Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2020-37220 |
|
Vulnerability in CVE-2020-37220 (CVE-2020-37220)
vulnerability in CVE-2020-37220 (CVE-2020-37220). Confidential information can be exposed externally.
|
| CVE-2020-37221 |
|
Vulnerability in CVE-2020-37221 (CVE-2020-37221)
vulnerability in CVE-2020-37221 (CVE-2020-37221). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37218 |
|
SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
|
| CVE-2020-37219 |
|
Path Traversal in path-traversal (CVE-2020-37219)
path traversal in path-traversal (CVE-2020-37219). Confidential information can be exposed externally.
|
| CVE-2020-37224 |
|
SQL Injection in sqli (CVE-2020-37224)
SQL injection in sqli (CVE-2020-37224). Confidential information can be exposed externally.
|
| CVE-2020-37223 |
|
Vulnerability in c (CVE-2020-37223)
vulnerability in c (CVE-2020-37223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45152 |
|
OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
OS command injection in gitlab.com/uniget-org/cli (CVE-2026-45152). Successful exploitation can lead to full system takeover. Exploitable via ``check``. Mitigation: upgrade to `0.27.1` or later.
|
| CVE-2026-45137 |
|
Vulnerability in anchor-lang (CVE-2026-45137)
vulnerability in anchor-lang (CVE-2026-45137). Data can be tampered with by attackers. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-45136 |
|
OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
|
| CVE-2026-44798 |
|
Vulnerability in nautobot (CVE-2026-44798)
vulnerability in nautobot (CVE-2026-44798). Risk of unauthorized operations or information disclosure. Exploitable via ``current_head``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-44797 |
|
SSRF (Server-Side Request Forgery) in nautobot (CVE-2026-44797)
SSRF in nautobot (CVE-2026-44797). Confidential information can be exposed externally. Exploitable via ``Webhook``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-45134 |
|
Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44724 |
|
OS Command Injection in systeminformation (CVE-2026-44724)
OS command injection in systeminformation (CVE-2026-44724). Successful exploitation can lead to full system takeover. Exploitable via ``systeminformation``. Mitigation: upgrade to `5.31.6` or later.
|
| CVE-2026-4609 |
|
Vulnerability in wordpress (CVE-2026-4609)
vulnerability in wordpress (CVE-2026-4609). Data can be tampered with by attackers.
|
| CVE-2026-39806 |
|
Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-37430 |
|
Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39803 |
|
Vulnerability in bandit (CVE-2026-39803)
vulnerability in bandit (CVE-2026-39803). Risk of unauthorized operations or information disclosure. Exploitable via ``Plug.Parsers``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-6177 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3425 |
|
Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35506 |
|
OS Command Injection in CVE-2026-35506 (CVE-2026-35506)
OS command injection in CVE-2026-35506 (CVE-2026-35506). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4798 |
|
SQL Injection in wordpress (CVE-2026-4798)
SQL injection in wordpress (CVE-2026-4798). Confidential information can be exposed externally.
|
| CVE-2026-44612 |
|
Vulnerability in jvn (CVE-2026-44612)
vulnerability in jvn (CVE-2026-44612). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25705 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-25705)
vulnerability in github.com/rancher/rancher (CVE-2026-25705). Successful exploitation can lead to full system takeover. Exploitable via ``compressedEndpoint``. Mitigation: upgrade to `2.11.13` or later.
|
| CVE-2026-6929 |
|
SQL Injection in wordpress (CVE-2026-6929)
SQL injection in wordpress (CVE-2026-6929). Confidential information can be exposed externally.
|
| CVE-2026-21020 |
|
Vulnerability in samsung (CVE-2026-21020)
vulnerability in samsung (CVE-2026-21020). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7635 |
|
Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
|
| CVE-2026-8336 |
|
Use-After-Free in mongodb (CVE-2026-8336)
vulnerability in mongodb (CVE-2026-8336). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.9, 8.3.2` or later.
|
| CVE-2026-8053 |
|
Out-of-Bounds Write in mongodb (CVE-2026-8053)
out-of-bounds write in mongodb (CVE-2026-8053). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.0.33, 6.0.28, 7.0.34, 8.0.23, 8.2.9, 8.3.2` or later.
|
| CVE-2026-6888 |
|
SQL Injection in sqli (CVE-2026-6888)
SQL injection in sqli (CVE-2026-6888). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44697 |
|
Vulnerability in github.com/klever-io/klever-go (CVE-2026-44697)
vulnerability in github.com/klever-io/klever-go (CVE-2026-44697). Risk of unauthorized operations or information disclosure. Exploitable via ``Batch.Decompress``.
|
| CVE-2026-44548 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-44548 (CVE-2026-44548)
vulnerability in CVE-2026-44548 (CVE-2026-44548). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-5371 |
|
Vulnerability in wordpress (CVE-2026-5371)
vulnerability in wordpress (CVE-2026-5371). Confidential information can be exposed externally.
|
| CVE-2026-42289 |
|
Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-43680 |
|
Code Injection in claris (CVE-2026-43680)
code injection in claris (CVE-2026-43680). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43685 |
|
OS Command Injection in claris (CVE-2026-43685)
OS command injection in claris (CVE-2026-43685). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1250 |
|
SQL Injection in wordpress (CVE-2026-1250)
SQL injection in wordpress (CVE-2026-1250). Confidential information can be exposed externally.
|
| CVE-2026-44660 |
|
Vulnerability in ujson (CVE-2026-44660)
vulnerability in ujson (CVE-2026-44660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.12.1` or later.
|
| CVE-2026-44648 |
|
Vulnerability in sillytavern (CVE-2026-44648)
vulnerability in sillytavern (CVE-2026-44648). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/users/change-password`. Mitigation: upgrade to `1.18.0` or later.
|
| CVE-2026-44594 |
|
Path Traversal in github.com/esm-dev/esm.sh (CVE-2026-44594)
path traversal in github.com/esm-dev/esm.sh (CVE-2026-44594). Confidential information can be exposed externally. Exploitable via ``browser``. Mitigation: upgrade to `0.0.0-20250616164159-0593516c4cfa` or later.
|
| CVE-2026-45226 |
|
Authorization Flaw in CVE-2026-45226 (CVE-2026-45226)
vulnerability in CVE-2026-45226 (CVE-2026-45226). Confidential information can be exposed externally.
|
| CVE-2026-45227 |
|
Vulnerability in CVE-2026-45227 (CVE-2026-45227)
vulnerability in CVE-2026-45227 (CVE-2026-45227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8449 |
|
Out-of-Bounds Read in privilege-escalation (CVE-2026-8449)
vulnerability in privilege-escalation (CVE-2026-8449). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44304 |
|
Vulnerability in lemur (CVE-2026-44304)
vulnerability in lemur (CVE-2026-44304). Confidential information can be exposed externally. Exploitable via `POST /auth/login`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-44871 |
|
Command Injection in arubanetworks (CVE-2026-44871)
command injection in arubanetworks (CVE-2026-44871). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45225 |
|
Path Traversal in path-traversal (CVE-2026-45225)
path traversal in path-traversal (CVE-2026-45225). Data can be tampered with by attackers.
|
| CVE-2026-44260 |
|
Authorization Flaw in CVE-2026-44260 (CVE-2026-44260)
vulnerability in CVE-2026-44260 (CVE-2026-44260). Confidential information can be exposed externally. Mitigation: upgrade to `4.08.010` or later.
|
| CVE-2026-44296 |
|
Vulnerability in dos (CVE-2026-44296)
vulnerability in dos (CVE-2026-44296). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.0.167` or later.
|
| CVE-2026-44301 |
|
Path Traversal in github.com/gohugoio/hugo (CVE-2026-44301)
path traversal in github.com/gohugoio/hugo (CVE-2026-44301). Confidential information can be exposed externally. Mitigation: upgrade to `0.161.0` or later.
|
| CVE-2026-44302 |
|
Vulnerability in Snappier (CVE-2026-44302)
vulnerability in Snappier (CVE-2026-44302). Risk of unauthorized operations or information disclosure. Exploitable via ``Snappier.SnappyStream``. Mitigation: upgrade to `1.3.1` or later.
|
| CVE-2026-42855 |
|
Authentication Bypass in espressif (CVE-2026-42855)
authentication bypass in espressif (CVE-2026-42855). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `3.3.8` or later.
|