Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Tag: cwe-915 Clear
ID Title
CVE-2026-50281 Vulnerability in craftcms/cms (CVE-2026-50281)
vulnerability in craftcms/cms (CVE-2026-50281). Risk of unauthorized operations or information disclosure. Exploitable via ``newAttributes``. Mitigation: upgrade to `5.9.21` or later.
CVE-2026-55223 Unsafe Deserialization in apache (CVE-2026-55223)
vulnerability in apache (CVE-2026-55223). Risk of unauthorized operations or information disclosure.
CVE-2026-56142 Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
CVE-2026-44494 Vulnerability in axios (CVE-2026-44494)
vulnerability in axios (CVE-2026-44494). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `1.15.0` or later.
CVE-2026-6366 Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-46480 Vulnerability in flowise (CVE-2026-46480)
vulnerability in flowise (CVE-2026-46480). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluators/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46479 Vulnerability in flowise (CVE-2026-46479)
vulnerability in flowise (CVE-2026-46479). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluations/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46478 Vulnerability in flowise (CVE-2026-46478)
vulnerability in flowise (CVE-2026-46478). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasetrows/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46477 Vulnerability in flowise (CVE-2026-46477)
vulnerability in flowise (CVE-2026-46477). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasets/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46476 Vulnerability in flowise (CVE-2026-46476)
vulnerability in flowise (CVE-2026-46476). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/customtemplates/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46475 Vulnerability in flowise (CVE-2026-46475)
vulnerability in flowise (CVE-2026-46475). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/assistants/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46441 Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42863 Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42862 Vulnerability in flowise (CVE-2026-42862)
vulnerability in flowise (CVE-2026-42862). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/tools/{toolId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42861 Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2025-69691 Vulnerability in pfsense (CVE-2025-69691)
vulnerability in pfsense (CVE-2025-69691). Successful exploitation can lead to full system takeover.
CVE-2025-69690 Unsafe Deserialization in deserialization (CVE-2025-69690)
vulnerability in deserialization (CVE-2025-69690). Successful exploitation can lead to full system takeover.
CVE-2026-42264 Vulnerability in axios (CVE-2026-42264)
vulnerability in axios (CVE-2026-42264). Confidential information can be exposed externally. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `1.15.2` or later.
CVE-2026-33453 Vulnerability in apache (CVE-2026-33453)
vulnerability in apache (CVE-2026-33453). Successful exploitation can lead to full system takeover.
CVE-2026-42041 Authentication Bypass in axios (CVE-2026-42041)
authentication bypass in axios (CVE-2026-42041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
CVE-2026-42044 Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
CVE-2026-42033 Vulnerability in axios (CVE-2026-42033)
vulnerability in axios (CVE-2026-42033). Confidential information can be exposed externally. Mitigation: upgrade to `1.15.1` or later.
CVE-2026-40175 Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →