Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2017-20253 |
|
SQL Injection in sqli (CVE-2017-20253)
SQL injection in sqli (CVE-2017-20253). Confidential information can be exposed externally.
|
| CVE-2017-20252 |
|
SQL Injection in sqli (CVE-2017-20252)
SQL injection in sqli (CVE-2017-20252). Confidential information can be exposed externally.
|
| CVE-2017-20255 |
|
SQL Injection in sqli (CVE-2017-20255)
SQL injection in sqli (CVE-2017-20255). Confidential information can be exposed externally.
|
| CVE-2017-20254 |
|
SQL Injection in sqli (CVE-2017-20254)
SQL injection in sqli (CVE-2017-20254). Confidential information can be exposed externally.
|
| CVE-2017-20258 |
|
SQL Injection in sqli (CVE-2017-20258)
SQL injection in sqli (CVE-2017-20258). Confidential information can be exposed externally.
|
| CVE-2026-49359 |
|
SSRF (Server-Side Request Forgery) in pontedilana/php-weasyprint (CVE-2026-49359)
SSRF in pontedilana/php-weasyprint (CVE-2026-49359). Confidential information can be exposed externally. Exploitable via ``attachment``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-49290 |
|
Path Traversal in CVE-2026-49290 (CVE-2026-49290)
path traversal in CVE-2026-49290 (CVE-2026-49290). Risk of unauthorized operations or information disclosure. Exploitable via ``zipfile``.
|
| CVE-2026-49287 |
|
Vulnerability in statamic/cms (CVE-2026-49287)
vulnerability in statamic/cms (CVE-2026-49287). Data can be tampered with by attackers. Mitigation: upgrade to `5.73.23` or later.
|
| CVE-2026-49286 |
|
Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-49271 |
|
Out-of-Bounds Read in struktur (CVE-2026-49271)
vulnerability in struktur (CVE-2026-49271). Risk of unauthorized operations or information disclosure.
|
| GHSA-mqq5-j7w8-2hgh |
|
Vulnerability in alchemy_cms (GHSA-mqq5-j7w8-2hgh)
vulnerability in alchemy_cms (GHSA-mqq5-j7w8-2hgh). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/pages/nested`. Mitigation: upgrade to `7.4.15` or later.
|
| GHSA-c3wq-j5vh-68rc |
|
Vulnerability in github.com/gohugoio/hugo (GHSA-c3wq-j5vh-68rc)
vulnerability in github.com/gohugoio/hugo (GHSA-c3wq-j5vh-68rc). Risk of unauthorized operations or information disclosure. Exploitable via ``resources.Get``. Mitigation: upgrade to `0.163.1` or later.
|
| GHSA-q76j-gcg9-vxc6 |
|
Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (GHSA-q76j-gcg9-vxc6)
cross-site scripting in github.com/gohugoio/hugo (GHSA-q76j-gcg9-vxc6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.163.3` or later.
|
| GHSA-9wxg-vf3r-56hc |
|
Code Injection in @openzeppelin/wizard (GHSA-9wxg-vf3r-56hc)
code injection in @openzeppelin/wizard (GHSA-9wxg-vf3r-56hc). Risk of unauthorized operations or information disclosure. Exploitable via ``info.securityContact``. Mitigation: upgrade to `0.10.11` or later.
|
| CVE-2026-49260 |
|
OS Command Injection in pontedilana/php-weasyprint (CVE-2026-49260)
OS command injection in pontedilana/php-weasyprint (CVE-2026-49260). Successful exploitation can lead to full system takeover. Exploitable via ``master``. Mitigation: upgrade to `2.5.1` or later.
|
| GHSA-phwj-rprq-35pp |
|
Use-After-Free in nokogiri (GHSA-phwj-rprq-35pp)
vulnerability in nokogiri (GHSA-phwj-rprq-35pp). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-wfpw-mmfh-qq69 |
|
Use-After-Free in nokogiri (GHSA-wfpw-mmfh-qq69)
vulnerability in nokogiri (GHSA-wfpw-mmfh-qq69). Risk of unauthorized operations or information disclosure. Exploitable via ``xinclude``. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-p67v-3w7g-wjg7 |
|
Use-After-Free in nokogiri (GHSA-p67v-3w7g-wjg7)
vulnerability in nokogiri (GHSA-p67v-3w7g-wjg7). Risk of unauthorized operations or information disclosure. Exploitable via ``XPathContext``. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-wjv4-x9w8-wm3h |
|
Use-After-Free in nokogiri (GHSA-wjv4-x9w8-wm3h)
vulnerability in nokogiri (GHSA-wjv4-x9w8-wm3h). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-5prr-v3j2-97mh |
|
Out-of-Bounds Read in nokogiri (GHSA-5prr-v3j2-97mh)
vulnerability in nokogiri (GHSA-5prr-v3j2-97mh). Risk of unauthorized operations or information disclosure. Exploitable via ``NodeSet``. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-9cv2-cfxc-v4v2 |
|
Vulnerability in nokogiri (GHSA-9cv2-cfxc-v4v2)
vulnerability in nokogiri (GHSA-9cv2-cfxc-v4v2). Risk of unauthorized operations or information disclosure. Exploitable via ``RuntimeError``. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-8678-w3jw-xfc2 |
|
Vulnerability in nokogiri (GHSA-8678-w3jw-xfc2)
vulnerability in nokogiri (GHSA-8678-w3jw-xfc2). Risk of unauthorized operations or information disclosure. Exploitable via ``NONET``. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-5v8h-3h3q-446p |
|
Use-After-Free in nokogiri (GHSA-5v8h-3h3q-446p)
vulnerability in nokogiri (GHSA-5v8h-3h3q-446p). Risk of unauthorized operations or information disclosure. Exploitable via ``String``. Mitigation: upgrade to `1.19.4` or later.
|
| GHSA-q7j3-v8qv-22vq |
|
Vulnerability in github.com/opentofu/opentofu (GHSA-q7j3-v8qv-22vq)
vulnerability in github.com/opentofu/opentofu (GHSA-q7j3-v8qv-22vq). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.12.3` or later.
|
| CVE-2026-52910 |
|
Out-of-Bounds Read in c (CVE-2026-52910)
vulnerability in c (CVE-2026-52910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52909 |
|
Vulnerability in linux (CVE-2026-52909)
vulnerability in linux (CVE-2026-52909). Successful exploitation can lead to full system takeover.
|
| CVE-2023-54353 |
|
Vulnerability in c (CVE-2023-54353)
vulnerability in c (CVE-2023-54353). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21768 |
|
Vulnerability in CVE-2026-21768 (CVE-2026-21768)
vulnerability in CVE-2026-21768 (CVE-2026-21768). Confidential information can be exposed externally.
|
| CVE-2026-52908 |
|
Vulnerability in linux (CVE-2026-52908)
vulnerability in linux (CVE-2026-52908). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71326 |
|
Vulnerability in CVE-2025-71326 (CVE-2025-71326)
vulnerability in CVE-2025-71326 (CVE-2025-71326). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50971 |
|
Vulnerability in malwarebytes (CVE-2022-50971)
vulnerability in malwarebytes (CVE-2022-50971). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37254 |
|
Vulnerability in privilege-escalation (CVE-2020-37254)
vulnerability in privilege-escalation (CVE-2020-37254). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47985 |
|
Vulnerability in CVE-2021-47985 (CVE-2021-47985)
vulnerability in CVE-2021-47985 (CVE-2021-47985). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37253 |
|
Vulnerability in CVE-2020-37253 (CVE-2020-37253)
vulnerability in CVE-2020-37253 (CVE-2020-37253). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25747 |
|
Vulnerability in CVE-2019-25747 (CVE-2019-25747)
vulnerability in CVE-2019-25747 (CVE-2019-25747). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37250 |
|
Vulnerability in CVE-2020-37250 (CVE-2020-37250)
vulnerability in CVE-2020-37250 (CVE-2020-37250). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20094 |
|
Vulnerability in anydesk (CVE-2016-20094)
vulnerability in anydesk (CVE-2016-20094). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20088 |
|
Vulnerability in CVE-2016-20088 (CVE-2016-20088)
vulnerability in CVE-2016-20088 (CVE-2016-20088). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20090 |
|
Vulnerability in privilege-escalation (CVE-2016-20090)
vulnerability in privilege-escalation (CVE-2016-20090). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37251 |
|
Vulnerability in CVE-2020-37251 (CVE-2020-37251)
vulnerability in CVE-2020-37251 (CVE-2020-37251). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20087 |
|
Vulnerability in CVE-2016-20087 (CVE-2016-20087)
vulnerability in CVE-2016-20087 (CVE-2016-20087). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20089 |
|
Vulnerability in CVE-2016-20089 (CVE-2016-20089)
vulnerability in CVE-2016-20089 (CVE-2016-20089). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20092 |
|
Vulnerability in privilege-escalation (CVE-2016-20092)
vulnerability in privilege-escalation (CVE-2016-20092). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20091 |
|
Vulnerability in CVE-2016-20091 (CVE-2016-20091)
vulnerability in CVE-2016-20091 (CVE-2016-20091). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37252 |
|
Vulnerability in CVE-2020-37252 (CVE-2020-37252)
vulnerability in CVE-2020-37252 (CVE-2020-37252). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20093 |
|
Vulnerability in CVE-2016-20093 (CVE-2016-20093)
vulnerability in CVE-2016-20093 (CVE-2016-20093). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20095 |
|
Vulnerability in CVE-2016-20095 (CVE-2016-20095)
vulnerability in CVE-2016-20095 (CVE-2016-20095). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20086 |
|
Vulnerability in CVE-2016-20086 (CVE-2016-20086)
vulnerability in CVE-2016-20086 (CVE-2016-20086). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20085 |
|
Vulnerability in CVE-2016-20085 (CVE-2016-20085)
vulnerability in CVE-2016-20085 (CVE-2016-20085). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49230 |
|
Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.
|