Scripting (XSS) in flightphp/core (CVE-2026-42548)
cross-site scripting in flightphp/core (CVE-2026-42548). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42549 |
|
Path Traversal in flightphp/core (CVE-2026-42549)
path traversal in flightphp/core (CVE-2026-42549). Risk of unauthorized operations or information disclosure. Exploitable via ``b8dd23a``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-0257 KEV |
|
[KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21015 |
|
Vulnerability in samsung (CVE-2026-21015)
vulnerability in samsung (CVE-2026-21015). Confidential information can be exposed externally.
|
| CVE-2026-21016 |
|
Vulnerability in samsung (CVE-2026-21016)
vulnerability in samsung (CVE-2026-21016). Confidential information can be exposed externally.
|
| CVE-2026-8495 |
|
Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
|
| CVE-2026-8493 |
|
Cross-Site Scripting (XSS) in drupal/colorbox_inline (CVE-2026-8493)
cross-site scripting in drupal/colorbox_inline (CVE-2026-8493). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.1` or later.
|
| CVE-2026-8492 |
|
Vulnerability in drupal/gtranslate (CVE-2026-8492)
vulnerability in drupal/gtranslate (CVE-2026-8492). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.5` or later.
|
| CVE-2026-8491 |
|
Vulnerability in drupal/node_view_permissions (CVE-2026-8491)
vulnerability in drupal/node_view_permissions (CVE-2026-8491). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.0, 2.0.1` or later.
|
| CVE-2026-44470 |
|
Vulnerability in privilege-escalation (CVE-2026-44470)
vulnerability in privilege-escalation (CVE-2026-44470). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.3834.0` or later.
|
| CVE-2026-43488 |
|
Vulnerability in linux (CVE-2026-43488)
vulnerability in linux (CVE-2026-43488). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43489 |
|
Vulnerability in linux (CVE-2026-43489)
vulnerability in linux (CVE-2026-43489). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43479 |
|
Vulnerability in c (CVE-2026-43479)
vulnerability in c (CVE-2026-43479). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43480 |
|
Vulnerability in linux (CVE-2026-43480)
vulnerability in linux (CVE-2026-43480). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43481 |
|
Vulnerability in linux (CVE-2026-43481)
vulnerability in linux (CVE-2026-43481). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43482 |
|
Vulnerability in linux (CVE-2026-43482)
vulnerability in linux (CVE-2026-43482). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43483 |
|
Vulnerability in linux (CVE-2026-43483)
vulnerability in linux (CVE-2026-43483). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43484 |
|
Vulnerability in linux (CVE-2026-43484)
vulnerability in linux (CVE-2026-43484). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43485 |
|
Vulnerability in linux (CVE-2026-43485)
vulnerability in linux (CVE-2026-43485). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43486 |
|
Vulnerability in linux (CVE-2026-43486)
vulnerability in linux (CVE-2026-43486). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43487 |
|
Vulnerability in linux (CVE-2026-43487)
vulnerability in linux (CVE-2026-43487). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43476 |
|
Vulnerability in linux (CVE-2026-43476)
vulnerability in linux (CVE-2026-43476). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43477 |
|
Vulnerability in c (CVE-2026-43477)
vulnerability in c (CVE-2026-43477). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43478 |
|
Vulnerability in linux (CVE-2026-43478)
vulnerability in linux (CVE-2026-43478). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42937 |
|
Vulnerability in f5 (CVE-2026-42937)
vulnerability in f5 (CVE-2026-42937). Confidential information can be exposed externally.
|
| CVE-2026-42945 |
|
Vulnerability in nginx (CVE-2026-42945)
vulnerability in nginx (CVE-2026-42945). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42946 |
|
Vulnerability in nginx (CVE-2026-42946)
vulnerability in nginx (CVE-2026-42946). Confidential information can be exposed externally. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42919 |
|
Vulnerability in f5 (CVE-2026-42919)
vulnerability in f5 (CVE-2026-42919). Data can be tampered with by attackers.
|
| CVE-2026-42920 |
|
Vulnerability in f5 (CVE-2026-42920)
vulnerability in f5 (CVE-2026-42920). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42924 |
|
OS Command Injection in privilege-escalation (CVE-2026-42924)
OS command injection in privilege-escalation (CVE-2026-42924). Confidential information can be exposed externally.
|
| CVE-2026-42926 |
|
Vulnerability in nginx (CVE-2026-42926)
vulnerability in nginx (CVE-2026-42926). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42930 |
|
Vulnerability in f5 (CVE-2026-42930)
vulnerability in f5 (CVE-2026-42930). Confidential information can be exposed externally.
|
| CVE-2026-42934 |
|
Out-of-Bounds Read in nginx (CVE-2026-42934)
vulnerability in nginx (CVE-2026-42934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42780 |
|
Path Traversal in path-traversal (CVE-2026-42780)
path traversal in path-traversal (CVE-2026-42780). Data can be tampered with by attackers.
|
| CVE-2026-42781 |
|
Vulnerability in f5 (CVE-2026-42781)
vulnerability in f5 (CVE-2026-42781). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42406 |
|
Vulnerability in f5 (CVE-2026-42406)
vulnerability in f5 (CVE-2026-42406). Confidential information can be exposed externally.
|
| CVE-2026-42408 |
|
Vulnerability in f5 (CVE-2026-42408)
vulnerability in f5 (CVE-2026-42408). Confidential information can be exposed externally.
|
| CVE-2026-42409 |
|
Vulnerability in f5 (CVE-2026-42409)
vulnerability in f5 (CVE-2026-42409). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41959 |
|
Vulnerability in f5 (CVE-2026-41959)
vulnerability in f5 (CVE-2026-41959). Confidential information can be exposed externally.
|
| CVE-2026-42058 |
|
Vulnerability in f5 (CVE-2026-42058)
vulnerability in f5 (CVE-2026-42058). Risk of unauthorized operations or information disclosure.
|