Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-30246 |
|
Vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-30246)
vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-30246). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-41603 |
|
Vulnerability in apache (CVE-2026-41603)
vulnerability in apache (CVE-2026-41603). Confidential information can be exposed externally.
|
| CVE-2026-41604 |
|
Out-of-Bounds Read in apache (CVE-2026-41604)
vulnerability in apache (CVE-2026-41604). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41607 |
|
Out-of-Bounds Read in apache (CVE-2026-41607)
vulnerability in apache (CVE-2026-41607). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41605 |
|
Vulnerability in apache (CVE-2026-41605)
vulnerability in apache (CVE-2026-41605). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41606 |
|
Vulnerability in apache (CVE-2026-41606)
vulnerability in apache (CVE-2026-41606). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-48431 |
|
Vulnerability in apache (CVE-2025-48431)
vulnerability in apache (CVE-2025-48431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41602 |
|
Vulnerability in apache (CVE-2026-41602)
vulnerability in apache (CVE-2026-41602). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40976 |
|
Vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976)
vulnerability in org.springframework.boot:spring-boot (CVE-2026-40976). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.6` or later.
|
| CVE-2026-40974 |
|
Vulnerability in spring (CVE-2026-40974)
vulnerability in spring (CVE-2026-40974). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40975 |
|
Vulnerability in spring (CVE-2026-40975)
vulnerability in spring (CVE-2026-40975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40971 |
|
Vulnerability in spring (CVE-2026-40971)
vulnerability in spring (CVE-2026-40971). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40970 |
|
Vulnerability in spring (CVE-2026-40970)
vulnerability in spring (CVE-2026-40970). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40022 |
|
Vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022)
vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022). Confidential information can be exposed externally. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-27172 |
|
Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33453 |
|
Vulnerability in apache (CVE-2026-33453)
vulnerability in apache (CVE-2026-33453). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40858 |
|
Unsafe Deserialization in apache (CVE-2026-40858)
vulnerability in apache (CVE-2026-40858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33454 |
|
Unsafe Deserialization in apache (CVE-2026-33454)
vulnerability in apache (CVE-2026-33454). Confidential information can be exposed externally.
|
| CVE-2026-40453 |
|
Vulnerability in org.apache.camel:camel-coap (CVE-2026-40453)
vulnerability in org.apache.camel:camel-coap (CVE-2026-40453). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-40860 |
|
Unsafe Deserialization in apache (CVE-2026-40860)
vulnerability in apache (CVE-2026-40860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40048 |
|
Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
|
| CVE-2026-40473 |
|
Unsafe Deserialization in apache (CVE-2026-40473)
vulnerability in apache (CVE-2026-40473). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40466 |
|
Vulnerability in org.apache.activemq:apache-activemq (CVE-2026-40466)
vulnerability in org.apache.activemq:apache-activemq (CVE-2026-40466). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.2.5` or later.
|
| CVE-2026-41044 |
|
Vulnerability in org.apache.activemq:apache-activemq (CVE-2026-41044)
vulnerability in org.apache.activemq:apache-activemq (CVE-2026-41044). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.2.5` or later.
|
| CVE-2026-40542 |
|
Vulnerability in apache (CVE-2026-40542)
vulnerability in apache (CVE-2026-40542). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40575 |
|
Vulnerability in nginx (CVE-2026-40575)
vulnerability in nginx (CVE-2026-40575). Confidential information can be exposed externally. Mitigation: upgrade to `7.15.2` or later.
|
| CVE-2026-33557 |
|
Vulnerability in apache (CVE-2026-33557)
vulnerability in apache (CVE-2026-33557). Confidential information can be exposed externally. Exploitable via ``sasl.oauthbearer.jwt.validator.class``.
|
| CVE-2024-7083 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2024-7083)
cross-site scripting in wordpress (CVE-2024-7083). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40948 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-40948)
vulnerability in apache (CVE-2026-40948). Risk of unauthorized operations or information disclosure. Exploitable via ``state``.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31843 |
|
Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40316 |
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
|
| CVE-2026-33807 |
|
Vulnerability in express (CVE-2026-33807)
vulnerability in express (CVE-2026-33807). Confidential information can be exposed externally.
|
| CVE-2026-33808 |
|
Vulnerability in @fastify/express (CVE-2026-33808)
vulnerability in @fastify/express (CVE-2026-33808). Confidential information can be exposed externally. Exploitable via `GET //admin/dashboard`. Mitigation: upgrade to `4.0.3` or later.
|
| CVE-2026-39304 |
|
Vulnerability in apache (CVE-2026-39304)
vulnerability in apache (CVE-2026-39304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34486 |
|
Vulnerability in tomcat (CVE-2026-34486)
vulnerability in tomcat (CVE-2026-34486). Confidential information can be exposed externally. Mitigation: upgrade to `9.0.117, 10.1.54, 11.0.21` or later.
|
| CVE-2026-29146 |
|
Vulnerability in apache (CVE-2026-29146)
vulnerability in apache (CVE-2026-29146). Confidential information can be exposed externally.
|
| CVE-2026-39976 |
|
Authentication Bypass in laravel (CVE-2026-39976)
authentication bypass in laravel (CVE-2026-39976). Confidential information can be exposed externally. Mitigation: upgrade to `13.7.1` or later.
|
| CVE-2026-23869 |
|
Vulnerability in react (CVE-2026-23869)
vulnerability in react (CVE-2026-23869). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23448 |
|
Vulnerability in express (CVE-2026-23448)
vulnerability in express (CVE-2026-23448). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34531 |
|
Authentication Bypass in Flask-HTTPAuth (CVE-2026-34531)
authentication bypass in Flask-HTTPAuth (CVE-2026-34531). Data can be tampered with by attackers. Exploitable via ``token``. Mitigation: upgrade to `4.8.1` or later.
|
| CVE-2026-28367 |
|
Vulnerability in io.undertow:undertow-parent (CVE-2026-28367)
vulnerability in io.undertow:undertow-parent (CVE-2026-28367). Confidential information can be exposed externally.
|
| CVE-2026-33559 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-33559)
cross-site scripting in wordpress (CVE-2026-33559). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4809 |
|
Unrestricted File Upload in laravel (CVE-2026-4809)
vulnerability in laravel (CVE-2026-4809). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27654 |
|
Vulnerability in nginx (CVE-2026-27654)
vulnerability in nginx (CVE-2026-27654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27784 |
|
Vulnerability in nginx (CVE-2026-27784)
vulnerability in nginx (CVE-2026-27784). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32647 |
|
Out-of-Bounds Read in nginx (CVE-2026-32647)
vulnerability in nginx (CVE-2026-32647). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27651 |
|
Vulnerability in nginx (CVE-2026-27651)
vulnerability in nginx (CVE-2026-27651). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32642 |
|
Authorization Flaw in apache (CVE-2026-32642)
vulnerability in apache (CVE-2026-32642). Risk of unauthorized operations or information disclosure.
|