Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8100 |
|
Vulnerability in CVE-2026-8100 (CVE-2026-8100)
vulnerability in CVE-2026-8100 (CVE-2026-8100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54130 |
|
Vulnerability in microsoft (CVE-2026-54130)
vulnerability in microsoft (CVE-2026-54130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49205 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-49205)
vulnerability in thorsten/phpmyfaq (CVE-2026-49205). Confidential information can be exposed externally. Exploitable via `POST /api/v4.0/category`. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2026-47647 |
|
Vulnerability in microsoft (CVE-2026-47647)
vulnerability in microsoft (CVE-2026-47647). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47633 |
|
Information Disclosure in microsoft (CVE-2026-47633)
vulnerability in microsoft (CVE-2026-47633). Confidential information can be exposed externally.
|
| CVE-2026-32174 |
|
Authentication Bypass in microsoft (CVE-2026-32174)
authentication bypass in microsoft (CVE-2026-32174). Data can be tampered with by attackers.
|
| CVE-2026-22674 |
|
Cross-Site Scripting (XSS) in CVE-2026-22674 (CVE-2026-22674)
cross-site scripting in CVE-2026-22674 (CVE-2026-22674). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56099 |
|
Out-of-Bounds Read in c (CVE-2026-56099)
vulnerability in c (CVE-2026-56099). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15661 |
|
Out-of-Bounds Read in c (CVE-2025-15661)
vulnerability in c (CVE-2025-15661). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48937 |
|
Vulnerability in CVE-2026-48937 (CVE-2026-48937)
vulnerability in CVE-2026-48937 (CVE-2026-48937). Risk of unauthorized operations or information disclosure. Exploitable via ``GOAWAY``.
|
| CVE-2026-25865 |
|
Vulnerability in CVE-2026-25865 (CVE-2026-25865)
vulnerability in CVE-2026-25865 (CVE-2026-25865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12390 |
|
Vulnerability in CVE-2026-12390 (CVE-2026-12390)
vulnerability in CVE-2026-12390 (CVE-2026-12390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47833 |
|
Vulnerability in privilege-escalation (CVE-2026-47833)
vulnerability in privilege-escalation (CVE-2026-47833). Confidential information can be exposed externally.
|
| CVE-2026-9692 |
|
Vulnerability in CVE-2026-9692 (CVE-2026-9692)
vulnerability in CVE-2026-9692 (CVE-2026-9692). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55392 |
|
Vulnerability in CVE-2026-55392 (CVE-2026-55392)
vulnerability in CVE-2026-55392 (CVE-2026-55392). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49454 |
|
Authentication Bypass in relyra (CVE-2026-49454)
authentication bypass in relyra (CVE-2026-49454). Confidential information can be exposed externally. Exploitable via ``SignatureValue``. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-49257 |
|
Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-49252 |
|
Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
|
| CVE-2026-49248 |
|
Vulnerability in CVE-2026-49248 (CVE-2026-49248)
vulnerability in CVE-2026-49248 (CVE-2026-49248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46699 |
|
Vulnerability in CVE-2026-46699 (CVE-2026-46699)
vulnerability in CVE-2026-46699 (CVE-2026-46699). Data can be tampered with by attackers.
|
| CVE-2026-45696 |
|
Vulnerability in dos (CVE-2026-45696)
vulnerability in dos (CVE-2026-45696). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44663 |
|
Vulnerability in cpp (CVE-2026-44663)
vulnerability in cpp (CVE-2026-44663). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43994 |
|
Vulnerability in coturn-project (CVE-2026-43994)
vulnerability in coturn-project (CVE-2026-43994). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55591 |
|
SSRF (Server-Side Request Forgery) in signalk-server (CVE-2026-55591)
SSRF in signalk-server (CVE-2026-55591). Risk of unauthorized operations or information disclosure. Exploitable via ``host``. Mitigation: upgrade to `2.28.0` or later.
|
| GHSA-5739-39v2-5754 |
|
Vulnerability in web-token/jwt-library (GHSA-5739-39v2-5754)
vulnerability in web-token/jwt-library (GHSA-5739-39v2-5754). Risk of unauthorized operations or information disclosure. Exploitable via ``RSA1_5``. Mitigation: upgrade to `4.1.7` or later.
|
| GHSA-jc38-x7x8-2xc8 |
|
Vulnerability in web-token/jwt-framework (GHSA-jc38-x7x8-2xc8)
vulnerability in web-token/jwt-framework (GHSA-jc38-x7x8-2xc8). Risk of unauthorized operations or information disclosure. Exploitable via ``alg``. Mitigation: upgrade to `4.1.7` or later.
|
| GHSA-3prj-6hqw-cm82 |
|
Vulnerability in web-token/jwt-library (GHSA-3prj-6hqw-cm82)
vulnerability in web-token/jwt-library (GHSA-3prj-6hqw-cm82). Risk of unauthorized operations or information disclosure. Exploitable via ``p2c``. Mitigation: upgrade to `4.1.7` or later.
|
| GHSA-6vvh-pxr4-25r7 |
|
Vulnerability in web-token/jwt-experimental (GHSA-6vvh-pxr4-25r7)
vulnerability in web-token/jwt-experimental (GHSA-6vvh-pxr4-25r7). Risk of unauthorized operations or information disclosure. Exploitable via ``Chacha20Poly1305``. Mitigation: upgrade to `4.1.7` or later.
|
| GHSA-2jx3-65f3-xr8r |
|
Vulnerability in spomky-labs/otphp (GHSA-2jx3-65f3-xr8r)
vulnerability in spomky-labs/otphp (GHSA-2jx3-65f3-xr8r). Risk of unauthorized operations or information disclosure. Exploitable via ``parameters``. Mitigation: upgrade to `11.4.3` or later.
|
| GHSA-g7m4-839x-ch6v |
|
Vulnerability in spomky-labs/otphp (GHSA-g7m4-839x-ch6v)
vulnerability in spomky-labs/otphp (GHSA-g7m4-839x-ch6v). Risk of unauthorized operations or information disclosure. Exploitable via ``digits``. Mitigation: upgrade to `11.4.3` or later.
|
| CVE-2026-0755 |
|
OS Command Injection in gemini-mcp-tool (CVE-2026-0755)
OS command injection in gemini-mcp-tool (CVE-2026-0755). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.6` or later.
|
| CVE-2026-48983 |
|
Vulnerability in CVE-2026-48983 (CVE-2026-48983)
vulnerability in CVE-2026-48983 (CVE-2026-48983). Confidential information can be exposed externally.
|
| CVE-2026-48982 |
|
Vulnerability in CVE-2026-48982 (CVE-2026-48982)
vulnerability in CVE-2026-48982 (CVE-2026-48982). Data can be tampered with by attackers.
|
| CVE-2026-48981 |
|
XXE (XML External Entity) in CVE-2026-48981 (CVE-2026-48981)
vulnerability in CVE-2026-48981 (CVE-2026-48981). Confidential information can be exposed externally.
|
| CVE-2026-48980 |
|
Vulnerability in CVE-2026-48980 (CVE-2026-48980)
vulnerability in CVE-2026-48980 (CVE-2026-48980). Confidential information can be exposed externally.
|
| CVE-2026-48716 |
|
Path Traversal in CVE-2026-48716 (CVE-2026-48716)
path traversal in CVE-2026-48716 (CVE-2026-48716). Data can be tampered with by attackers.
|
| CVE-2026-47847 |
|
Vulnerability in CVE-2026-47847 (CVE-2026-47847)
vulnerability in CVE-2026-47847 (CVE-2026-47847). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47846 |
|
Vulnerability in CVE-2026-47846 (CVE-2026-47846)
vulnerability in CVE-2026-47846 (CVE-2026-47846). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43915 |
|
Cross-Site Scripting (XSS) in coturn-project (CVE-2026-43915)
cross-site scripting in coturn-project (CVE-2026-43915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2842 |
|
Vulnerability in CVE-2026-2842 (CVE-2026-2842)
vulnerability in CVE-2026-2842 (CVE-2026-2842). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54390 |
|
Vulnerability in CVE-2026-54390 (CVE-2026-54390)
vulnerability in CVE-2026-54390 (CVE-2026-54390). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56021 |
|
Vulnerability in CVE-2026-56021 (CVE-2026-56021)
vulnerability in CVE-2026-56021 (CVE-2026-56021). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56022 |
|
Vulnerability in CVE-2026-56022 (CVE-2026-56022)
vulnerability in CVE-2026-56022 (CVE-2026-56022). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.641` or later.
|
| CVE-2026-55205 |
|
Vulnerability in CVE-2026-55205 (CVE-2026-55205)
vulnerability in CVE-2026-55205 (CVE-2026-55205). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/onboarding/oauth/start`.
|
| CVE-2026-38718 |
|
Vulnerability in dos (CVE-2026-38718)
vulnerability in dos (CVE-2026-38718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56024 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-56024)
vulnerability in csrf (CVE-2026-56024). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55203 |
|
Vulnerability in haproxy (CVE-2026-55203)
vulnerability in haproxy (CVE-2026-55203). Data can be tampered with by attackers.
|
| CVE-2026-54106 |
|
Vulnerability in CVE-2026-54106 (CVE-2026-54106)
vulnerability in CVE-2026-54106 (CVE-2026-54106). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54104 |
|
Vulnerability in CVE-2026-54104 (CVE-2026-54104)
vulnerability in CVE-2026-54104 (CVE-2026-54104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55204 |
|
Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
|