Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-8111 SQL Injection in sqli (CVE-2026-8111)
SQL injection in sqli (CVE-2026-8111). Successful exploitation can lead to full system takeover.
CVE-2026-7432 Vulnerability in ivanti (CVE-2026-7432)
vulnerability in ivanti (CVE-2026-7432). Successful exploitation can lead to full system takeover.
CVE-2026-8051 OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
CVE-2026-8110 Vulnerability in ivanti (CVE-2026-8110)
vulnerability in ivanti (CVE-2026-8110). Successful exploitation can lead to full system takeover.
CVE-2026-6866 Vulnerability in schneider-electric (CVE-2026-6866)
vulnerability in schneider-electric (CVE-2026-6866). Confidential information can be exposed externally.
CVE-2026-42260 SSRF (Server-Side Request Forgery) in open-websearch (CVE-2026-42260)
SSRF in open-websearch (CVE-2026-42260). Confidential information can be exposed externally. Exploitable via `GET /internal`. Mitigation: upgrade to `2.1.7` or later.
CVE-2026-43937 Vulnerability in YAFNET.Core (CVE-2026-43937)
vulnerability in YAFNET.Core (CVE-2026-43937). Successful exploitation can lead to full system takeover. Exploitable via ``PageSecurityCheckAttribute``. Mitigation: upgrade to `4.0.5` or later.
CVE-2026-43938 Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
CVE-2026-43939 Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
CVE-2026-43983 Vulnerability in pocket-id (CVE-2026-43983)
vulnerability in pocket-id (CVE-2026-43983). Confidential information can be exposed externally. Mitigation: upgrade to `2.6.0` or later.
CVE-2026-32687 SQL Injection in postgrex (CVE-2026-32687)
SQL injection in postgrex (CVE-2026-32687). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.2` or later.
CVE-2026-45090 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090). Risk of unauthorized operations or information disclosure. Exploitable via ``ParameterAnalysis``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-45089 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089). Data can be tampered with by attackers. Exploitable via ``output``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-45088 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088). Confidential information can be exposed externally. Exploitable via ``model.Options``. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-44295 Code Injection in protobufjs-cli (CVE-2026-44295)
code injection in protobufjs-cli (CVE-2026-44295). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.0.2` or later.
CVE-2026-44293 Code Injection in protobufjs (CVE-2026-44293)
code injection in protobufjs (CVE-2026-44293). Successful exploitation can lead to full system takeover. Exploitable via ``toObject``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44291 Vulnerability in protobufjs (CVE-2026-44291)
vulnerability in protobufjs (CVE-2026-44291). Successful exploitation can lead to full system takeover. Exploitable via ``Object.prototype``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44290 Vulnerability in protobufjs (CVE-2026-44290)
vulnerability in protobufjs (CVE-2026-44290). Risk of unauthorized operations or information disclosure. Exploitable via ``parse``. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-44289 Vulnerability in protobufjs (CVE-2026-44289)
vulnerability in protobufjs (CVE-2026-44289). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-42290 OS Command Injection in protobufjs-cli (CVE-2026-42290)
OS command injection in protobufjs-cli (CVE-2026-42290). Successful exploitation can lead to full system takeover. Exploitable via ``pbts``. Mitigation: upgrade to `2.0.2` or later.
CVE-2026-8390 Use-After-Free in mozilla (CVE-2026-8390)
vulnerability in mozilla (CVE-2026-8390). Risk of unauthorized operations or information disclosure.
CVE-2026-8389 Buffer Overflow in mozilla (CVE-2026-8389)
vulnerability in mozilla (CVE-2026-8389). Successful exploitation can lead to full system takeover.
CVE-2026-35071 OS Command Injection in dell (CVE-2026-35071)
OS command injection in dell (CVE-2026-35071). Successful exploitation can lead to full system takeover.
CVE-2026-27851 Vulnerability in dovecot (CVE-2026-27851)
vulnerability in dovecot (CVE-2026-27851). Confidential information can be exposed externally.
CVE-2025-12659 Vulnerability in CVE-2025-12659 (CVE-2025-12659)
vulnerability in CVE-2025-12659 (CVE-2025-12659). Successful exploitation can lead to full system takeover.
CVE-2026-45218 SQL Injection in wordpress (CVE-2026-45218)
SQL injection in wordpress (CVE-2026-45218). Confidential information can be exposed externally.
CVE-2026-42741 SQL Injection in sqli (CVE-2026-42741)
SQL injection in sqli (CVE-2026-42741). Confidential information can be exposed externally.
CVE-2026-42742 SQL Injection in sqli (CVE-2026-42742)
SQL injection in sqli (CVE-2026-42742). Confidential information can be exposed externally.
CVE-2026-45211 SQL Injection in sqli (CVE-2026-45211)
SQL injection in sqli (CVE-2026-45211). Confidential information can be exposed externally.
CVE-2026-45213 SQL Injection in sqli (CVE-2026-45213)
SQL injection in sqli (CVE-2026-45213). Confidential information can be exposed externally.
CVE-2026-45214 SQL Injection in sqli (CVE-2026-45214)
SQL injection in sqli (CVE-2026-45214). Confidential information can be exposed externally.
CVE-2026-2465 Authorization Flaw in privilege-escalation (CVE-2026-2465)
vulnerability in privilege-escalation (CVE-2026-2465). Successful exploitation can lead to full system takeover.
CVE-2026-41712 Vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41712)
vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41712). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.0-M6` or later.
CVE-2026-41713 Vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713)
vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.6` or later.
CVE-2026-8162 Vulnerability in multiparty (CVE-2026-8162)
vulnerability in multiparty (CVE-2026-8162). Risk of unauthorized operations or information disclosure. Exploitable via ``decodeURI``. Mitigation: upgrade to `4.3.0` or later.
CVE-2026-6001 Vulnerability in CVE-2026-6001 (CVE-2026-6001)
vulnerability in CVE-2026-6001 (CVE-2026-6001). Successful exploitation can lead to full system takeover.
CVE-2026-8159 Vulnerability in multiparty (CVE-2026-8159)
vulnerability in multiparty (CVE-2026-8159). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.0` or later.
CVE-2026-8161 Vulnerability in multiparty (CVE-2026-8161)
vulnerability in multiparty (CVE-2026-8161). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `4.3.0` or later.
CVE-2026-44411 Vulnerability in siemens (CVE-2026-44411)
vulnerability in siemens (CVE-2026-44411). Successful exploitation can lead to full system takeover.
CVE-2026-44412 Vulnerability in CVE-2026-44412 (CVE-2026-44412)
vulnerability in CVE-2026-44412 (CVE-2026-44412). Successful exploitation can lead to full system takeover.
CVE-2026-25789 Cross-Site Scripting (XSS) in CVE-2026-25789 (CVE-2026-25789)
cross-site scripting in CVE-2026-25789 (CVE-2026-25789). Successful exploitation can lead to full system takeover.
CVE-2026-27662 Vulnerability in CVE-2026-27662 (CVE-2026-27662)
vulnerability in CVE-2026-27662 (CVE-2026-27662). Data can be tampered with by attackers.
CVE-2026-33862 Cross-Site Scripting (XSS) in siemens (CVE-2026-33862)
cross-site scripting in siemens (CVE-2026-33862). Confidential information can be exposed externally.
CVE-2026-33893 Vulnerability in siemens (CVE-2026-33893)
vulnerability in siemens (CVE-2026-33893). Confidential information can be exposed externally.
CVE-2026-22925 Vulnerability in siemens (CVE-2026-22925)
vulnerability in siemens (CVE-2026-22925). Risk of unauthorized operations or information disclosure.
CVE-2025-40947 OS Command Injection in siemens (CVE-2025-40947)
OS command injection in siemens (CVE-2025-40947). Successful exploitation can lead to full system takeover.
CVE-2025-40946 Vulnerability in CVE-2025-40946 (CVE-2025-40946)
vulnerability in CVE-2025-40946 (CVE-2025-40946). Data can be tampered with by attackers.
CVE-2025-40833 Vulnerability in dos (CVE-2025-40833)
vulnerability in dos (CVE-2025-40833). Risk of unauthorized operations or information disclosure.
CVE-2026-6690 Cross-Site Scripting (XSS) in wordpress (CVE-2026-6690)
cross-site scripting in wordpress (CVE-2026-6690). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_ajax_nopriv_lp_update_mds``.
CVE-2026-39432 Vulnerability in CVE-2026-39432 (CVE-2026-39432)
vulnerability in CVE-2026-39432 (CVE-2026-39432). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →