Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45567 |
|
Authentication Bypass in nginx (CVE-2026-45567)
authentication bypass in nginx (CVE-2026-45567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45561 |
|
SSRF (Server-Side Request Forgery) in flask (CVE-2026-45561)
SSRF in flask (CVE-2026-45561). Confidential information can be exposed externally.
|
| CVE-2026-45563 |
|
Vulnerability in nginx (CVE-2026-45563)
vulnerability in nginx (CVE-2026-45563). Risk of unauthorized operations or information disclosure. Exploitable via `GET /history/`.
|
| CVE-2026-45564 |
|
OS Command Injection in c (CVE-2026-45564)
OS command injection in c (CVE-2026-45564). Successful exploitation can lead to full system takeover. Exploitable via `POST /config/versions/`.
|
| CVE-2026-45550 |
|
Vulnerability in nginx (CVE-2026-45550)
vulnerability in nginx (CVE-2026-45550). Data can be tampered with by attackers. Exploitable via `PUT /smon/check`.
|
| CVE-2026-45552 |
|
Vulnerability in nginx (CVE-2026-45552)
vulnerability in nginx (CVE-2026-45552). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45556 |
|
Vulnerability in nginx (CVE-2026-45556)
vulnerability in nginx (CVE-2026-45556). Successful exploitation can lead to full system takeover. Exploitable via `POST /waf/`.
|
| CVE-2026-45558 |
|
Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
|
| CVE-2026-45559 |
|
Vulnerability in nginx (CVE-2026-45559)
vulnerability in nginx (CVE-2026-45559). Confidential information can be exposed externally.
|
| CVE-2026-45560 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-45560)
cross-site scripting in c (CVE-2026-45560). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45549 |
|
Vulnerability in nginx (CVE-2026-45549)
vulnerability in nginx (CVE-2026-45549). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40519 |
|
OS Command Injection in nginx (CVE-2026-40519)
OS command injection in nginx (CVE-2026-40519). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49975 |
|
Vulnerability in apache (CVE-2026-49975)
vulnerability in apache (CVE-2026-49975). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.68` or later.
|
| CVE-2026-43926 |
|
Vulnerability in nginx (CVE-2026-43926)
vulnerability in nginx (CVE-2026-43926). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41017 |
|
Vulnerability in apache-airflow (CVE-2026-41017)
vulnerability in apache-airflow (CVE-2026-41017). Confidential information can be exposed externally. Exploitable via ``JWTRefreshMiddleware``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-9508 |
|
Vulnerability in nginx (CVE-2026-9508)
vulnerability in nginx (CVE-2026-9508). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9256 |
|
Vulnerability in nginx (CVE-2026-9256)
vulnerability in nginx (CVE-2026-9256). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.0, 1.30.2, 1.31.1` or later.
|
| CVE-2026-45692 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692). Risk of unauthorized operations or information disclosure. Exploitable via `GET /config/apps/http/servers/srv/routes/0`. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-8711 |
|
Vulnerability in nginx (CVE-2026-8711)
vulnerability in nginx (CVE-2026-8711). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-41181 |
|
Vulnerability in github.com/traefik/traefik/v2 (CVE-2026-41181)
vulnerability in github.com/traefik/traefik/v2 (CVE-2026-41181). Risk of unauthorized operations or information disclosure. Exploitable via ``errors``. Mitigation: upgrade to `2.11.44` or later.
|
| CVE-2026-46356 |
|
Vulnerability in github.com/fleetdm/fleet (CVE-2026-46356)
vulnerability in github.com/fleetdm/fleet (CVE-2026-46356). Data can be tampered with by attackers. Mitigation: upgrade to `4.80.1` or later.
|
| CVE-2026-42945 |
|
Vulnerability in nginx (CVE-2026-42945)
vulnerability in nginx (CVE-2026-42945). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42946 |
|
Vulnerability in nginx (CVE-2026-42946)
vulnerability in nginx (CVE-2026-42946). Confidential information can be exposed externally. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42926 |
|
Vulnerability in nginx (CVE-2026-42926)
vulnerability in nginx (CVE-2026-42926). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-42934 |
|
Out-of-Bounds Read in nginx (CVE-2026-42934)
vulnerability in nginx (CVE-2026-42934). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-40701 |
|
Use-After-Free in nginx (CVE-2026-40701)
vulnerability in nginx (CVE-2026-40701). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-40460 |
|
Vulnerability in nginx (CVE-2026-40460)
vulnerability in nginx (CVE-2026-40460). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-44774 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-44774)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-44774). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/providers/rest`. Mitigation: upgrade to `3.6.17` or later.
|
| CVE-2026-39806 |
|
Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-44257 |
|
Command Injection in tomcat (CVE-2026-44257)
command injection in tomcat (CVE-2026-44257). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.08.010` or later.
|
| CVE-2026-42268 |
|
Vulnerability in modsecurity (CVE-2026-42268)
vulnerability in modsecurity (CVE-2026-42268). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.15` or later.
|
| CVE-2026-8430 |
|
Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43513 |
|
Vulnerability in tomcat (CVE-2026-43513)
vulnerability in tomcat (CVE-2026-43513). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43514 |
|
Vulnerability in tomcat (CVE-2026-43514)
vulnerability in tomcat (CVE-2026-43514). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43515 |
|
Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41293 |
|
Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-42498 |
|
Information Disclosure in tomcat (CVE-2026-42498)
vulnerability in tomcat (CVE-2026-42498). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43512 |
|
Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41284 |
|
Vulnerability in tomcat (CVE-2026-41284)
vulnerability in tomcat (CVE-2026-41284). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-40075 |
|
Path Traversal in org.openmrs.web:openmrs-web (CVE-2026-40075)
path traversal in org.openmrs.web:openmrs-web (CVE-2026-40075). Confidential information can be exposed externally. Exploitable via ``ModuleResourcesServlet``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-35051 |
|
Vulnerability in traefik (CVE-2026-35051)
vulnerability in traefik (CVE-2026-35051). Confidential information can be exposed externally.
|
| CVE-2026-39858 |
|
Vulnerability in traefik (CVE-2026-39858)
vulnerability in traefik (CVE-2026-39858). Confidential information can be exposed externally.
|
| CVE-2026-40912 |
|
Vulnerability in traefik (CVE-2026-40912)
vulnerability in traefik (CVE-2026-40912). Confidential information can be exposed externally.
|
| CVE-2026-44015 |
|
SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
|
| CVE-2026-40575 |
|
Vulnerability in nginx (CVE-2026-40575)
vulnerability in nginx (CVE-2026-40575). Confidential information can be exposed externally. Mitigation: upgrade to `7.15.2` or later.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33555 |
|
Vulnerability in haproxy (CVE-2026-33555)
vulnerability in haproxy (CVE-2026-33555). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34486 |
|
Vulnerability in tomcat (CVE-2026-34486)
vulnerability in tomcat (CVE-2026-34486). Confidential information can be exposed externally. Mitigation: upgrade to `9.0.117, 10.1.54, 11.0.21` or later.
|
| CVE-2026-29146 |
|
Vulnerability in apache (CVE-2026-29146)
vulnerability in apache (CVE-2026-29146). Confidential information can be exposed externally.
|