Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2020-37220 Vulnerability in CVE-2020-37220 (CVE-2020-37220)
vulnerability in CVE-2020-37220 (CVE-2020-37220). Confidential information can be exposed externally.
CVE-2020-37221 Vulnerability in CVE-2020-37221 (CVE-2020-37221)
vulnerability in CVE-2020-37221 (CVE-2020-37221). Successful exploitation can lead to full system takeover.
CVE-2020-37218 SQL Injection in sqli (CVE-2020-37218)
SQL injection in sqli (CVE-2020-37218). Confidential information can be exposed externally.
CVE-2020-37219 Path Traversal in path-traversal (CVE-2020-37219)
path traversal in path-traversal (CVE-2020-37219). Confidential information can be exposed externally.
CVE-2020-37224 SQL Injection in sqli (CVE-2020-37224)
SQL injection in sqli (CVE-2020-37224). Confidential information can be exposed externally.
CVE-2020-37223 Vulnerability in c (CVE-2020-37223)
vulnerability in c (CVE-2020-37223). Successful exploitation can lead to full system takeover.
CVE-2026-45152 OS Command Injection in gitlab.com/uniget-org/cli (CVE-2026-45152)
OS command injection in gitlab.com/uniget-org/cli (CVE-2026-45152). Successful exploitation can lead to full system takeover. Exploitable via ``check``. Mitigation: upgrade to `0.27.1` or later.
CVE-2026-45137 Vulnerability in anchor-lang (CVE-2026-45137)
vulnerability in anchor-lang (CVE-2026-45137). Data can be tampered with by attackers. Mitigation: upgrade to `1.0.2` or later.
CVE-2026-45136 OS Command Injection in claude-code-cache-fix (CVE-2026-45136)
OS command injection in claude-code-cache-fix (CVE-2026-45136). Successful exploitation can lead to full system takeover. Exploitable via ``statusLine``. Mitigation: upgrade to `3.5.2` or later.
CVE-2026-44798 Vulnerability in nautobot (CVE-2026-44798)
vulnerability in nautobot (CVE-2026-44798). Risk of unauthorized operations or information disclosure. Exploitable via ``current_head``. Mitigation: upgrade to `2.4.33` or later.
CVE-2026-44797 SSRF (Server-Side Request Forgery) in nautobot (CVE-2026-44797)
SSRF in nautobot (CVE-2026-44797). Confidential information can be exposed externally. Exploitable via ``Webhook``. Mitigation: upgrade to `2.4.33` or later.
CVE-2026-45134 Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-44724 OS Command Injection in systeminformation (CVE-2026-44724)
OS command injection in systeminformation (CVE-2026-44724). Successful exploitation can lead to full system takeover. Exploitable via ``systeminformation``. Mitigation: upgrade to `5.31.6` or later.
CVE-2026-4609 Vulnerability in wordpress (CVE-2026-4609)
vulnerability in wordpress (CVE-2026-4609). Data can be tampered with by attackers.
CVE-2026-39806 Vulnerability in bandit (CVE-2026-39806)
vulnerability in bandit (CVE-2026-39806). Risk of unauthorized operations or information disclosure. Exploitable via ``rest``. Mitigation: upgrade to `1.11.1` or later.
CVE-2026-37430 Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
CVE-2026-39803 Vulnerability in bandit (CVE-2026-39803)
vulnerability in bandit (CVE-2026-39803). Risk of unauthorized operations or information disclosure. Exploitable via ``Plug.Parsers``. Mitigation: upgrade to `1.11.1` or later.
CVE-2026-6177 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6177)
cross-site scripting in wordpress (CVE-2026-6177). Risk of unauthorized operations or information disclosure.
CVE-2026-3425 Vulnerability in wordpress (CVE-2026-3425)
vulnerability in wordpress (CVE-2026-3425). Successful exploitation can lead to full system takeover.
CVE-2026-35506 OS Command Injection in CVE-2026-35506 (CVE-2026-35506)
OS command injection in CVE-2026-35506 (CVE-2026-35506). Successful exploitation can lead to full system takeover.
CVE-2026-4798 SQL Injection in wordpress (CVE-2026-4798)
SQL injection in wordpress (CVE-2026-4798). Confidential information can be exposed externally.
CVE-2026-44612 Vulnerability in jvn (CVE-2026-44612)
vulnerability in jvn (CVE-2026-44612). Successful exploitation can lead to full system takeover.
CVE-2026-25705 Vulnerability in github.com/rancher/rancher (CVE-2026-25705)
vulnerability in github.com/rancher/rancher (CVE-2026-25705). Successful exploitation can lead to full system takeover. Exploitable via ``compressedEndpoint``. Mitigation: upgrade to `2.11.13` or later.
CVE-2026-6929 SQL Injection in wordpress (CVE-2026-6929)
SQL injection in wordpress (CVE-2026-6929). Confidential information can be exposed externally.
CVE-2026-21020 Vulnerability in samsung (CVE-2026-21020)
vulnerability in samsung (CVE-2026-21020). Successful exploitation can lead to full system takeover.
CVE-2026-7635 Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
CVE-2026-8336 Use-After-Free in mongodb (CVE-2026-8336)
vulnerability in mongodb (CVE-2026-8336). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.9, 8.3.2` or later.
CVE-2026-8053 Out-of-Bounds Write in mongodb (CVE-2026-8053)
out-of-bounds write in mongodb (CVE-2026-8053). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.0.33, 6.0.28, 7.0.34, 8.0.23, 8.2.9, 8.3.2` or later.
CVE-2026-6888 SQL Injection in sqli (CVE-2026-6888)
SQL injection in sqli (CVE-2026-6888). Successful exploitation can lead to full system takeover.
CVE-2026-44697 Vulnerability in github.com/klever-io/klever-go (CVE-2026-44697)
vulnerability in github.com/klever-io/klever-go (CVE-2026-44697). Risk of unauthorized operations or information disclosure. Exploitable via ``Batch.Decompress``.
CVE-2026-44548 Cross-Site Request Forgery (CSRF) in CVE-2026-44548 (CVE-2026-44548)
vulnerability in CVE-2026-44548 (CVE-2026-44548). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-5371 Vulnerability in wordpress (CVE-2026-5371)
vulnerability in wordpress (CVE-2026-5371). Confidential information can be exposed externally.
CVE-2026-42289 Privilege Escalation in csrf (CVE-2026-42289)
vulnerability in csrf (CVE-2026-42289). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-43680 Code Injection in claris (CVE-2026-43680)
code injection in claris (CVE-2026-43680). Successful exploitation can lead to full system takeover.
CVE-2026-43685 OS Command Injection in claris (CVE-2026-43685)
OS command injection in claris (CVE-2026-43685). Successful exploitation can lead to full system takeover.
CVE-2026-1250 SQL Injection in wordpress (CVE-2026-1250)
SQL injection in wordpress (CVE-2026-1250). Confidential information can be exposed externally.
CVE-2026-44660 Vulnerability in ujson (CVE-2026-44660)
vulnerability in ujson (CVE-2026-44660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.12.1` or later.
CVE-2026-44648 Vulnerability in sillytavern (CVE-2026-44648)
vulnerability in sillytavern (CVE-2026-44648). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/users/change-password`. Mitigation: upgrade to `1.18.0` or later.
CVE-2026-44594 Path Traversal in github.com/esm-dev/esm.sh (CVE-2026-44594)
path traversal in github.com/esm-dev/esm.sh (CVE-2026-44594). Confidential information can be exposed externally. Exploitable via ``browser``. Mitigation: upgrade to `0.0.0-20250616164159-0593516c4cfa` or later.
CVE-2026-45226 Authorization Flaw in CVE-2026-45226 (CVE-2026-45226)
vulnerability in CVE-2026-45226 (CVE-2026-45226). Confidential information can be exposed externally.
CVE-2026-45227 Vulnerability in CVE-2026-45227 (CVE-2026-45227)
vulnerability in CVE-2026-45227 (CVE-2026-45227). Successful exploitation can lead to full system takeover.
CVE-2026-8449 Out-of-Bounds Read in privilege-escalation (CVE-2026-8449)
vulnerability in privilege-escalation (CVE-2026-8449). Successful exploitation can lead to full system takeover.
CVE-2026-44304 Vulnerability in lemur (CVE-2026-44304)
vulnerability in lemur (CVE-2026-44304). Confidential information can be exposed externally. Exploitable via `POST /auth/login`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-44871 Command Injection in arubanetworks (CVE-2026-44871)
command injection in arubanetworks (CVE-2026-44871). Successful exploitation can lead to full system takeover.
CVE-2026-45225 Path Traversal in path-traversal (CVE-2026-45225)
path traversal in path-traversal (CVE-2026-45225). Data can be tampered with by attackers.
CVE-2026-44260 Authorization Flaw in CVE-2026-44260 (CVE-2026-44260)
vulnerability in CVE-2026-44260 (CVE-2026-44260). Confidential information can be exposed externally. Mitigation: upgrade to `4.08.010` or later.
CVE-2026-44296 Vulnerability in dos (CVE-2026-44296)
vulnerability in dos (CVE-2026-44296). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.0.167` or later.
CVE-2026-44301 Path Traversal in github.com/gohugoio/hugo (CVE-2026-44301)
path traversal in github.com/gohugoio/hugo (CVE-2026-44301). Confidential information can be exposed externally. Mitigation: upgrade to `0.161.0` or later.
CVE-2026-44302 Vulnerability in Snappier (CVE-2026-44302)
vulnerability in Snappier (CVE-2026-44302). Risk of unauthorized operations or information disclosure. Exploitable via ``Snappier.SnappyStream``. Mitigation: upgrade to `1.3.1` or later.
CVE-2026-42855 Authentication Bypass in espressif (CVE-2026-42855)
authentication bypass in espressif (CVE-2026-42855). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `3.3.8` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →