Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-21643 KEV |
|
[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2026-21643)
SQL injection in Fortinet forticlient-ems (CVE-2026-21643). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-31413 |
|
Out-of-Bounds Read in linux (CVE-2026-31413)
vulnerability in linux (CVE-2026-31413). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31845 |
|
Cross-Site Scripting (XSS) in CVE-2026-31845 (CVE-2026-31845)
cross-site scripting in CVE-2026-31845 (CVE-2026-31845). Confidential information can be exposed externally.
|
| CVE-2026-33118 |
|
Vulnerability in microsoft (CVE-2026-33118)
vulnerability in microsoft (CVE-2026-33118). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40194 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-40194)
vulnerability in phpseclib/phpseclib (CVE-2026-40194). Risk of unauthorized operations or information disclosure. Exploitable via ``e819a163c``. Mitigation: upgrade to `1.0.28` or later.
|
| CVE-2026-40175 |
|
Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-34481 |
|
Vulnerability in apache (CVE-2026-34481)
vulnerability in apache (CVE-2026-34481). Data can be tampered with by attackers.
|
| CVE-2026-39304 |
|
Vulnerability in apache (CVE-2026-39304)
vulnerability in apache (CVE-2026-39304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31412 |
|
Vulnerability in linux (CVE-2026-31412)
vulnerability in linux (CVE-2026-31412). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5525 |
|
Vulnerability in notepad-plus-plus (CVE-2026-5525)
vulnerability in notepad-plus-plus (CVE-2026-5525). Confidential information can be exposed externally.
|
| CVE-2026-22750 |
|
Vulnerability in vmware (CVE-2026-22750)
vulnerability in vmware (CVE-2026-22750). Data can be tampered with by attackers.
|
| CVE-2026-4482 |
|
Vulnerability in rapid7 (CVE-2026-4482)
vulnerability in rapid7 (CVE-2026-4482). Confidential information can be exposed externally.
|
| CVE-2026-21915 |
|
Vulnerability in juniper (CVE-2026-21915)
vulnerability in juniper (CVE-2026-21915). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39848 |
|
Vulnerability in csrf (CVE-2026-39848)
vulnerability in csrf (CVE-2026-39848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-33788 |
|
Vulnerability in juniper (CVE-2026-33788)
vulnerability in juniper (CVE-2026-33788). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33784 |
|
Vulnerability in juniper (CVE-2026-33784)
vulnerability in juniper (CVE-2026-33784). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33771 |
|
Vulnerability in juniper (CVE-2026-33771)
vulnerability in juniper (CVE-2026-33771). Confidential information can be exposed externally.
|
| CVE-2026-33774 |
|
Vulnerability in juniper (CVE-2026-33774)
vulnerability in juniper (CVE-2026-33774). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21904 |
|
Cross-Site Scripting (XSS) in juniper (CVE-2026-21904)
cross-site scripting in juniper (CVE-2026-21904). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13914 |
|
Vulnerability in juniper (CVE-2025-13914)
vulnerability in juniper (CVE-2025-13914). Confidential information can be exposed externally.
|
| CVE-2026-34486 |
|
Vulnerability in tomcat (CVE-2026-34486)
vulnerability in tomcat (CVE-2026-34486). Confidential information can be exposed externally. Mitigation: upgrade to `9.0.117, 10.1.54, 11.0.21` or later.
|
| CVE-2026-29146 |
|
Vulnerability in apache (CVE-2026-29146)
vulnerability in apache (CVE-2026-29146). Confidential information can be exposed externally.
|
| CVE-2026-1584 |
|
Vulnerability in dos (CVE-2026-1584)
vulnerability in dos (CVE-2026-1584). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62718 |
|
Vulnerability in axios (CVE-2025-62718)
vulnerability in axios (CVE-2025-62718). Confidential information can be exposed externally. Exploitable via ``NO_PROXY``. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-39976 |
|
Authentication Bypass in laravel (CVE-2026-39976)
authentication bypass in laravel (CVE-2026-39976). Confidential information can be exposed externally. Mitigation: upgrade to `13.7.1` or later.
|
| CVE-2026-39962 |
|
Vulnerability in misp-project (CVE-2026-39962)
vulnerability in misp-project (CVE-2026-39962). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.36` or later.
|
| CVE-2026-35204 |
|
Path Traversal in helm (CVE-2026-35204)
path traversal in helm (CVE-2026-35204). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2026-35205 |
|
Vulnerability in helm (CVE-2026-35205)
vulnerability in helm (CVE-2026-35205). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2025-70364 |
|
Code Injection in CVE-2025-70364 (CVE-2025-70364)
code injection in CVE-2025-70364 (CVE-2025-70364). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4116 |
|
Vulnerability in sonicwall (CVE-2026-4116)
vulnerability in sonicwall (CVE-2026-4116). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4112 |
|
SQL Injection in sqli (CVE-2026-4112)
SQL injection in sqli (CVE-2026-4112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4114 |
|
Vulnerability in sonicwall (CVE-2026-4114)
vulnerability in sonicwall (CVE-2026-4114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4113 |
|
Vulnerability in sonicwall (CVE-2026-4113)
vulnerability in sonicwall (CVE-2026-4113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5863 |
|
Vulnerability in google (CVE-2026-5863)
vulnerability in google (CVE-2026-5863). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5911 |
|
Vulnerability in google (CVE-2026-5911)
vulnerability in google (CVE-2026-5911). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5890 |
|
Vulnerability in google (CVE-2026-5890)
vulnerability in google (CVE-2026-5890). Confidential information can be exposed externally.
|
| CVE-2026-5883 |
|
Use-After-Free in google (CVE-2026-5883)
vulnerability in google (CVE-2026-5883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5879 |
|
Vulnerability in google (CVE-2026-5879)
vulnerability in google (CVE-2026-5879). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5865 |
|
Vulnerability in google (CVE-2026-5865)
vulnerability in google (CVE-2026-5865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5867 |
|
Vulnerability in google (CVE-2026-5867)
vulnerability in google (CVE-2026-5867). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5860 |
|
Use-After-Free in google (CVE-2026-5860)
vulnerability in google (CVE-2026-5860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35023 |
|
Vulnerability in wimi-teamwork (CVE-2026-35023)
vulnerability in wimi-teamwork (CVE-2026-35023). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31411 |
|
Vulnerability in linux (CVE-2026-31411)
vulnerability in linux (CVE-2026-31411). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28264 |
|
Vulnerability in dell (CVE-2026-28264)
vulnerability in dell (CVE-2026-28264). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-31789 |
|
Out-of-Bounds Write in openssl (CVE-2026-31789)
out-of-bounds write in openssl (CVE-2026-31789). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28389 |
|
Vulnerability in dos (CVE-2026-28389)
vulnerability in dos (CVE-2026-28389). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28390 |
|
Vulnerability in dos (CVE-2026-28390)
vulnerability in dos (CVE-2026-28390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31790 |
|
Vulnerability in openssl (CVE-2026-31790)
vulnerability in openssl (CVE-2026-31790). Confidential information can be exposed externally.
|
| CVE-2026-28387 |
|
Use-After-Free in openssl (CVE-2026-28387)
vulnerability in openssl (CVE-2026-28387). Successful exploitation can lead to full system takeover.
|