Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-5524 |
|
Unrestricted File Upload in wordpress (CVE-2026-5524)
vulnerability in wordpress (CVE-2026-5524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48090 |
|
Use-After-Free in dos (CVE-2026-48090)
vulnerability in dos (CVE-2026-48090). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.37.5` or later.
|
| CVE-2026-48706 |
|
Vulnerability in envoyproxy (CVE-2026-48706)
vulnerability in envoyproxy (CVE-2026-48706). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.35.13` or later.
|
| CVE-2026-45556 |
|
Vulnerability in nginx (CVE-2026-45556)
vulnerability in nginx (CVE-2026-45556). Successful exploitation can lead to full system takeover. Exploitable via `POST /waf/`.
|
| CVE-2026-45558 |
|
Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
|
| CVE-2026-40519 |
|
OS Command Injection in nginx (CVE-2026-40519)
OS command injection in nginx (CVE-2026-40519). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-8430 |
|
Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44015 |
|
SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-55752 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|