Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2026-10260 Vulnerability in sqli (CVE-2026-10260)
vulnerability in sqli (CVE-2026-10260). Risk of unauthorized operations or information disclosure.
CVE-2026-9308 Cross-Site Scripting (XSS) in mozilla (CVE-2026-9308)
cross-site scripting in mozilla (CVE-2026-9308). Risk of unauthorized operations or information disclosure.
CVE-2026-9309 Cross-Site Scripting (XSS) in mozilla (CVE-2026-9309)
cross-site scripting in mozilla (CVE-2026-9309). Risk of unauthorized operations or information disclosure.
CVE-2026-10257 Vulnerability in sqli (CVE-2026-10257)
vulnerability in sqli (CVE-2026-10257). Risk of unauthorized operations or information disclosure.
CVE-2026-10258 Vulnerability in sqli (CVE-2026-10258)
vulnerability in sqli (CVE-2026-10258). Risk of unauthorized operations or information disclosure.
CVE-2026-10251 Vulnerability in sqli (CVE-2026-10251)
vulnerability in sqli (CVE-2026-10251). Risk of unauthorized operations or information disclosure.
CVE-2026-10252 Vulnerability in sqli (CVE-2026-10252)
vulnerability in sqli (CVE-2026-10252). Risk of unauthorized operations or information disclosure.
CVE-2026-10253 Vulnerability in sqli (CVE-2026-10253)
vulnerability in sqli (CVE-2026-10253). Risk of unauthorized operations or information disclosure.
CVE-2026-10255 Vulnerability in CVE-2026-10255 (CVE-2026-10255)
vulnerability in CVE-2026-10255 (CVE-2026-10255). Risk of unauthorized operations or information disclosure.
CVE-2026-10256 Vulnerability in sqli (CVE-2026-10256)
vulnerability in sqli (CVE-2026-10256). Risk of unauthorized operations or information disclosure.
CVE-2026-49328 SSRF (Server-Side Request Forgery) in org.apache.fesod:fesod-sheet (CVE-2026-49328)
SSRF in org.apache.fesod:fesod-sheet (CVE-2026-49328). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.2-incubating` or later.
CVE-2026-10249 Vulnerability in sqli (CVE-2026-10249)
vulnerability in sqli (CVE-2026-10249). Risk of unauthorized operations or information disclosure.
CVE-2026-10250 Vulnerability in sqli (CVE-2026-10250)
vulnerability in sqli (CVE-2026-10250). Risk of unauthorized operations or information disclosure.
CVE-2026-49361 Vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361)
vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.1-incubating` or later.
CVE-2026-48827 Path Traversal in org.apache.sshd:sshd-git (CVE-2026-48827)
path traversal in org.apache.sshd:sshd-git (CVE-2026-48827). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M4` or later.
CVE-2026-48726 Vulnerability in apache-airflow (CVE-2026-48726)
vulnerability in apache-airflow (CVE-2026-48726). Confidential information can be exposed externally. Exploitable via ``FabAuthManager``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-49157 Vulnerability in activemq (CVE-2026-49157)
vulnerability in activemq (CVE-2026-49157). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-49298 Vulnerability in airflow (CVE-2026-49298)
vulnerability in airflow (CVE-2026-49298). Successful exploitation can lead to full system takeover. Exploitable via ``KubernetesExecutor``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-49267 Vulnerability in airflow (CVE-2026-49267)
vulnerability in airflow (CVE-2026-49267). Confidential information can be exposed externally. Exploitable via ``airflow.utils.email``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-49270 Vulnerability in activemq (CVE-2026-49270)
vulnerability in activemq (CVE-2026-49270). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-46605 Vulnerability in activemq (CVE-2026-46605)
vulnerability in activemq (CVE-2026-46605). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-46764 Vulnerability in airflow (CVE-2026-46764)
vulnerability in airflow (CVE-2026-46764). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v2/eventLogs/{event_log_id}`. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-44825 Vulnerability in solr (CVE-2026-44825)
vulnerability in solr (CVE-2026-44825). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.0.0` or later.
CVE-2026-42252 Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-42253 Cross-Site Scripting (XSS) in activemq (CVE-2026-42253)
cross-site scripting in activemq (CVE-2026-42253). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-42358 Information Disclosure in airflow (CVE-2026-42358)
vulnerability in airflow (CVE-2026-42358). Confidential information can be exposed externally. Exploitable via ``password``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-45360 Unsafe Deserialization in apache-airflow (CVE-2026-45360)
vulnerability in apache-airflow (CVE-2026-45360). Risk of unauthorized operations or information disclosure. Exploitable via ``DeadlineReference``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-42359 Unsafe Deserialization in apache-airflow (CVE-2026-42359)
vulnerability in apache-airflow (CVE-2026-42359). Successful exploitation can lead to full system takeover. Exploitable via `PATCH /api/v2/xcomEntries/{key}`. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-45426 Authorization Flaw in apache-airflow (CVE-2026-45426)
vulnerability in apache-airflow (CVE-2026-45426). Risk of unauthorized operations or information disclosure. Exploitable via ``sub``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-42588 Vulnerability in activemq (CVE-2026-42588)
vulnerability in activemq (CVE-2026-42588). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-41084 Vulnerability in apache-airflow (CVE-2026-41084)
vulnerability in apache-airflow (CVE-2026-41084). Data can be tampered with by attackers. Exploitable via `DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-42360 Information Disclosure in apache-airflow (CVE-2026-42360)
vulnerability in apache-airflow (CVE-2026-42360). Confidential information can be exposed externally. Exploitable via ``password``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-45505 Vulnerability in activemq (CVE-2026-45505)
vulnerability in activemq (CVE-2026-45505). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
CVE-2026-40963 Vulnerability in airflow (CVE-2026-40963)
vulnerability in airflow (CVE-2026-40963). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-40861 Vulnerability in apache-airflow (CVE-2026-40861)
vulnerability in apache-airflow (CVE-2026-40861). Confidential information can be exposed externally. Exploitable via ``airflow.cfg``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-40961 Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-41014 Vulnerability in apache-airflow (CVE-2026-41014)
vulnerability in apache-airflow (CVE-2026-41014). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-41017 Vulnerability in apache-airflow (CVE-2026-41017)
vulnerability in apache-airflow (CVE-2026-41017). Confidential information can be exposed externally. Exploitable via ``JWTRefreshMiddleware``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-40548 Unrestricted File Upload in path-traversal (CVE-2026-40548)
vulnerability in path-traversal (CVE-2026-40548). Risk of unauthorized operations or information disclosure.
CVE-2026-10236 Vulnerability in CVE-2026-10236 (CVE-2026-10236)
vulnerability in CVE-2026-10236 (CVE-2026-10236). Risk of unauthorized operations or information disclosure.
CVE-2026-10242 Vulnerability in sqli (CVE-2026-10242)
vulnerability in sqli (CVE-2026-10242). Risk of unauthorized operations or information disclosure.
CVE-2026-10235 Vulnerability in sqli (CVE-2026-10235)
vulnerability in sqli (CVE-2026-10235). Risk of unauthorized operations or information disclosure.
CVE-2026-35563 Vulnerability in org.apache.directory.api:api-ldap-client-api (CVE-2026-35563)
vulnerability in org.apache.directory.api:api-ldap-client-api (CVE-2026-35563). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.8` or later.
CVE-2026-45192 Information Disclosure in apache-airflow (CVE-2026-45192)
vulnerability in apache-airflow (CVE-2026-45192). Confidential information can be exposed externally. Exploitable via ``extra``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-10228 Cross-Site Scripting (XSS) in CVE-2026-10228 (CVE-2026-10228)
cross-site scripting in CVE-2026-10228 (CVE-2026-10228). Risk of unauthorized operations or information disclosure.
CVE-2026-10227 Vulnerability in sqli (CVE-2026-10227)
vulnerability in sqli (CVE-2026-10227). Risk of unauthorized operations or information disclosure.
CVE-2026-10225 Vulnerability in sqli (CVE-2026-10225)
vulnerability in sqli (CVE-2026-10225). Risk of unauthorized operations or information disclosure.
CVE-2026-10226 Vulnerability in sqli (CVE-2026-10226)
vulnerability in sqli (CVE-2026-10226). Risk of unauthorized operations or information disclosure.
CVE-2026-20454 Vulnerability in mediatek (CVE-2026-20454)
vulnerability in mediatek (CVE-2026-20454). Successful exploitation can lead to full system takeover.
CVE-2026-20455 Out-of-Bounds Write in mediatek (CVE-2026-20455)
out-of-bounds write in mediatek (CVE-2026-20455). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →