Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54652 |
|
Privilege Escalation in nginx (CVE-2026-54652)
vulnerability in nginx (CVE-2026-54652). Confidential information can be exposed externally. Exploitable via `GET /api/logs/{service}`.
|
| CVE-2026-53646 |
|
Vulnerability in nginx (CVE-2026-53646)
vulnerability in nginx (CVE-2026-53646). Risk of unauthorized operations or information disclosure. Exploitable via ``ClientPasswordReset``.
|
| CVE-2026-54765 |
|
Vulnerability in traefik (CVE-2026-54765)
vulnerability in traefik (CVE-2026-54765). Data can be tampered with by attackers.
|
| CVE-2026-54764 |
|
Vulnerability in traefik (CVE-2026-54764)
vulnerability in traefik (CVE-2026-54764). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54763 |
|
Vulnerability in traefik (CVE-2026-54763)
vulnerability in traefik (CVE-2026-54763). Confidential information can be exposed externally.
|
| CVE-2026-58467 |
|
Path Traversal in nginx (CVE-2026-58467)
path traversal in nginx (CVE-2026-58467). Confidential information can be exposed externally.
|
| CVE-2026-5524 |
|
Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58446 |
|
Vulnerability in nginx (CVE-2026-58446)
vulnerability in nginx (CVE-2026-58446). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55957 |
|
Vulnerability in apache (CVE-2026-55957)
vulnerability in apache (CVE-2026-55957). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55276 |
|
Vulnerability in apache (CVE-2026-55276)
vulnerability in apache (CVE-2026-55276). Confidential information can be exposed externally.
|
| CVE-2026-55956 |
|
Vulnerability in apache (CVE-2026-55956)
vulnerability in apache (CVE-2026-55956). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53404 |
|
Vulnerability in apache (CVE-2026-53404)
vulnerability in apache (CVE-2026-53404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50229 |
|
Vulnerability in apache (CVE-2026-50229)
vulnerability in apache (CVE-2026-50229). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53434 |
|
Vulnerability in apache (CVE-2026-53434)
vulnerability in apache (CVE-2026-53434). Confidential information can be exposed externally.
|
| CVE-2026-55955 |
|
Authentication Bypass in apache (CVE-2026-55955)
authentication bypass in apache (CVE-2026-55955). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47220 |
|
Vulnerability in envoyproxy (CVE-2026-47220)
vulnerability in envoyproxy (CVE-2026-47220). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `1.37.5` or later.
|
| CVE-2026-48090 |
|
Use-After-Free in dos (CVE-2026-48090)
vulnerability in dos (CVE-2026-48090). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.37.5` or later.
|
| CVE-2026-47205 |
|
Use-After-Free in envoyproxy (CVE-2026-47205)
vulnerability in envoyproxy (CVE-2026-47205). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.36.9` or later.
|
| CVE-2026-48743 |
|
Vulnerability in envoyproxy (CVE-2026-48743)
vulnerability in envoyproxy (CVE-2026-48743). Data can be tampered with by attackers. Exploitable via `GET /pwn`. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-48706 |
|
Vulnerability in envoyproxy (CVE-2026-48706)
vulnerability in envoyproxy (CVE-2026-48706). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-48497 |
|
Vulnerability in c (CVE-2026-48497)
vulnerability in c (CVE-2026-48497). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-48044 |
|
Vulnerability in dos (CVE-2026-48044)
vulnerability in dos (CVE-2026-48044). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-48042 |
|
Vulnerability in envoyproxy (CVE-2026-48042)
vulnerability in envoyproxy (CVE-2026-48042). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-47778 |
|
Vulnerability in c (CVE-2026-47778)
vulnerability in c (CVE-2026-47778). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-47775 |
|
Vulnerability in envoyproxy (CVE-2026-47775)
vulnerability in envoyproxy (CVE-2026-47775). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-47692 |
|
Vulnerability in envoyproxy (CVE-2026-47692)
vulnerability in envoyproxy (CVE-2026-47692). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-47221 |
|
Vulnerability in dos (CVE-2026-47221)
vulnerability in dos (CVE-2026-47221). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-47207 |
|
Use-After-Free in envoyproxy (CVE-2026-47207)
vulnerability in envoyproxy (CVE-2026-47207). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-47204 |
|
Vulnerability in envoyproxy (CVE-2026-47204)
vulnerability in envoyproxy (CVE-2026-47204). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-54762 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762). Confidential information can be exposed externally. Exploitable via ``digest``. Mitigation: upgrade to `3.7.5` or later.
|
| CVE-2026-55204 |
|
Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55203 |
|
Vulnerability in haproxy (CVE-2026-55203)
vulnerability in haproxy (CVE-2026-55203). Data can be tampered with by attackers.
|
| CVE-2026-50107 |
|
Vulnerability in nginx (CVE-2026-50107)
vulnerability in nginx (CVE-2026-50107). Confidential information can be exposed externally.
|
| CVE-2026-32682 |
|
Vulnerability in nginx (CVE-2026-32682)
vulnerability in nginx (CVE-2026-32682). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42055 |
|
Vulnerability in nginx (CVE-2026-42055)
vulnerability in nginx (CVE-2026-42055). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42530 |
|
Use-After-Free in nginx (CVE-2026-42530)
vulnerability in nginx (CVE-2026-42530). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48142 |
|
Out-of-Bounds Read in nginx (CVE-2026-48142)
vulnerability in nginx (CVE-2026-48142). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11311 |
|
Vulnerability in nginx (CVE-2026-11311)
vulnerability in nginx (CVE-2026-11311). Confidential information can be exposed externally.
|
| CVE-2026-47774 |
|
Vulnerability in dos (CVE-2026-47774)
vulnerability in dos (CVE-2026-47774). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
|
| CVE-2026-54761 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54761)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54761). Confidential information can be exposed externally. Exploitable via ``crossProviderNamespaces``. Mitigation: upgrade to `3.7.5` or later.
|
| CVE-2026-52846 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846). Risk of unauthorized operations or information disclosure. Exploitable via ``stripHTML``. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-52845 |
|
Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-52844 |
|
Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-53622 |
|
Vulnerability in Traefik (CVE-2026-53622)
vulnerability in Traefik (CVE-2026-53622). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-48491 |
|
Vulnerability in Traefik (CVE-2026-48491)
vulnerability in Traefik (CVE-2026-48491). Confidential information can be exposed externally. Exploitable via ``SNICheck``. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-50892 |
|
Vulnerability in nginx (CVE-2026-50892)
vulnerability in nginx (CVE-2026-50892). Confidential information can be exposed externally.
|
| CVE-2026-48020 |
|
Vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020)
vulnerability in github.com/traefik/traefik/v2 (CVE-2026-48020). Confidential information can be exposed externally. Exploitable via `GET /admin`. Mitigation: upgrade to `2.11.48` or later.
|
| CVE-2026-45569 |
|
Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
|
| CVE-2026-45566 |
|
Open Redirect in nginx (CVE-2026-45566)
vulnerability in nginx (CVE-2026-45566). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45567 |
|
Authentication Bypass in nginx (CVE-2026-45567)
authentication bypass in nginx (CVE-2026-45567). Risk of unauthorized operations or information disclosure.
|