Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-15024 |
|
Code Injection in CVE-2025-15024 (CVE-2025-15024)
code injection in CVE-2025-15024 (CVE-2025-15024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42897 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
cross-site scripting in Microsoft exchange-server (CVE-2026-42897). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-45011 |
|
Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
|
| CVE-2026-45013 |
|
Vulnerability in apostrophe (CVE-2026-45013)
vulnerability in apostrophe (CVE-2026-45013). Confidential information can be exposed externally. Exploitable via `POST /api/v1/login/reset-request`.
|
| CVE-2026-45012 |
|
SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
|
| CVE-2026-44973 |
|
Path Traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973)
path traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973). Confidential information can be exposed externally. Exploitable via ``osfs.ChrootOS``. Mitigation: upgrade to `5.9.0` or later.
|
| CVE-2026-44511 |
|
Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
|
| CVE-2026-20224 |
|
Vulnerability in cisco (CVE-2026-20224)
vulnerability in cisco (CVE-2026-20224). Confidential information can be exposed externally.
|
| CVE-2026-44883 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44883)
vulnerability in github.com/portainer/portainer (CVE-2026-44883). Successful exploitation can lead to full system takeover. Exploitable via ``Referer``. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44849 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44849)
vulnerability in github.com/portainer/portainer (CVE-2026-44849). Successful exploitation can lead to full system takeover. Exploitable via `POST /services/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44882 |
|
Authorization Flaw in github.com/portainer/portainer (CVE-2026-44882)
vulnerability in github.com/portainer/portainer (CVE-2026-44882). Confidential information can be exposed externally. Exploitable via ``kubeClientMiddleware``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-44850 |
|
Authorization Flaw in github.com/portainer/portainer (CVE-2026-44850)
vulnerability in github.com/portainer/portainer (CVE-2026-44850). Confidential information can be exposed externally. Exploitable via `POST /containers/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44848 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44848)
vulnerability in github.com/portainer/portainer (CVE-2026-44848). Successful exploitation can lead to full system takeover. Exploitable via `POST /plugins/pull`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-46480 |
|
Vulnerability in flowise (CVE-2026-46480)
vulnerability in flowise (CVE-2026-46480). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluators/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46479 |
|
Vulnerability in flowise (CVE-2026-46479)
vulnerability in flowise (CVE-2026-46479). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluations/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46478 |
|
Vulnerability in flowise (CVE-2026-46478)
vulnerability in flowise (CVE-2026-46478). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasetrows/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46477 |
|
Vulnerability in flowise (CVE-2026-46477)
vulnerability in flowise (CVE-2026-46477). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasets/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46476 |
|
Vulnerability in flowise (CVE-2026-46476)
vulnerability in flowise (CVE-2026-46476). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/customtemplates/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46475 |
|
Vulnerability in flowise (CVE-2026-46475)
vulnerability in flowise (CVE-2026-46475). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/assistants/`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46444 |
|
Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-45732 |
|
Vulnerability in n8n (CVE-2026-45732)
vulnerability in n8n (CVE-2026-45732). Confidential information can be exposed externally. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44790 |
|
Vulnerability in n8n (CVE-2026-44790)
vulnerability in n8n (CVE-2026-44790). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-42590 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590). Data can be tampered with by attackers. Exploitable via ``FileName``.
|
| CVE-2026-42591 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591). Confidential information can be exposed externally. Exploitable via `GET /GOTENBERG_SSRF`.
|
| CVE-2026-42594 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594). Risk of unauthorized operations or information disclosure. Exploitable via `GET /version`. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42283 |
|
Information Disclosure in github.com/loft-sh/devspace (CVE-2026-42283)
vulnerability in github.com/loft-sh/devspace (CVE-2026-42283). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.3.21` or later.
|
| CVE-2026-42281 |
|
SSRF (Server-Side Request Forgery) in magicmirror (CVE-2026-42281)
SSRF in magicmirror (CVE-2026-42281). Confidential information can be exposed externally. Exploitable via `GET /cors`. Mitigation: upgrade to `2.36.0` or later.
|
| CVE-2026-40893 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893). Data can be tampered with by attackers. Exploitable via ``FileName``.
|
| CVE-2026-41935 |
|
Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41937 |
|
Vulnerability in CVE-2026-41937 (CVE-2026-41937)
vulnerability in CVE-2026-41937 (CVE-2026-41937). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15025 |
|
Vulnerability in CVE-2025-15025 (CVE-2025-15025)
vulnerability in CVE-2025-15025 (CVE-2025-15025). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24712 |
|
Command Injection in northerntech (CVE-2026-24712)
command injection in northerntech (CVE-2026-24712). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6477 |
|
Vulnerability in postgresql (CVE-2026-6477)
vulnerability in postgresql (CVE-2026-6477). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-6473 |
|
Vulnerability in postgresql (CVE-2026-6473)
vulnerability in postgresql (CVE-2026-6473). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-6479 |
|
Vulnerability in postgresql (CVE-2026-6479)
vulnerability in postgresql (CVE-2026-6479). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-6637 |
|
SQL Injection in postgresql (CVE-2026-6637)
SQL injection in postgresql (CVE-2026-6637). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-6476 |
|
SQL Injection in postgresql (CVE-2026-6476)
SQL injection in postgresql (CVE-2026-6476). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.10.0, 18.4.0` or later.
|
| CVE-2026-6475 |
|
Vulnerability in postgresql (CVE-2026-6475)
vulnerability in postgresql (CVE-2026-6475). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-44375 |
|
Vulnerability in Nerdbank.MessagePack (CVE-2026-44375)
vulnerability in Nerdbank.MessagePack (CVE-2026-44375). Risk of unauthorized operations or information disclosure. Exploitable via ``StackOverflowException``. Mitigation: upgrade to `1.1.62` or later.
|
| CVE-2026-44216 |
|
Vulnerability in wasmtime (CVE-2026-44216)
vulnerability in wasmtime (CVE-2026-44216). Risk of unauthorized operations or information disclosure. Exploitable via ``memory64``. Mitigation: upgrade to `43.0.2` or later.
|
| CVE-2026-42186 |
|
Vulnerability in github.com/openbao/openbao (CVE-2026-42186)
vulnerability in github.com/openbao/openbao (CVE-2026-42186). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.0-20260420173541-6d2e0506e2b4` or later.
|
| CVE-2026-42863 |
|
Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-46356 |
|
Vulnerability in github.com/fleetdm/fleet (CVE-2026-46356)
vulnerability in github.com/fleetdm/fleet (CVE-2026-46356). Data can be tampered with by attackers. Mitigation: upgrade to `4.80.1` or later.
|
| CVE-2026-41249 |
|
Code Injection in coreshop/core-shop (CVE-2026-41249)
code injection in coreshop/core-shop (CVE-2026-41249). Confidential information can be exposed externally. Exploitable via ``pull_request_target``.
|
| CVE-2026-27886 |
|
Path Traversal in @strapi/strapi (CVE-2026-27886)
path traversal in @strapi/strapi (CVE-2026-27886). Confidential information can be exposed externally. Exploitable via `POST /admin/reset-password`. Mitigation: upgrade to `5.37.0` or later.
|
| CVE-2026-4030 |
|
Vulnerability in wordpress (CVE-2026-4030)
vulnerability in wordpress (CVE-2026-4030). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4031 |
|
Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
|
| CVE-2026-4029 |
|
Vulnerability in wordpress (CVE-2026-4029)
vulnerability in wordpress (CVE-2026-4029). Confidential information can be exposed externally.
|
| CVE-2025-12008 |
|
Vulnerability in CVE-2025-12008 (CVE-2025-12008)
vulnerability in CVE-2025-12008 (CVE-2025-12008). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24899 |
|
Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24899)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24899). Confidential information can be exposed externally. Exploitable via ``aud``. Mitigation: upgrade to `4.82.0` or later.
|