Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46242 |
|
Use-After-Free in linux (CVE-2026-46242)
vulnerability in linux (CVE-2026-46242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7465 |
|
Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9757 |
|
SQL Injection in wordpress (CVE-2026-9757)
SQL injection in wordpress (CVE-2026-9757). Confidential information can be exposed externally.
|
| CVE-2026-7459 |
|
Vulnerability in wordpress (CVE-2026-7459)
vulnerability in wordpress (CVE-2026-7459). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10110 |
|
Vulnerability in sqli (CVE-2026-10110)
vulnerability in sqli (CVE-2026-10110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48840 |
|
Vulnerability in exim (CVE-2026-48840)
vulnerability in exim (CVE-2026-48840). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48810 |
|
Vulnerability in laravel (CVE-2026-48810)
vulnerability in laravel (CVE-2026-48810). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
|
| CVE-2026-48811 |
|
Vulnerability in laravel (CVE-2026-48811)
vulnerability in laravel (CVE-2026-48811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.221` or later.
|
| CVE-2026-47123 |
|
Vulnerability in laravel (CVE-2026-47123)
vulnerability in laravel (CVE-2026-47123). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.220` or later.
|
| CVE-2026-48555 |
|
SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
|
| CVE-2026-48557 |
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
| CVE-2026-45294 |
|
Vulnerability in laravel (CVE-2026-45294)
vulnerability in laravel (CVE-2026-45294). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.219` or later.
|
| CVE-2026-34127 |
|
Cross-Site Scripting (XSS) in tp-link (CVE-2026-34127)
cross-site scripting in tp-link (CVE-2026-34127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49381 |
|
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
|
| CVE-2026-49382 |
|
Vulnerability in jetbrains (CVE-2026-49382)
vulnerability in jetbrains (CVE-2026-49382). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49383 |
|
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
|
| CVE-2026-49384 |
|
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
|
| CVE-2026-49385 |
|
Vulnerability in jetbrains (CVE-2026-49385)
vulnerability in jetbrains (CVE-2026-49385). Data can be tampered with by attackers.
|
| CVE-2026-49386 |
|
Vulnerability in jetbrains (CVE-2026-49386)
vulnerability in jetbrains (CVE-2026-49386). Confidential information can be exposed externally.
|
| CVE-2026-49372 |
|
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1,
2025.11.5 unauthenticated SSRF via build status was possible
|
| CVE-2026-49373 |
|
Vulnerability in jetbrains (CVE-2026-49373)
vulnerability in jetbrains (CVE-2026-49373). Confidential information can be exposed externally.
|
| CVE-2026-49374 |
|
Vulnerability in jetbrains (CVE-2026-49374)
vulnerability in jetbrains (CVE-2026-49374). Confidential information can be exposed externally.
|
| CVE-2026-49375 |
|
Cross-Site Scripting (XSS) in jetbrains (CVE-2026-49375)
cross-site scripting in jetbrains (CVE-2026-49375). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49376 |
|
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
|
| CVE-2026-49377 |
|
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
|
| CVE-2026-49378 |
|
Vulnerability in jetbrains (CVE-2026-49378)
vulnerability in jetbrains (CVE-2026-49378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49379 |
|
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
|
| CVE-2026-49380 |
|
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
|
| CVE-2026-49366 |
|
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
|
| CVE-2026-49367 |
|
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
|
| CVE-2026-49368 |
|
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
|
| CVE-2026-49369 |
|
Authorization Flaw in jetbrains (CVE-2026-49369)
vulnerability in jetbrains (CVE-2026-49369). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49370 |
|
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
|
| CVE-2026-49371 |
|
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
|
| CVE-2026-35630 |
|
Vulnerability in openclaw (CVE-2026-35630)
vulnerability in openclaw (CVE-2026-35630). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.18` or later.
|
| CVE-2026-35673 |
|
Authorization Flaw in ssrf (CVE-2026-35673)
vulnerability in ssrf (CVE-2026-35673). Confidential information can be exposed externally.
|
| CVE-2026-35674 |
|
Authorization Flaw in openclaw (CVE-2026-35674)
vulnerability in openclaw (CVE-2026-35674). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36324 |
|
Cross-Site Scripting (XSS) in CVE-2026-36324 (CVE-2026-36324)
cross-site scripting in CVE-2026-36324 (CVE-2026-36324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39276 |
|
Path Traversal in path-traversal (CVE-2026-39276)
path traversal in path-traversal (CVE-2026-39276). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32905 |
|
Vulnerability in openclaw (CVE-2026-32905)
vulnerability in openclaw (CVE-2026-32905). Confidential information can be exposed externally.
|
| CVE-2026-32906 |
|
Authorization Flaw in privilege-escalation (CVE-2026-32906)
vulnerability in privilege-escalation (CVE-2026-32906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34507 |
|
Authorization Flaw in openclaw (CVE-2026-34507)
vulnerability in openclaw (CVE-2026-34507). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25403 |
|
SQL Injection in sqli (CVE-2018-25403)
SQL injection in sqli (CVE-2018-25403). Confidential information can be exposed externally.
|
| CVE-2018-25404 |
|
SQL Injection in sqli (CVE-2018-25404)
SQL injection in sqli (CVE-2018-25404). Confidential information can be exposed externally.
|
| CVE-2018-25397 |
|
Cross-Site Request Forgery (CSRF) in CVE-2018-25397 (CVE-2018-25397)
vulnerability in CVE-2018-25397 (CVE-2018-25397). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-25398 |
|
SQL Injection in sqli (CVE-2018-25398)
SQL injection in sqli (CVE-2018-25398). Confidential information can be exposed externally.
|
| CVE-2018-25399 |
|
SQL Injection in sqli (CVE-2018-25399)
SQL injection in sqli (CVE-2018-25399). Confidential information can be exposed externally.
|
| CVE-2018-25400 |
|
SQL Injection in sqli (CVE-2018-25400)
SQL injection in sqli (CVE-2018-25400). Confidential information can be exposed externally.
|
| CVE-2018-25401 |
|
SQL Injection in sqli (CVE-2018-25401)
SQL injection in sqli (CVE-2018-25401). Confidential information can be exposed externally.
|
| CVE-2018-25402 |
|
SQL Injection in sqli (CVE-2018-25402)
SQL injection in sqli (CVE-2018-25402). Confidential information can be exposed externally.
|