Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42039 |
|
Vulnerability in axios (CVE-2026-42039)
vulnerability in axios (CVE-2026-42039). Risk of unauthorized operations or information disclosure. Exploitable via `POST /forward`. Mitigation: upgrade to `0.31.1` or later.
|
| CVE-2026-38751 |
|
Unrestricted File Upload in devcode-it/openstamanager (CVE-2026-38751)
vulnerability in devcode-it/openstamanager (CVE-2026-38751). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44113 |
|
Vulnerability in openclaw (CVE-2026-44113)
vulnerability in openclaw (CVE-2026-44113). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.22` or later.
|
| CVE-2026-44112 |
|
Vulnerability in openclaw (CVE-2026-44112)
vulnerability in openclaw (CVE-2026-44112). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.22` or later.
|
| CVE-2026-25863 |
|
Vulnerability in wordpress (CVE-2026-25863)
vulnerability in wordpress (CVE-2026-25863). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42027 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-42440 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-42809 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809). Successful exploitation can lead to full system takeover. Exploitable via ``location``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42810 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810). Successful exploitation can lead to full system takeover. Exploitable via ``TABLE_CREATE``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42811 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42812 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812). Successful exploitation can lead to full system takeover. Exploitable via ``write.metadata.path``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-41471 |
|
Vulnerability in wordpress (CVE-2026-41471)
vulnerability in wordpress (CVE-2026-41471). Confidential information can be exposed externally.
|
| CVE-2026-32834 |
|
Vulnerability in wordpress (CVE-2026-32834)
vulnerability in wordpress (CVE-2026-32834). Confidential information can be exposed externally.
|
| CVE-2026-40075 |
|
Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40075)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40075). Confidential information can be exposed externally. Exploitable via ``ModuleResourcesServlet``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-26956 |
|
Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
|
| CVE-2026-24082 |
|
Use-After-Free in qualcomm (CVE-2026-24082)
vulnerability in qualcomm (CVE-2026-24082). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35527 |
|
SSRF (Server-Side Request Forgery) in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527)
SSRF in github.com/lxc/incus/v6/cmd/incusd (CVE-2026-35527). Risk of unauthorized operations or information disclosure. Exploitable via ``restricted.images.servers``. Mitigation: upgrade to `7.0.0` or later.
|
| CVE-2026-42364 |
|
OS Command Injection in geovision (CVE-2026-42364)
OS command injection in geovision (CVE-2026-42364). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42365 |
|
Vulnerability in geovision (CVE-2026-42365)
vulnerability in geovision (CVE-2026-42365). Confidential information can be exposed externally.
|
| CVE-2026-42367 |
|
Vulnerability in c (CVE-2026-42367)
vulnerability in c (CVE-2026-42367). Confidential information can be exposed externally.
|
| CVE-2026-42370 |
|
Out-of-Bounds Write in geovision (CVE-2026-42370)
out-of-bounds write in geovision (CVE-2026-42370). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42368 |
|
Vulnerability in privilege-escalation (CVE-2026-42368)
vulnerability in privilege-escalation (CVE-2026-42368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7161 |
|
Vulnerability in geovision (CVE-2026-7161)
vulnerability in geovision (CVE-2026-7161). Confidential information can be exposed externally.
|
| CVE-2026-43058 |
|
Vulnerability in linux (CVE-2026-43058)
vulnerability in linux (CVE-2026-43058). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42475 |
|
SQL Injection in sqli (CVE-2026-42475)
SQL injection in sqli (CVE-2026-42475). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37503 |
|
Cross-Site Scripting (XSS) in v2board (CVE-2026-37503)
cross-site scripting in v2board (CVE-2026-37503). Confidential information can be exposed externally.
|
| CVE-2026-37504 |
|
Vulnerability in v2board (CVE-2026-37504)
vulnerability in v2board (CVE-2026-37504). Confidential information can be exposed externally. Exploitable via `Referer header`.
|
| CVE-2026-37505 |
|
SQL Injection in sqli (CVE-2026-37505)
SQL injection in sqli (CVE-2026-37505). Confidential information can be exposed externally.
|
| CVE-2026-37552 |
|
Unsafe Deserialization in deserialization (CVE-2026-37552)
vulnerability in deserialization (CVE-2026-37552). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43037 |
|
Out-of-Bounds Write in linux (CVE-2026-43037)
out-of-bounds write in linux (CVE-2026-43037). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43004 |
|
Vulnerability in linux (CVE-2026-43004)
vulnerability in linux (CVE-2026-43004). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43010 |
|
Vulnerability in linux (CVE-2026-43010)
vulnerability in linux (CVE-2026-43010). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31769 |
|
Use-After-Free in linux (CVE-2026-31769)
vulnerability in linux (CVE-2026-31769). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31778 |
|
Out-of-Bounds Read in c (CVE-2026-31778)
vulnerability in c (CVE-2026-31778). Confidential information can be exposed externally.
|
| CVE-2026-31779 |
|
Out-of-Bounds Read in linux (CVE-2026-31779)
vulnerability in linux (CVE-2026-31779). Confidential information can be exposed externally.
|
| CVE-2026-31765 |
|
Vulnerability in linux (CVE-2026-31765)
vulnerability in linux (CVE-2026-31765). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31767 |
|
Vulnerability in linux (CVE-2026-31767)
vulnerability in linux (CVE-2026-31767). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31770 |
|
Vulnerability in linux (CVE-2026-31770)
vulnerability in linux (CVE-2026-31770). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31732 |
|
Vulnerability in linux (CVE-2026-31732)
vulnerability in linux (CVE-2026-31732). Risk of unauthorized operations or information disclosure. Exploitable via ``gdev``.
|
| CVE-2026-43047 |
|
Out-of-Bounds Write in linux (CVE-2026-43047)
out-of-bounds write in linux (CVE-2026-43047). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43052 |
|
Vulnerability in linux (CVE-2026-43052)
vulnerability in linux (CVE-2026-43052). Data can be tampered with by attackers.
|
| CVE-2026-43039 |
|
Vulnerability in linux (CVE-2026-43039)
vulnerability in linux (CVE-2026-43039). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43040 |
|
Vulnerability in linux (CVE-2026-43040)
vulnerability in linux (CVE-2026-43040). Confidential information can be exposed externally.
|
| CVE-2026-43041 |
|
Vulnerability in linux (CVE-2026-43041)
vulnerability in linux (CVE-2026-43041). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43042 |
|
Out-of-Bounds Read in linux (CVE-2026-43042)
vulnerability in linux (CVE-2026-43042). Confidential information can be exposed externally.
|
| CVE-2026-43043 |
|
Vulnerability in linux (CVE-2026-43043)
vulnerability in linux (CVE-2026-43043). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43044 |
|
Vulnerability in linux (CVE-2026-43044)
vulnerability in linux (CVE-2026-43044). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43045 |
|
Vulnerability in linux (CVE-2026-43045)
vulnerability in linux (CVE-2026-43045). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43046 |
|
Vulnerability in c (CVE-2026-43046)
vulnerability in c (CVE-2026-43046). Risk of unauthorized operations or information disclosure.
|