Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8111 |
|
SQL Injection in sqli (CVE-2026-8111)
SQL injection in sqli (CVE-2026-8111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7432 |
|
Vulnerability in ivanti (CVE-2026-7432)
vulnerability in ivanti (CVE-2026-7432). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8051 |
|
OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8110 |
|
Vulnerability in ivanti (CVE-2026-8110)
vulnerability in ivanti (CVE-2026-8110). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6866 |
|
Vulnerability in schneider-electric (CVE-2026-6866)
vulnerability in schneider-electric (CVE-2026-6866). Confidential information can be exposed externally.
|
| CVE-2026-42260 |
|
SSRF (Server-Side Request Forgery) in open-websearch (CVE-2026-42260)
SSRF in open-websearch (CVE-2026-42260). Confidential information can be exposed externally. Exploitable via `GET /internal`. Mitigation: upgrade to `2.1.7` or later.
|
| CVE-2026-43937 |
|
Vulnerability in YAFNET.Core (CVE-2026-43937)
vulnerability in YAFNET.Core (CVE-2026-43937). Successful exploitation can lead to full system takeover. Exploitable via ``PageSecurityCheckAttribute``. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-43938 |
|
Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-43939 |
|
Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-43983 |
|
Vulnerability in pocket-id (CVE-2026-43983)
vulnerability in pocket-id (CVE-2026-43983). Confidential information can be exposed externally. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-32687 |
|
SQL Injection in postgrex (CVE-2026-32687)
SQL injection in postgrex (CVE-2026-32687). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.2` or later.
|
| CVE-2026-45090 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45090). Risk of unauthorized operations or information disclosure. Exploitable via ``ParameterAnalysis``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45089 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45089). Data can be tampered with by attackers. Exploitable via ``output``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-45088 |
|
Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45088). Confidential information can be exposed externally. Exploitable via ``model.Options``. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-44295 |
|
Code Injection in protobufjs-cli (CVE-2026-44295)
code injection in protobufjs-cli (CVE-2026-44295). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.0.2` or later.
|
| CVE-2026-44293 |
|
Code Injection in protobufjs (CVE-2026-44293)
code injection in protobufjs (CVE-2026-44293). Successful exploitation can lead to full system takeover. Exploitable via ``toObject``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44291 |
|
Vulnerability in protobufjs (CVE-2026-44291)
vulnerability in protobufjs (CVE-2026-44291). Successful exploitation can lead to full system takeover. Exploitable via ``Object.prototype``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44290 |
|
Vulnerability in protobufjs (CVE-2026-44290)
vulnerability in protobufjs (CVE-2026-44290). Risk of unauthorized operations or information disclosure. Exploitable via ``parse``. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-44289 |
|
Vulnerability in protobufjs (CVE-2026-44289)
vulnerability in protobufjs (CVE-2026-44289). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-42290 |
|
OS Command Injection in protobufjs-cli (CVE-2026-42290)
OS command injection in protobufjs-cli (CVE-2026-42290). Successful exploitation can lead to full system takeover. Exploitable via ``pbts``. Mitigation: upgrade to `2.0.2` or later.
|
| CVE-2026-8390 |
|
Use-After-Free in mozilla (CVE-2026-8390)
vulnerability in mozilla (CVE-2026-8390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8389 |
|
Buffer Overflow in mozilla (CVE-2026-8389)
vulnerability in mozilla (CVE-2026-8389). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35071 |
|
OS Command Injection in dell (CVE-2026-35071)
OS command injection in dell (CVE-2026-35071). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27851 |
|
Vulnerability in dovecot (CVE-2026-27851)
vulnerability in dovecot (CVE-2026-27851). Confidential information can be exposed externally.
|
| CVE-2025-12659 |
|
Vulnerability in CVE-2025-12659 (CVE-2025-12659)
vulnerability in CVE-2025-12659 (CVE-2025-12659). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45218 |
|
SQL Injection in wordpress (CVE-2026-45218)
SQL injection in wordpress (CVE-2026-45218). Confidential information can be exposed externally.
|
| CVE-2026-42741 |
|
SQL Injection in sqli (CVE-2026-42741)
SQL injection in sqli (CVE-2026-42741). Confidential information can be exposed externally.
|
| CVE-2026-42742 |
|
SQL Injection in sqli (CVE-2026-42742)
SQL injection in sqli (CVE-2026-42742). Confidential information can be exposed externally.
|
| CVE-2026-45211 |
|
SQL Injection in sqli (CVE-2026-45211)
SQL injection in sqli (CVE-2026-45211). Confidential information can be exposed externally.
|
| CVE-2026-45213 |
|
SQL Injection in sqli (CVE-2026-45213)
SQL injection in sqli (CVE-2026-45213). Confidential information can be exposed externally.
|
| CVE-2026-45214 |
|
SQL Injection in sqli (CVE-2026-45214)
SQL injection in sqli (CVE-2026-45214). Confidential information can be exposed externally.
|
| CVE-2026-2465 |
|
Authorization Flaw in privilege-escalation (CVE-2026-2465)
vulnerability in privilege-escalation (CVE-2026-2465). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41712 |
|
Vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41712)
vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41712). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.0-M6` or later.
|
| CVE-2026-41713 |
|
Vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713)
vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.6` or later.
|
| CVE-2026-8162 |
|
Vulnerability in multiparty (CVE-2026-8162)
vulnerability in multiparty (CVE-2026-8162). Risk of unauthorized operations or information disclosure. Exploitable via ``decodeURI``. Mitigation: upgrade to `4.3.0` or later.
|
| CVE-2026-6001 |
|
Vulnerability in CVE-2026-6001 (CVE-2026-6001)
vulnerability in CVE-2026-6001 (CVE-2026-6001). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8159 |
|
Vulnerability in multiparty (CVE-2026-8159)
vulnerability in multiparty (CVE-2026-8159). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.0` or later.
|
| CVE-2026-8161 |
|
Vulnerability in multiparty (CVE-2026-8161)
vulnerability in multiparty (CVE-2026-8161). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `4.3.0` or later.
|
| CVE-2026-44411 |
|
Vulnerability in siemens (CVE-2026-44411)
vulnerability in siemens (CVE-2026-44411). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44412 |
|
Vulnerability in CVE-2026-44412 (CVE-2026-44412)
vulnerability in CVE-2026-44412 (CVE-2026-44412). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25789 |
|
Cross-Site Scripting (XSS) in CVE-2026-25789 (CVE-2026-25789)
cross-site scripting in CVE-2026-25789 (CVE-2026-25789). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27662 |
|
Vulnerability in CVE-2026-27662 (CVE-2026-27662)
vulnerability in CVE-2026-27662 (CVE-2026-27662). Data can be tampered with by attackers.
|
| CVE-2026-33862 |
|
Cross-Site Scripting (XSS) in siemens (CVE-2026-33862)
cross-site scripting in siemens (CVE-2026-33862). Confidential information can be exposed externally.
|
| CVE-2026-33893 |
|
Vulnerability in siemens (CVE-2026-33893)
vulnerability in siemens (CVE-2026-33893). Confidential information can be exposed externally.
|
| CVE-2026-22925 |
|
Vulnerability in siemens (CVE-2026-22925)
vulnerability in siemens (CVE-2026-22925). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40947 |
|
OS Command Injection in siemens (CVE-2025-40947)
OS command injection in siemens (CVE-2025-40947). Successful exploitation can lead to full system takeover.
|
| CVE-2025-40946 |
|
Vulnerability in CVE-2025-40946 (CVE-2025-40946)
vulnerability in CVE-2025-40946 (CVE-2025-40946). Data can be tampered with by attackers.
|
| CVE-2025-40833 |
|
Vulnerability in dos (CVE-2025-40833)
vulnerability in dos (CVE-2025-40833). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6690 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-6690)
cross-site scripting in wordpress (CVE-2026-6690). Risk of unauthorized operations or information disclosure. Exploitable via ``wp_ajax_nopriv_lp_update_mds``.
|
| CVE-2026-39432 |
|
Vulnerability in CVE-2026-39432 (CVE-2026-39432)
vulnerability in CVE-2026-39432 (CVE-2026-39432). Confidential information can be exposed externally.
|