Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-54502 Vulnerability in oj (CVE-2026-54502)
vulnerability in oj (CVE-2026-54502). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-49216 Cross-Site Scripting (XSS) in symfony/ux-autocomplete (CVE-2026-49216)
cross-site scripting in symfony/ux-autocomplete (CVE-2026-49216). Risk of unauthorized operations or information disclosure. Exploitable via ``text``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-49215 Cross-Site Request Forgery (CSRF) in symfony/ux-live-component (CVE-2026-49215)
vulnerability in symfony/ux-live-component (CVE-2026-49215). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-49212 Vulnerability in symfony/ux-live-component (CVE-2026-49212)
vulnerability in symfony/ux-live-component (CVE-2026-49212). Risk of unauthorized operations or information disclosure. Exploitable via ``propsFromParent``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-49211 Information Disclosure in symfony/ux-autocomplete (CVE-2026-49211)
vulnerability in symfony/ux-autocomplete (CVE-2026-49211). Risk of unauthorized operations or information disclosure. Exploitable via ``LIKE``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-49210 Cross-Site Scripting (XSS) in symfony/ux-live-component (CVE-2026-49210)
cross-site scripting in symfony/ux-live-component (CVE-2026-49210). Risk of unauthorized operations or information disclosure. Exploitable via ``LiveComponentSubscriber``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-49209 Vulnerability in symfony/ux-live-component (CVE-2026-49209)
vulnerability in symfony/ux-live-component (CVE-2026-49209). Risk of unauthorized operations or information disclosure. Exploitable via ``actions``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-47262 Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-47262)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-47262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.2` or later.
CVE-2026-54899 Use-After-Free in oj (CVE-2026-54899)
vulnerability in oj (CVE-2026-54899). Risk of unauthorized operations or information disclosure. Exploitable via ``symbol_keys``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-49208 Vulnerability in symfony/ux-live-component (CVE-2026-49208)
vulnerability in symfony/ux-live-component (CVE-2026-49208). Risk of unauthorized operations or information disclosure. Exploitable via ``DateTimeInterface``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-23879 Vulnerability in py7zr (CVE-2026-23879)
vulnerability in py7zr (CVE-2026-23879). Successful exploitation can lead to full system takeover. Exploitable via ``py7zr``. Mitigation: upgrade to `1.1.3` or later.
GHSA-9ggv-8w38-r7pm SQL Injection in typeorm (GHSA-9ggv-8w38-r7pm)
SQL injection in typeorm (GHSA-9ggv-8w38-r7pm). Risk of unauthorized operations or information disclosure. Exploitable via ``UpdateQueryBuilder``. Mitigation: upgrade to `0.3.29` or later.
GHSA-r46f-3rpw-hxrv SSRF (Server-Side Request Forgery) in github.com/gohugoio/hugo (GHSA-r46f-3rpw-hxrv)
SSRF in github.com/gohugoio/hugo (GHSA-r46f-3rpw-hxrv). Risk of unauthorized operations or information disclosure. Exploitable via ``security.http.urls``. Mitigation: upgrade to `0.163.1` or later.
CVE-2026-49340 Path Traversal in go.senan.xyz/gonic (CVE-2026-49340)
path traversal in go.senan.xyz/gonic (CVE-2026-49340). Data can be tampered with by attackers. Exploitable via ``ServeCreateOrUpdatePlaylist``. Mitigation: upgrade to `0.21.0` or later.
CVE-2026-49339 Path Traversal in go.senan.xyz/gonic (CVE-2026-49339)
path traversal in go.senan.xyz/gonic (CVE-2026-49339). Data can be tampered with by attackers. Exploitable via ``playlist.UserID``. Mitigation: upgrade to `0.21.0` or later.
CVE-2026-49338 Vulnerability in go.senan.xyz/gonic (CVE-2026-49338)
vulnerability in go.senan.xyz/gonic (CVE-2026-49338). Data can be tampered with by attackers. Exploitable via `GET /rest/deletePlaylist.view`. Mitigation: upgrade to `0.21.0` or later.
CVE-2026-49336 Vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336)
vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.0.0-preview.102` or later.
CVE-2026-49293 Vulnerability in js-toml (CVE-2026-49293)
vulnerability in js-toml (CVE-2026-49293). Risk of unauthorized operations or information disclosure. Exploitable via ``parseBigInt``. Mitigation: upgrade to `1.1.1` or later.
CVE-2026-49291 Vulnerability in mcp-memory-service (CVE-2026-49291)
vulnerability in mcp-memory-service (CVE-2026-49291). Data can be tampered with by attackers. Exploitable via `POST /api/memories`. Mitigation: upgrade to `10.65.3` or later.
CVE-2026-49288 Information Disclosure in statamic/cms (CVE-2026-49288)
vulnerability in statamic/cms (CVE-2026-49288). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.23` or later.
CVE-2019-25758 Unrestricted File Upload in CVE-2019-25758 (CVE-2019-25758)
vulnerability in CVE-2019-25758 (CVE-2019-25758). Successful exploitation can lead to full system takeover.
CVE-2019-25761 SQL Injection in sqli (CVE-2019-25761)
SQL injection in sqli (CVE-2019-25761). Confidential information can be exposed externally.
CVE-2019-25759 SQL Injection in sqli (CVE-2019-25759)
SQL injection in sqli (CVE-2019-25759). Confidential information can be exposed externally.
CVE-2019-25760 Vulnerability in CVE-2019-25760 (CVE-2019-25760)
vulnerability in CVE-2019-25760 (CVE-2019-25760). Confidential information can be exposed externally.
CVE-2019-25762 Vulnerability in CVE-2019-25762 (CVE-2019-25762)
vulnerability in CVE-2019-25762 (CVE-2019-25762). Confidential information can be exposed externally.
CVE-2019-25756 SQL Injection in sqli (CVE-2019-25756)
SQL injection in sqli (CVE-2019-25756). Confidential information can be exposed externally.
CVE-2019-25752 SQL Injection in sqli (CVE-2019-25752)
SQL injection in sqli (CVE-2019-25752). Confidential information can be exposed externally.
CVE-2019-25751 SQL Injection in sqli (CVE-2019-25751)
SQL injection in sqli (CVE-2019-25751). Confidential information can be exposed externally.
CVE-2019-25757 SQL Injection in sqli (CVE-2019-25757)
SQL injection in sqli (CVE-2019-25757). Confidential information can be exposed externally.
CVE-2019-25754 SQL Injection in sqli (CVE-2019-25754)
SQL injection in sqli (CVE-2019-25754). Confidential information can be exposed externally.
CVE-2026-56209 Out-of-Bounds Write in dos (CVE-2026-56209)
out-of-bounds write in dos (CVE-2026-56209). Risk of unauthorized operations or information disclosure.
CVE-2019-25755 SQL Injection in sqli (CVE-2019-25755)
SQL injection in sqli (CVE-2019-25755). Confidential information can be exposed externally.
CVE-2019-25749 SQL Injection in sqli (CVE-2019-25749)
SQL injection in sqli (CVE-2019-25749). Confidential information can be exposed externally.
CVE-2026-51846 Vulnerability in tenda (CVE-2026-51846)
vulnerability in tenda (CVE-2026-51846). Successful exploitation can lead to full system takeover.
CVE-2026-56210 Out-of-Bounds Read in dos (CVE-2026-56210)
vulnerability in dos (CVE-2026-56210). Risk of unauthorized operations or information disclosure.
CVE-2026-51845 Vulnerability in tenda (CVE-2026-51845)
vulnerability in tenda (CVE-2026-51845). Successful exploitation can lead to full system takeover.
CVE-2026-51843 Vulnerability in tenda (CVE-2026-51843)
vulnerability in tenda (CVE-2026-51843). Successful exploitation can lead to full system takeover.
CVE-2026-51844 Vulnerability in tenda (CVE-2026-51844)
vulnerability in tenda (CVE-2026-51844). Successful exploitation can lead to full system takeover.
CVE-2026-56208 Vulnerability in dos (CVE-2026-56208)
vulnerability in dos (CVE-2026-56208). Risk of unauthorized operations or information disclosure.
CVE-2026-56211 Out-of-Bounds Write in CVE-2026-56211 (CVE-2026-56211)
out-of-bounds write in CVE-2026-56211 (CVE-2026-56211). Data can be tampered with by attackers.
CVE-2019-25753 SQL Injection in sqli (CVE-2019-25753)
SQL injection in sqli (CVE-2019-25753). Confidential information can be exposed externally.
CVE-2019-25750 SQL Injection in sqli (CVE-2019-25750)
SQL injection in sqli (CVE-2019-25750). Confidential information can be exposed externally.
CVE-2019-25748 SQL Injection in sqli (CVE-2019-25748)
SQL injection in sqli (CVE-2019-25748). Confidential information can be exposed externally.
CVE-2017-20280 SQL Injection in sqli (CVE-2017-20280)
SQL injection in sqli (CVE-2017-20280). Confidential information can be exposed externally.
CVE-2017-20272 SQL Injection in sqli (CVE-2017-20272)
SQL injection in sqli (CVE-2017-20272). Confidential information can be exposed externally.
CVE-2026-3196 Vulnerability in dos (CVE-2026-3196)
vulnerability in dos (CVE-2026-3196). Risk of unauthorized operations or information disclosure.
CVE-2026-3195 Vulnerability in CVE-2026-3195 (CVE-2026-3195)
vulnerability in CVE-2026-3195 (CVE-2026-3195). Successful exploitation can lead to full system takeover. Exploitable via ``virtio_snd_pcm_in_cb``.
CVE-2017-20278 SQL Injection in sqli (CVE-2017-20278)
SQL injection in sqli (CVE-2017-20278). Confidential information can be exposed externally.
CVE-2017-20273 SQL Injection in sqli (CVE-2017-20273)
SQL injection in sqli (CVE-2017-20273). Confidential information can be exposed externally.
CVE-2017-20277 SQL Injection in sqli (CVE-2017-20277)
SQL injection in sqli (CVE-2017-20277). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →