Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-47311 Vulnerability in samsung (CVE-2026-47311)
vulnerability in samsung (CVE-2026-47311). Successful exploitation can lead to full system takeover.
CVE-2025-15609 Vulnerability in wordpress (CVE-2025-15609)
vulnerability in wordpress (CVE-2025-15609). Confidential information can be exposed externally.
CVE-2026-47310 Use-After-Free in samsung (CVE-2026-47310)
vulnerability in samsung (CVE-2026-47310). Successful exploitation can lead to full system takeover.
CVE-2026-25781 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
CVE-2026-27648 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
CVE-2026-24792 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
CVE-2026-22069 A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
CVE-2026-33232 Vulnerability in dos (CVE-2026-33232)
vulnerability in dos (CVE-2026-33232). Risk of unauthorized operations or information disclosure.
CVE-2026-33233 Code Injection in deserialization (CVE-2026-33233)
code injection in deserialization (CVE-2026-33233). Successful exploitation can lead to full system takeover.
CVE-2026-32323 Privilege Escalation in privilege-escalation (CVE-2026-32323)
vulnerability in privilege-escalation (CVE-2026-32323). Successful exploitation can lead to full system takeover.
CVE-2026-30950 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
CVE-2026-8851 SQL Injection in sqli (CVE-2026-8851)
SQL injection in sqli (CVE-2026-8851). Confidential information can be exposed externally.
CVE-2026-4137 Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-47092 Vulnerability in jarrodwatts (CVE-2026-47092)
vulnerability in jarrodwatts (CVE-2026-47092). Successful exploitation can lead to full system takeover.
CVE-2026-45245 SSRF (Server-Side Request Forgery) in @steipete/summarize (CVE-2026-45245)
SSRF in @steipete/summarize (CVE-2026-45245). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.1` or later.
CVE-2026-46522 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46520 ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
CVE-2026-45553 Information Disclosure in nicegui (CVE-2026-45553)
vulnerability in nicegui (CVE-2026-45553). Confidential information can be exposed externally. Exploitable via ``include``. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-45686 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45686)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45686). Risk of unauthorized operations or information disclosure. Exploitable via ``set``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45685 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45685)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45685). Risk of unauthorized operations or information disclosure. Exploitable via ``parseOpMessage``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45242 Vulnerability in @steipete/summarize (CVE-2026-45242)
vulnerability in @steipete/summarize (CVE-2026-45242). Data can be tampered with by attackers. Mitigation: upgrade to `0.15.0` or later.
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-29962 Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
CVE-2026-29963 Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
CVE-2026-45678 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45678)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45678). Risk of unauthorized operations or information disclosure. Exploitable via ``BIND``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-42306 Vulnerability in github.com/docker/docker (CVE-2026-42306)
vulnerability in github.com/docker/docker (CVE-2026-42306). Data can be tampered with by attackers. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-41567 Vulnerability in github.com/moby/moby/v2 (CVE-2026-41567)
vulnerability in github.com/moby/moby/v2 (CVE-2026-41567). Confidential information can be exposed externally. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-45716 Privilege Escalation in @budibase/worker (CVE-2026-45716)
vulnerability in @budibase/worker (CVE-2026-45716). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/global/users/onboard`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-45707 Vulnerability in n8n-mcp (CVE-2026-45707)
vulnerability in n8n-mcp (CVE-2026-45707). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.51.2` or later.
CVE-2026-45327 Vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327)
vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327). Data can be tampered with by attackers. Exploitable via `POST /webrtc/source-offer`. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-41085 Privilege Escalation in privilege-escalation (CVE-2026-41085)
vulnerability in privilege-escalation (CVE-2026-41085). Successful exploitation can lead to full system takeover.
CVE-2026-45302 Vulnerability in parse-nested-form-data (CVE-2026-45302)
vulnerability in parse-nested-form-data (CVE-2026-45302). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-45300 Information Disclosure in org.asynchttpclient:async-http-client (CVE-2026-45300)
vulnerability in org.asynchttpclient:async-http-client (CVE-2026-45300). Confidential information can be exposed externally. Exploitable via ``Cookie``. Mitigation: upgrade to `2.15.0` or later.
CVE-2026-45298 SSRF (Server-Side Request Forgery) in github.com/amir20/dozzle (CVE-2026-45298)
SSRF in github.com/amir20/dozzle (CVE-2026-45298). Confidential information can be exposed externally. Exploitable via `POST /api/notifications/test-webhook`.
CVE-2026-46385 Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader.ReadBlockHeader``. Mitigation: upgrade to `2.33.0` or later.
CVE-2026-46384 Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384). Risk of unauthorized operations or information disclosure. Exploitable via ``int``. Mitigation: upgrade to `2.33.0` or later.
CVE-2025-56352 Vulnerability in dos (CVE-2025-56352)
vulnerability in dos (CVE-2025-56352). Risk of unauthorized operations or information disclosure.
CVE-2025-57282 ngrok is Vulnerable to Command Injection
ngrok is Vulnerable to Command Injection
CVE-2026-39079 Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
CVE-2026-26462 Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
CVE-2026-45627 Cross-Site Scripting (XSS) in github.com/getarcaneapp/arcane/backend (CVE-2026-45627)
cross-site scripting in github.com/getarcaneapp/arcane/backend (CVE-2026-45627). Confidential information can be exposed externally. Exploitable via `GET /api/app-images/logo`. Mitigation: upgrade to `1.19.0` or later.
CVE-2026-45135 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
CVE-2026-45609 SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
SSRF in org.springaicommunity:mcp-client-security (CVE-2026-45609). Risk of unauthorized operations or information disclosure. Exploitable via ``McpOAuth2ClientManager``. Mitigation: upgrade to `0.1.9` or later.
CVE-2026-46510 Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-42009 Vulnerability in dos (CVE-2026-42009)
vulnerability in dos (CVE-2026-42009). Risk of unauthorized operations or information disclosure.
CVE-2026-8788 Vulnerability in CVE-2026-8788 (CVE-2026-8788)
vulnerability in CVE-2026-8788 (CVE-2026-8788). Risk of unauthorized operations or information disclosure.
CVE-2026-6347 Information Disclosure in github.com/mattermost/mattermost-server (CVE-2026-6347)
vulnerability in github.com/mattermost/mattermost-server (CVE-2026-6347). Confidential information can be exposed externally. Mitigation: upgrade to `11.4.4` or later.
CVE-2026-7498 Cross-Site Scripting (XSS) in CVE-2026-7498 (CVE-2026-7498)
cross-site scripting in CVE-2026-7498 (CVE-2026-7498). Successful exploitation can lead to full system takeover.
CVE-2026-6346 Information Disclosure in github.com/mattermost/mattermost/server/v8 (CVE-2026-6346)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-6346). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.0-20260326202606-fac92f4a71f3` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →