Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-23998 Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-23998)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-23998). Confidential information can be exposed externally. Mitigation: upgrade to `4.81.0` or later.
CVE-2026-6514 SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-6514)
SSRF in wordpress (CVE-2026-6514). Confidential information can be exposed externally.
CVE-2018-6400 Vulnerability in jvn (CVE-2018-6400)
vulnerability in jvn (CVE-2018-6400). Successful exploitation can lead to full system takeover.
CVE-2026-6506 Vulnerability in wordpress (CVE-2026-6506)
vulnerability in wordpress (CVE-2026-6506). Successful exploitation can lead to full system takeover.
CVE-2026-5395 Vulnerability in wordpress (CVE-2026-5395)
vulnerability in wordpress (CVE-2026-5395). Confidential information can be exposed externally.
CVE-2026-3892 Vulnerability in wordpress (CVE-2026-3892)
vulnerability in wordpress (CVE-2026-3892). Data can be tampered with by attackers.
CVE-2026-3718 Cross-Site Scripting (XSS) in wordpress (CVE-2026-3718)
cross-site scripting in wordpress (CVE-2026-3718). Risk of unauthorized operations or information disclosure.
CVE-2026-7481 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7481)
cross-site scripting in gitlab (CVE-2026-7481). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-7377 Cross-Site Scripting (XSS) in gitlab (CVE-2026-7377)
cross-site scripting in gitlab (CVE-2026-7377). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-1659 Vulnerability in gitlab (CVE-2026-1659)
vulnerability in gitlab (CVE-2026-1659). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-6073 Cross-Site Scripting (XSS) in gitlab (CVE-2026-6073)
cross-site scripting in gitlab (CVE-2026-6073). Confidential information can be exposed externally. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2025-14870 Vulnerability in gitlab (CVE-2025-14870)
vulnerability in gitlab (CVE-2025-14870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-5396 Vulnerability in wordpress (CVE-2026-5396)
vulnerability in wordpress (CVE-2026-5396). Confidential information can be exposed externally. Exploitable via ``form_id``.
CVE-2025-14869 Vulnerability in gitlab (CVE-2025-14869)
vulnerability in gitlab (CVE-2025-14869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
CVE-2026-46445 SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-46446 SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored,...
CVE-2026-46419 Vulnerability in CVE-2026-46419 (CVE-2026-46419)
vulnerability in CVE-2026-46419 (CVE-2026-46419). Successful exploitation can lead to full system takeover.
CVE-2026-46300 Out-of-Bounds Write in Amazon aws (CVE-2026-46300)
out-of-bounds write in Amazon aws (CVE-2026-46300). Successful exploitation can lead to full system takeover.
CVE-2026-32991 Authorization Flaw in CVE-2026-32991 (CVE-2026-32991)
vulnerability in CVE-2026-32991 (CVE-2026-32991). Data can be tampered with by attackers.
CVE-2026-29206 SQL Injection in CVE-2026-29206 (CVE-2026-29206)
SQL injection in CVE-2026-29206 (CVE-2026-29206). Data can be tampered with by attackers. Exploitable via ``sqloptimizer``.
CVE-2026-44471 Vulnerability in gix-fs (CVE-2026-44471)
vulnerability in gix-fs (CVE-2026-44471). Successful exploitation can lead to full system takeover. Exploitable via ``payload``. Mitigation: upgrade to `0.21.1` or later.
CVE-2026-44478 Vulnerability in CVE-2026-44478 (CVE-2026-44478)
vulnerability in CVE-2026-44478 (CVE-2026-44478). Confidential information can be exposed externally. Exploitable via `POST /v1/onboarding/config`. Mitigation: upgrade to `2026.4.0` or later.
CVE-2026-44446 SQL Injection in sqli (CVE-2026-44446)
SQL injection in sqli (CVE-2026-44446). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.104.3` or later.
CVE-2026-44447 SQL Injection in sqli (CVE-2026-44447)
SQL injection in sqli (CVE-2026-44447). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.0` or later.
CVE-2026-44439 SSRF (Server-Side Request Forgery) in PlaywrightCapture (CVE-2026-44439)
SSRF in PlaywrightCapture (CVE-2026-44439). Confidential information can be exposed externally. Mitigation: upgrade to `1.39.6` or later.
CVE-2026-32992 Vulnerability in CVE-2026-32992 (CVE-2026-32992)
vulnerability in CVE-2026-32992 (CVE-2026-32992). Confidential information can be exposed externally.
CVE-2026-32993 Vulnerability in CVE-2026-32993 (CVE-2026-32993)
vulnerability in CVE-2026-32993 (CVE-2026-32993). Risk of unauthorized operations or information disclosure. Exploitable via ``status``.
CVE-2026-42463 Vulnerability in fit2cloud (CVE-2026-42463)
vulnerability in fit2cloud (CVE-2026-42463). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.0` or later.
CVE-2026-29205 Vulnerability in CVE-2026-29205 (CVE-2026-29205)
vulnerability in CVE-2026-29205 (CVE-2026-29205). Confidential information can be exposed externally.
CVE-2026-45229 Vulnerability in CVE-2026-45229 (CVE-2026-45229)
vulnerability in CVE-2026-45229 (CVE-2026-45229). Successful exploitation can lead to full system takeover. Exploitable via `POST /update`.
CVE-2026-33376 Vulnerability in grafana (CVE-2026-33376)
vulnerability in grafana (CVE-2026-33376). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2025-27853 Vulnerability in garmin (CVE-2025-27853)
vulnerability in garmin (CVE-2025-27853). Risk of unauthorized operations or information disclosure.
CVE-2026-33377 Vulnerability in grafana (CVE-2026-33377)
vulnerability in grafana (CVE-2026-33377). Data can be tampered with by attackers. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2025-27850 Vulnerability in garmin (CVE-2025-27850)
vulnerability in garmin (CVE-2025-27850). Confidential information can be exposed externally.
CVE-2026-21821 Vulnerability in CVE-2026-21821 (CVE-2026-21821)
vulnerability in CVE-2026-21821 (CVE-2026-21821). Successful exploitation can lead to full system takeover.
CVE-2026-45055 Vulnerability in CVE-2026-45055 (CVE-2026-45055)
vulnerability in CVE-2026-45055 (CVE-2026-45055). Confidential information can be exposed externally. Exploitable via `POST /index.php`. Mitigation: upgrade to `6.7.2` or later.
CVE-2026-45708 Code Injection in CVE-2026-45708 (CVE-2026-45708)
code injection in CVE-2026-45708 (CVE-2026-45708). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.3` or later.
CVE-2026-44380 Authorization Flaw in misp (CVE-2026-44380)
vulnerability in misp (CVE-2026-44380). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.37` or later.
CVE-2026-42561 Vulnerability in python-multipart (CVE-2026-42561)
vulnerability in python-multipart (CVE-2026-42561). Risk of unauthorized operations or information disclosure. Exploitable via ``MultipartParser``. Mitigation: upgrade to `0.0.27` or later.
CVE-2026-42602 Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602)
vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/extension/azureauthextension (CVE-2026-42602). Data can be tampered with by attackers. Exploitable via `POST /v1/traces`.
CVE-2026-42304 Vulnerability in Twisted (CVE-2026-42304)
vulnerability in Twisted (CVE-2026-42304). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.4.0rc2` or later.
CVE-2026-39358 SQL Injection in sqli (CVE-2026-39358)
SQL injection in sqli (CVE-2026-39358). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.6.0` or later.
CVE-2026-42551 Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-42552 Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-42550 SQL Injection in flightphp/core (CVE-2026-42550)
SQL injection in flightphp/core (CVE-2026-42550). Successful exploitation can lead to full system takeover. Exploitable via ``UPDATE``. Mitigation: upgrade to `3.18.1` or later.
CVE-2026-22599 SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
CVE-2026-42584 Vulnerability in io.netty:netty-codec-http (CVE-2026-42584)
vulnerability in io.netty:netty-codec-http (CVE-2026-42584). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.133.Final` or later.
CVE-2026-42587 Vulnerability in io.netty:netty-codec-http (CVE-2026-42587)
vulnerability in io.netty:netty-codec-http (CVE-2026-42587). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpContentDecompressor``. Mitigation: upgrade to `4.1.133.Final` or later.
CVE-2026-42577 Vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-42577)
vulnerability in io.netty:netty-transport-native-epoll (CVE-2026-42577). Risk of unauthorized operations or information disclosure. Exploitable via ``ALLOW_HALF_CLOSURE``. Mitigation: upgrade to `4.2.13.Final` or later.
CVE-2026-42578 Vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578)
vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.proxy.HttpProxyHandler``. Mitigation: upgrade to `4.2.13.Final` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →