Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2017-20253 SQL Injection in sqli (CVE-2017-20253)
SQL injection in sqli (CVE-2017-20253). Confidential information can be exposed externally.
CVE-2017-20252 SQL Injection in sqli (CVE-2017-20252)
SQL injection in sqli (CVE-2017-20252). Confidential information can be exposed externally.
CVE-2017-20255 SQL Injection in sqli (CVE-2017-20255)
SQL injection in sqli (CVE-2017-20255). Confidential information can be exposed externally.
CVE-2017-20254 SQL Injection in sqli (CVE-2017-20254)
SQL injection in sqli (CVE-2017-20254). Confidential information can be exposed externally.
CVE-2017-20258 SQL Injection in sqli (CVE-2017-20258)
SQL injection in sqli (CVE-2017-20258). Confidential information can be exposed externally.
CVE-2026-49359 SSRF (Server-Side Request Forgery) in pontedilana/php-weasyprint (CVE-2026-49359)
SSRF in pontedilana/php-weasyprint (CVE-2026-49359). Confidential information can be exposed externally. Exploitable via ``attachment``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-49290 Path Traversal in CVE-2026-49290 (CVE-2026-49290)
path traversal in CVE-2026-49290 (CVE-2026-49290). Risk of unauthorized operations or information disclosure. Exploitable via ``zipfile``.
CVE-2026-49287 Vulnerability in statamic/cms (CVE-2026-49287)
vulnerability in statamic/cms (CVE-2026-49287). Data can be tampered with by attackers. Mitigation: upgrade to `5.73.23` or later.
CVE-2026-49286 Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-49271 Out-of-Bounds Read in struktur (CVE-2026-49271)
vulnerability in struktur (CVE-2026-49271). Risk of unauthorized operations or information disclosure.
GHSA-mqq5-j7w8-2hgh Vulnerability in alchemy_cms (GHSA-mqq5-j7w8-2hgh)
vulnerability in alchemy_cms (GHSA-mqq5-j7w8-2hgh). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/pages/nested`. Mitigation: upgrade to `7.4.15` or later.
GHSA-c3wq-j5vh-68rc Vulnerability in github.com/gohugoio/hugo (GHSA-c3wq-j5vh-68rc)
vulnerability in github.com/gohugoio/hugo (GHSA-c3wq-j5vh-68rc). Risk of unauthorized operations or information disclosure. Exploitable via ``resources.Get``. Mitigation: upgrade to `0.163.1` or later.
GHSA-q76j-gcg9-vxc6 Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (GHSA-q76j-gcg9-vxc6)
cross-site scripting in github.com/gohugoio/hugo (GHSA-q76j-gcg9-vxc6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.163.3` or later.
GHSA-9wxg-vf3r-56hc Code Injection in @openzeppelin/wizard (GHSA-9wxg-vf3r-56hc)
code injection in @openzeppelin/wizard (GHSA-9wxg-vf3r-56hc). Risk of unauthorized operations or information disclosure. Exploitable via ``info.securityContact``. Mitigation: upgrade to `0.10.11` or later.
CVE-2026-49260 OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
GHSA-phwj-rprq-35pp Use-After-Free in nokogiri (GHSA-phwj-rprq-35pp)
vulnerability in nokogiri (GHSA-phwj-rprq-35pp). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
GHSA-wfpw-mmfh-qq69 Use-After-Free in nokogiri (GHSA-wfpw-mmfh-qq69)
vulnerability in nokogiri (GHSA-wfpw-mmfh-qq69). Risk of unauthorized operations or information disclosure. Exploitable via ``xinclude``. Mitigation: upgrade to `1.19.4` or later.
GHSA-p67v-3w7g-wjg7 Use-After-Free in nokogiri (GHSA-p67v-3w7g-wjg7)
vulnerability in nokogiri (GHSA-p67v-3w7g-wjg7). Risk of unauthorized operations or information disclosure. Exploitable via ``XPathContext``. Mitigation: upgrade to `1.19.4` or later.
GHSA-wjv4-x9w8-wm3h Use-After-Free in nokogiri (GHSA-wjv4-x9w8-wm3h)
vulnerability in nokogiri (GHSA-wjv4-x9w8-wm3h). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``. Mitigation: upgrade to `1.19.4` or later.
GHSA-5prr-v3j2-97mh Out-of-Bounds Read in nokogiri (GHSA-5prr-v3j2-97mh)
vulnerability in nokogiri (GHSA-5prr-v3j2-97mh). Risk of unauthorized operations or information disclosure. Exploitable via ``NodeSet``. Mitigation: upgrade to `1.19.4` or later.
GHSA-9cv2-cfxc-v4v2 Vulnerability in nokogiri (GHSA-9cv2-cfxc-v4v2)
vulnerability in nokogiri (GHSA-9cv2-cfxc-v4v2). Risk of unauthorized operations or information disclosure. Exploitable via ``RuntimeError``. Mitigation: upgrade to `1.19.4` or later.
GHSA-8678-w3jw-xfc2 Vulnerability in nokogiri (GHSA-8678-w3jw-xfc2)
vulnerability in nokogiri (GHSA-8678-w3jw-xfc2). Risk of unauthorized operations or information disclosure. Exploitable via ``NONET``. Mitigation: upgrade to `1.19.4` or later.
GHSA-5v8h-3h3q-446p Use-After-Free in nokogiri (GHSA-5v8h-3h3q-446p)
vulnerability in nokogiri (GHSA-5v8h-3h3q-446p). Risk of unauthorized operations or information disclosure. Exploitable via ``String``. Mitigation: upgrade to `1.19.4` or later.
GHSA-q7j3-v8qv-22vq Vulnerability in github.com/opentofu/opentofu (GHSA-q7j3-v8qv-22vq)
vulnerability in github.com/opentofu/opentofu (GHSA-q7j3-v8qv-22vq). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.12.3` or later.
CVE-2026-52910 Out-of-Bounds Read in c (CVE-2026-52910)
vulnerability in c (CVE-2026-52910). Successful exploitation can lead to full system takeover.
CVE-2026-52909 Vulnerability in linux (CVE-2026-52909)
vulnerability in linux (CVE-2026-52909). Successful exploitation can lead to full system takeover.
CVE-2023-54353 Vulnerability in c (CVE-2023-54353)
vulnerability in c (CVE-2023-54353). Successful exploitation can lead to full system takeover.
CVE-2026-21768 Vulnerability in CVE-2026-21768 (CVE-2026-21768)
vulnerability in CVE-2026-21768 (CVE-2026-21768). Confidential information can be exposed externally.
CVE-2026-52908 Vulnerability in linux (CVE-2026-52908)
vulnerability in linux (CVE-2026-52908). Successful exploitation can lead to full system takeover.
CVE-2025-71326 Vulnerability in CVE-2025-71326 (CVE-2025-71326)
vulnerability in CVE-2025-71326 (CVE-2025-71326). Successful exploitation can lead to full system takeover.
CVE-2022-50971 Vulnerability in malwarebytes (CVE-2022-50971)
vulnerability in malwarebytes (CVE-2022-50971). Successful exploitation can lead to full system takeover.
CVE-2020-37254 Vulnerability in privilege-escalation (CVE-2020-37254)
vulnerability in privilege-escalation (CVE-2020-37254). Successful exploitation can lead to full system takeover.
CVE-2021-47985 Vulnerability in CVE-2021-47985 (CVE-2021-47985)
vulnerability in CVE-2021-47985 (CVE-2021-47985). Successful exploitation can lead to full system takeover.
CVE-2020-37253 Vulnerability in CVE-2020-37253 (CVE-2020-37253)
vulnerability in CVE-2020-37253 (CVE-2020-37253). Successful exploitation can lead to full system takeover.
CVE-2019-25747 Vulnerability in CVE-2019-25747 (CVE-2019-25747)
vulnerability in CVE-2019-25747 (CVE-2019-25747). Successful exploitation can lead to full system takeover.
CVE-2020-37250 Vulnerability in CVE-2020-37250 (CVE-2020-37250)
vulnerability in CVE-2020-37250 (CVE-2020-37250). Successful exploitation can lead to full system takeover.
CVE-2016-20094 Vulnerability in anydesk (CVE-2016-20094)
vulnerability in anydesk (CVE-2016-20094). Successful exploitation can lead to full system takeover.
CVE-2016-20088 Vulnerability in CVE-2016-20088 (CVE-2016-20088)
vulnerability in CVE-2016-20088 (CVE-2016-20088). Successful exploitation can lead to full system takeover.
CVE-2016-20090 Vulnerability in privilege-escalation (CVE-2016-20090)
vulnerability in privilege-escalation (CVE-2016-20090). Successful exploitation can lead to full system takeover.
CVE-2020-37251 Vulnerability in CVE-2020-37251 (CVE-2020-37251)
vulnerability in CVE-2020-37251 (CVE-2020-37251). Successful exploitation can lead to full system takeover.
CVE-2016-20087 Vulnerability in CVE-2016-20087 (CVE-2016-20087)
vulnerability in CVE-2016-20087 (CVE-2016-20087). Successful exploitation can lead to full system takeover.
CVE-2016-20089 Vulnerability in CVE-2016-20089 (CVE-2016-20089)
vulnerability in CVE-2016-20089 (CVE-2016-20089). Successful exploitation can lead to full system takeover.
CVE-2016-20092 Vulnerability in privilege-escalation (CVE-2016-20092)
vulnerability in privilege-escalation (CVE-2016-20092). Successful exploitation can lead to full system takeover.
CVE-2016-20091 Vulnerability in CVE-2016-20091 (CVE-2016-20091)
vulnerability in CVE-2016-20091 (CVE-2016-20091). Successful exploitation can lead to full system takeover.
CVE-2020-37252 Vulnerability in CVE-2020-37252 (CVE-2020-37252)
vulnerability in CVE-2020-37252 (CVE-2020-37252). Successful exploitation can lead to full system takeover.
CVE-2016-20093 Vulnerability in CVE-2016-20093 (CVE-2016-20093)
vulnerability in CVE-2016-20093 (CVE-2016-20093). Successful exploitation can lead to full system takeover.
CVE-2016-20095 Vulnerability in CVE-2016-20095 (CVE-2016-20095)
vulnerability in CVE-2016-20095 (CVE-2016-20095). Successful exploitation can lead to full system takeover.
CVE-2016-20086 Vulnerability in CVE-2016-20086 (CVE-2016-20086)
vulnerability in CVE-2016-20086 (CVE-2016-20086). Successful exploitation can lead to full system takeover.
CVE-2016-20085 Vulnerability in CVE-2016-20085 (CVE-2016-20085)
vulnerability in CVE-2016-20085 (CVE-2016-20085). Successful exploitation can lead to full system takeover.
CVE-2026-49230 Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →