Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-47311 |
|
Vulnerability in samsung (CVE-2026-47311)
vulnerability in samsung (CVE-2026-47311). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15609 |
|
Vulnerability in wordpress (CVE-2025-15609)
vulnerability in wordpress (CVE-2025-15609). Confidential information can be exposed externally.
|
| CVE-2026-47310 |
|
Use-After-Free in samsung (CVE-2026-47310)
vulnerability in samsung (CVE-2026-47310). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25781 |
|
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
|
| CVE-2026-27648 |
|
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
|
| CVE-2026-24792 |
|
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
|
| CVE-2026-22069 |
|
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
|
| CVE-2026-33232 |
|
Vulnerability in dos (CVE-2026-33232)
vulnerability in dos (CVE-2026-33232). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33233 |
|
Code Injection in deserialization (CVE-2026-33233)
code injection in deserialization (CVE-2026-33233). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32323 |
|
Privilege Escalation in privilege-escalation (CVE-2026-32323)
vulnerability in privilege-escalation (CVE-2026-32323). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30950 |
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
|
| CVE-2026-27891 |
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
|
| CVE-2026-8851 |
|
SQL Injection in sqli (CVE-2026-8851)
SQL injection in sqli (CVE-2026-8851). Confidential information can be exposed externally.
|
| CVE-2026-4137 |
|
Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-47092 |
|
Vulnerability in jarrodwatts (CVE-2026-47092)
vulnerability in jarrodwatts (CVE-2026-47092). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45245 |
|
SSRF (Server-Side Request Forgery) in @steipete/summarize (CVE-2026-45245)
SSRF in @steipete/summarize (CVE-2026-45245). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.1` or later.
|
| CVE-2026-46522 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46520 |
|
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
|
| CVE-2026-45553 |
|
Information Disclosure in nicegui (CVE-2026-45553)
vulnerability in nicegui (CVE-2026-45553). Confidential information can be exposed externally. Exploitable via ``include``. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45686 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45686)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45686). Risk of unauthorized operations or information disclosure. Exploitable via ``set``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45685 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45685)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45685). Risk of unauthorized operations or information disclosure. Exploitable via ``parseOpMessage``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45242 |
|
Vulnerability in @steipete/summarize (CVE-2026-45242)
vulnerability in @steipete/summarize (CVE-2026-45242). Data can be tampered with by attackers. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-45495 |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
| CVE-2026-29962 |
|
Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
|
| CVE-2026-29963 |
|
Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
|
| CVE-2026-45678 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45678)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45678). Risk of unauthorized operations or information disclosure. Exploitable via ``BIND``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-42306 |
|
Vulnerability in github.com/docker/docker (CVE-2026-42306)
vulnerability in github.com/docker/docker (CVE-2026-42306). Data can be tampered with by attackers. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
|
| CVE-2026-41567 |
|
Vulnerability in github.com/moby/moby/v2 (CVE-2026-41567)
vulnerability in github.com/moby/moby/v2 (CVE-2026-41567). Confidential information can be exposed externally. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
|
| CVE-2026-45716 |
|
Privilege Escalation in @budibase/worker (CVE-2026-45716)
vulnerability in @budibase/worker (CVE-2026-45716). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/global/users/onboard`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-45707 |
|
Vulnerability in n8n-mcp (CVE-2026-45707)
vulnerability in n8n-mcp (CVE-2026-45707). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.51.2` or later.
|
| CVE-2026-45327 |
|
Vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327)
vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327). Data can be tampered with by attackers. Exploitable via `POST /webrtc/source-offer`. Mitigation: upgrade to `2.5.0` or later.
|
| CVE-2026-41085 |
|
Privilege Escalation in privilege-escalation (CVE-2026-41085)
vulnerability in privilege-escalation (CVE-2026-41085). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45302 |
|
Vulnerability in parse-nested-form-data (CVE-2026-45302)
vulnerability in parse-nested-form-data (CVE-2026-45302). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-45300 |
|
Information Disclosure in org.asynchttpclient:async-http-client (CVE-2026-45300)
vulnerability in org.asynchttpclient:async-http-client (CVE-2026-45300). Confidential information can be exposed externally. Exploitable via ``Cookie``. Mitigation: upgrade to `2.15.0` or later.
|
| CVE-2026-45298 |
|
SSRF (Server-Side Request Forgery) in github.com/amir20/dozzle (CVE-2026-45298)
SSRF in github.com/amir20/dozzle (CVE-2026-45298). Confidential information can be exposed externally. Exploitable via `POST /api/notifications/test-webhook`.
|
| CVE-2026-46385 |
|
Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader.ReadBlockHeader``. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2026-46384 |
|
Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384). Risk of unauthorized operations or information disclosure. Exploitable via ``int``. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2025-56352 |
|
Vulnerability in dos (CVE-2025-56352)
vulnerability in dos (CVE-2025-56352). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-57282 |
|
ngrok is Vulnerable to Command Injection
ngrok is Vulnerable to Command Injection
|
| CVE-2026-39079 |
|
Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
|
| CVE-2026-26462 |
|
Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45627 |
|
Cross-Site Scripting (XSS) in github.com/getarcaneapp/arcane/backend (CVE-2026-45627)
cross-site scripting in github.com/getarcaneapp/arcane/backend (CVE-2026-45627). Confidential information can be exposed externally. Exploitable via `GET /api/app-images/logo`. Mitigation: upgrade to `1.19.0` or later.
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45609 |
|
SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
SSRF in org.springaicommunity:mcp-client-security (CVE-2026-45609). Risk of unauthorized operations or information disclosure. Exploitable via ``McpOAuth2ClientManager``. Mitigation: upgrade to `0.1.9` or later.
|
| CVE-2026-46510 |
|
Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-42009 |
|
Vulnerability in dos (CVE-2026-42009)
vulnerability in dos (CVE-2026-42009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8788 |
|
Vulnerability in CVE-2026-8788 (CVE-2026-8788)
vulnerability in CVE-2026-8788 (CVE-2026-8788). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6347 |
|
Information Disclosure in github.com/mattermost/mattermost-server (CVE-2026-6347)
vulnerability in github.com/mattermost/mattermost-server (CVE-2026-6347). Confidential information can be exposed externally. Mitigation: upgrade to `11.4.4` or later.
|
| CVE-2026-7498 |
|
Cross-Site Scripting (XSS) in CVE-2026-7498 (CVE-2026-7498)
cross-site scripting in CVE-2026-7498 (CVE-2026-7498). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6346 |
|
Information Disclosure in github.com/mattermost/mattermost/server/v8 (CVE-2026-6346)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-6346). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.0-20260326202606-fac92f4a71f3` or later.
|