Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-38581 |
|
SQL Injection in sqli (CVE-2026-38581)
SQL injection in sqli (CVE-2026-38581). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48998 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-48998)
vulnerability in guzzlehttp/psr7 (CVE-2026-48998). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `2.10.2` or later.
|
| CVE-2026-49214 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-49214)
vulnerability in guzzlehttp/psr7 (CVE-2026-49214). Risk of unauthorized operations or information disclosure. Exploitable via ``Uri``. Mitigation: upgrade to `2.10.2` or later.
|
| CVE-2026-9204 |
|
SSRF (Server-Side Request Forgery) in gitlab (CVE-2026-9204)
SSRF in gitlab (CVE-2026-9204). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6976 |
|
Vulnerability in gitlab (CVE-2026-6976)
vulnerability in gitlab (CVE-2026-6976). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-9694 |
|
Vulnerability in gitlab (CVE-2026-9694)
vulnerability in gitlab (CVE-2026-9694). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-7250 |
|
Vulnerability in gitlab (CVE-2026-7250)
vulnerability in gitlab (CVE-2026-7250). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6277 |
|
Authorization Flaw in gitlab (CVE-2026-6277)
vulnerability in gitlab (CVE-2026-6277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-8589 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-8589)
cross-site scripting in gitlab (CVE-2026-8589). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6552 |
|
Vulnerability in gitlab (CVE-2026-6552)
vulnerability in gitlab (CVE-2026-6552). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6269 |
|
Authorization Flaw in gitlab (CVE-2026-6269)
vulnerability in gitlab (CVE-2026-6269). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-3553 |
|
Authorization Flaw in gitlab (CVE-2026-3553)
vulnerability in gitlab (CVE-2026-3553). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-10733 |
|
Vulnerability in gitlab (CVE-2026-10733)
vulnerability in gitlab (CVE-2026-10733). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-1500 |
|
Vulnerability in gitlab (CVE-2026-1500)
vulnerability in gitlab (CVE-2026-1500). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-10087 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-10087)
cross-site scripting in gitlab (CVE-2026-10087). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-41856 |
|
Vulnerability in vmware (CVE-2026-41856)
vulnerability in vmware (CVE-2026-41856). Confidential information can be exposed externally.
|
| CVE-2026-41700 |
|
Vulnerability in vmware (CVE-2026-41700)
vulnerability in vmware (CVE-2026-41700). Confidential information can be exposed externally.
|
| CVE-2026-41699 |
|
Unsafe Deserialization in deserialization (CVE-2026-41699)
vulnerability in deserialization (CVE-2026-41699). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41000 |
|
Vulnerability in c (CVE-2026-41000)
vulnerability in c (CVE-2026-41000). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40996 |
|
Vulnerability in apache (CVE-2026-40996)
vulnerability in apache (CVE-2026-40996). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10795 |
|
Vulnerability in wordpress (CVE-2026-10795)
vulnerability in wordpress (CVE-2026-10795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35273 KEV |
|
[KEV] Vulnerability in Oracle c (CVE-2026-35273)
vulnerability in Oracle c (CVE-2026-35273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-2827 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2827)
cross-site scripting in wordpress (CVE-2026-2827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53460 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-53460)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-53460). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-53461 |
|
Out-of-Bounds Write in Magick.NET-Q16-AnyCPU (CVE-2026-53461)
out-of-bounds write in Magick.NET-Q16-AnyCPU (CVE-2026-53461). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-53462 |
|
Use-After-Free in Magick.NET-Q16-AnyCPU (CVE-2026-53462)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-53462). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-53463 |
|
Vulnerability in imagemagick (CVE-2026-53463)
vulnerability in imagemagick (CVE-2026-53463). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53464 |
|
Vulnerability in imagemagick (CVE-2026-53464)
vulnerability in imagemagick (CVE-2026-53464). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53465 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-53465)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-53465). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-48733 |
|
Vulnerability in imagemagick (CVE-2026-48733)
vulnerability in imagemagick (CVE-2026-48733). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48734 |
|
Vulnerability in imagemagick (CVE-2026-48734)
vulnerability in imagemagick (CVE-2026-48734). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48994 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-48994)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-48994). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-49218 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-49218)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-49218). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-49219 |
|
Path Traversal in Magick.NET-Q16-AnyCPU (CVE-2026-49219)
path traversal in Magick.NET-Q16-AnyCPU (CVE-2026-49219). Confidential information can be exposed externally. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-50223 |
|
Code Injection in apache (CVE-2026-50223)
code injection in apache (CVE-2026-50223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48724 |
|
Out-of-Bounds Write in Magick.NET-Q16-AnyCPU (CVE-2026-48724)
out-of-bounds write in Magick.NET-Q16-AnyCPU (CVE-2026-48724). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-47342 |
|
Vulnerability in apache (CVE-2026-47342)
vulnerability in apache (CVE-2026-47342). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53634 |
|
Vulnerability in code16/sharp (CVE-2026-53634)
vulnerability in code16/sharp (CVE-2026-53634). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.22.3` or later.
|
| CVE-2022-48575 |
|
Authentication Bypass in apple (CVE-2022-48575)
authentication bypass in apple (CVE-2022-48575). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26758 |
|
Vulnerability in apple (CVE-2022-26758)
vulnerability in apple (CVE-2022-26758). Confidential information can be exposed externally.
|
| CVE-2026-1220 |
|
Vulnerability in google (CVE-2026-1220)
vulnerability in google (CVE-2026-1220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48859 |
|
Vulnerability in erlang (CVE-2026-48859)
vulnerability in erlang (CVE-2026-48859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48860 |
|
Authorization Flaw in erlang (CVE-2026-48860)
vulnerability in erlang (CVE-2026-48860). Confidential information can be exposed externally.
|
| CVE-2026-49759 |
|
Vulnerability in c (CVE-2026-49759)
vulnerability in c (CVE-2026-49759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49760 |
|
Vulnerability in c (CVE-2026-49760)
vulnerability in c (CVE-2026-49760). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48858 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48858)
SSRF in ssrf (CVE-2026-48858). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48856 |
|
Open Redirect in erlang (CVE-2026-48856)
vulnerability in erlang (CVE-2026-48856). Confidential information can be exposed externally. Exploitable via `Authorization header`.
|
| CVE-2026-48855 |
|
Information Disclosure in erlang (CVE-2026-48855)
vulnerability in erlang (CVE-2026-48855). Confidential information can be exposed externally.
|
| CVE-2026-45569 |
|
Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
|
| CVE-2026-45565 |
|
Vulnerability in nginx (CVE-2026-45565)
vulnerability in nginx (CVE-2026-45565). Confidential information can be exposed externally.
|