Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-33359 |
|
Vulnerability in CVE-2026-33359 (CVE-2026-33359)
vulnerability in CVE-2026-33359 (CVE-2026-33359). Confidential information can be exposed externally.
|
| CVE-2026-36983 |
|
Command Injection in dlink (CVE-2026-36983)
command injection in dlink (CVE-2026-36983). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36962 |
|
SQL Injection in sqli (CVE-2026-36962)
SQL injection in sqli (CVE-2026-36962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38568 |
|
Vulnerability in privilege-escalation (CVE-2026-38568)
vulnerability in privilege-escalation (CVE-2026-38568). Confidential information can be exposed externally.
|
| CVE-2026-33361 |
|
Vulnerability in CVE-2026-33361 (CVE-2026-33361)
vulnerability in CVE-2026-33361 (CVE-2026-33361). Confidential information can be exposed externally.
|
| CVE-2026-38566 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-38566)
vulnerability in csrf (CVE-2026-38566). Confidential information can be exposed externally.
|
| CVE-2026-33357 |
|
Vulnerability in CVE-2026-33357 (CVE-2026-33357)
vulnerability in CVE-2026-33357 (CVE-2026-33357). Confidential information can be exposed externally. Exploitable via `GET /openapi/device/status`.
|
| CVE-2026-33362 |
|
Vulnerability in CVE-2026-33362 (CVE-2026-33362)
vulnerability in CVE-2026-33362 (CVE-2026-33362). Confidential information can be exposed externally.
|
| CVE-2026-2393 |
|
SSRF (Server-Side Request Forgery) in mlflow (CVE-2026-2393)
SSRF in mlflow (CVE-2026-2393). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `3.9.0` or later.
|
| CVE-2026-2291 |
|
Vulnerability in dos (CVE-2026-2291)
vulnerability in dos (CVE-2026-2291). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30635 |
|
OS Command Injection in automagik-genie (CVE-2026-30635)
OS command injection in automagik-genie (CVE-2026-30635). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3609 |
|
Vulnerability in privilege-escalation (CVE-2026-3609)
vulnerability in privilege-escalation (CVE-2026-3609). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31249 |
|
Unsafe Deserialization in deserialization (CVE-2026-31249)
vulnerability in deserialization (CVE-2026-31249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31254 |
|
Vulnerability in CVE-2026-31254 (CVE-2026-31254)
vulnerability in CVE-2026-31254 (CVE-2026-31254). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31250 |
|
Unsafe Deserialization in deserialization (CVE-2026-31250)
vulnerability in deserialization (CVE-2026-31250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31248 |
|
Vulnerability in docling (CVE-2026-31248)
vulnerability in docling (CVE-2026-31248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33356 |
|
Vulnerability in CVE-2026-33356 (CVE-2026-33356)
vulnerability in CVE-2026-33356 (CVE-2026-33356). Confidential information can be exposed externally.
|
| CVE-2026-31251 |
|
Vulnerability in deserialization (CVE-2026-31251)
vulnerability in deserialization (CVE-2026-31251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31253 |
|
Code Injection in flash_attn (CVE-2026-31253)
code injection in flash_attn (CVE-2026-31253). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42858 |
|
SSRF (Server-Side Request Forgery) in openedx (CVE-2026-42858)
SSRF in openedx (CVE-2026-42858). Confidential information can be exposed externally.
|
| CVE-2026-42860 |
|
SSRF (Server-Side Request Forgery) in edx-enterprise (CVE-2026-42860)
SSRF in edx-enterprise (CVE-2026-42860). Confidential information can be exposed externally. Exploitable via ``sync_provider_data``. Mitigation: upgrade to `7.0.5` or later.
|
| CVE-2026-42315 |
|
Path Traversal in pyload-ng (CVE-2026-42315)
path traversal in pyload-ng (CVE-2026-42315). Data can be tampered with by attackers. Exploitable via ``Perms.MODIFY``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-41431 |
|
Vulnerability in CVE-2026-41431 (CVE-2026-41431)
vulnerability in CVE-2026-41431 (CVE-2026-41431). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.19.9b` or later.
|
| CVE-2026-42313 |
|
Vulnerability in pyload-ng (CVE-2026-42313)
vulnerability in pyload-ng (CVE-2026-42313). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-42843 |
|
Authorization Flaw in getgrav/grav-plugin-api (CVE-2026-42843)
vulnerability in getgrav/grav-plugin-api (CVE-2026-42843). Successful exploitation can lead to full system takeover. Exploitable via ``api.access``. Mitigation: upgrade to `1.0.0-beta.15` or later.
|
| CVE-2026-44738 |
|
Information Disclosure in getgrav/grav (CVE-2026-44738)
vulnerability in getgrav/grav (CVE-2026-44738). Confidential information can be exposed externally. Exploitable via ``admin.pages``. Mitigation: upgrade to `2.0.0-rc.2` or later.
|
| CVE-2026-42349 |
|
Vulnerability in @clerk/shared (CVE-2026-42349)
vulnerability in @clerk/shared (CVE-2026-42349). Confidential information can be exposed externally. Exploitable via ``clerkMiddleware``. Mitigation: upgrade to `4.8.3` or later.
|
| CVE-2026-42603 |
|
Code Injection in CVE-2026-42603 (CVE-2026-42603)
code injection in CVE-2026-42603 (CVE-2026-42603). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.2` or later.
|
| CVE-2026-45109 |
|
Vulnerability in next (CVE-2026-45109)
vulnerability in next (CVE-2026-45109). Confidential information can be exposed externally. Exploitable via ``middleware.ts``. Mitigation: upgrade to `16.2.6` or later.
|
| CVE-2026-45061 |
|
SSRF (Server-Side Request Forgery) in budibase (CVE-2026-45061)
SSRF in budibase (CVE-2026-45061). Confidential information can be exposed externally. Exploitable via `POST /api/plugin`. Mitigation: upgrade to `3.35.10` or later.
|
| CVE-2026-45047 |
|
Vulnerability in github.com/xddxdd/bird-lg-go (CVE-2026-45047)
vulnerability in github.com/xddxdd/bird-lg-go (CVE-2026-45047). Risk of unauthorized operations or information disclosure. Exploitable via ``apiHandler``. Mitigation: upgrade to `0.0.0-20260507060110-0ff87024cb9e` or later.
|
| CVE-2026-7819 |
|
Vulnerability in pgadmin4 (CVE-2026-7819)
vulnerability in pgadmin4 (CVE-2026-7819). Data can be tampered with by attackers. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7816 |
|
OS Command Injection in pgadmin4 (CVE-2026-7816)
OS command injection in pgadmin4 (CVE-2026-7816). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7818 |
|
Unsafe Deserialization in pgadmin4 (CVE-2026-7818)
vulnerability in pgadmin4 (CVE-2026-7818). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-7815 |
|
SQL Injection in pgadmin4 (CVE-2026-7815)
SQL injection in pgadmin4 (CVE-2026-7815). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-42611 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42611)
cross-site scripting in getgrav/grav (CVE-2026-42611). Confidential information can be exposed externally. Exploitable via `POST /grav-log`. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42612 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42612)
cross-site scripting in getgrav/grav (CVE-2026-42612). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42609 |
|
Privilege Escalation in getgrav/grav (CVE-2026-42609)
vulnerability in getgrav/grav (CVE-2026-42609). Data can be tampered with by attackers. Exploitable via ``d904efc33``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-34087 |
|
Information Disclosure in mediawiki (CVE-2026-34087)
vulnerability in mediawiki (CVE-2026-34087). Confidential information can be exposed externally.
|
| CVE-2026-34088 |
|
Information Disclosure in mediawiki (CVE-2026-34088)
vulnerability in mediawiki (CVE-2026-34088). Confidential information can be exposed externally.
|
| CVE-2026-34090 |
|
Information Disclosure in mediawiki (CVE-2026-34090)
vulnerability in mediawiki (CVE-2026-34090). Confidential information can be exposed externally.
|
| CVE-2026-34091 |
|
Information Disclosure in mediawiki (CVE-2026-34091)
vulnerability in mediawiki (CVE-2026-34091). Confidential information can be exposed externally.
|
| CVE-2026-34092 |
|
Information Disclosure in mediawiki (CVE-2026-34092)
vulnerability in mediawiki (CVE-2026-34092). Confidential information can be exposed externally.
|
| CVE-2025-65418 |
|
Path Traversal in path-traversal (CVE-2025-65418)
path traversal in path-traversal (CVE-2025-65418). Confidential information can be exposed externally.
|
| CVE-2026-31247 |
|
Vulnerability in docling (CVE-2026-31247)
vulnerability in docling (CVE-2026-31247). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61311 |
|
Cross-Site Scripting (XSS) in CVE-2025-61311 (CVE-2025-61311)
cross-site scripting in CVE-2025-61311 (CVE-2025-61311). Confidential information can be exposed externally.
|
| CVE-2025-61312 |
|
Cross-Site Scripting (XSS) in CVE-2025-61312 (CVE-2025-61312)
cross-site scripting in CVE-2025-61312 (CVE-2025-61312). Confidential information can be exposed externally.
|
| CVE-2025-61313 |
|
Cross-Site Scripting (XSS) in CVE-2025-61313 (CVE-2025-61313)
cross-site scripting in CVE-2025-61313 (CVE-2025-61313). Confidential information can be exposed externally.
|
| CVE-2025-61314 |
|
Cross-Site Scripting (XSS) in CVE-2025-61314 (CVE-2025-61314)
cross-site scripting in CVE-2025-61314 (CVE-2025-61314). Confidential information can be exposed externally.
|
| CVE-2026-40217 |
|
Vulnerability in litellm (CVE-2026-40217)
vulnerability in litellm (CVE-2026-40217). Successful exploitation can lead to full system takeover. Exploitable via `POST /guardrails/test_custom_code`. Mitigation: upgrade to `1.83.10` or later.
|