Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45033 |
|
Vulnerability in @github/copilot (CVE-2026-45033)
vulnerability in @github/copilot (CVE-2026-45033). Successful exploitation can lead to full system takeover. Exploitable via ``core.fsmonitor``. Mitigation: upgrade to `1.0.43` or later.
|
| CVE-2026-44543 |
|
Vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543)
vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543). Confidential information can be exposed externally. Exploitable via ``helperPod.yaml``. Mitigation: upgrade to `0.0.36` or later.
|
| CVE-2026-44521 |
|
SQL Injection in studio-42/elfinder (CVE-2026-44521)
SQL injection in studio-42/elfinder (CVE-2026-44521). Successful exploitation can lead to full system takeover. Exploitable via ``elFinderVolumeMySQL``. Mitigation: upgrade to `2.1.68` or later.
|
| CVE-2026-44516 |
|
Vulnerability in com.ritense.valtimo:web (CVE-2026-44516)
vulnerability in com.ritense.valtimo:web (CVE-2026-44516). Confidential information can be exposed externally. Exploitable via ``LoggingRestClientCustomizer``. Mitigation: upgrade to `13.26.0` or later.
|
| CVE-2026-44483 |
|
Vulnerability in @rvf/set-get (CVE-2026-44483)
vulnerability in @rvf/set-get (CVE-2026-44483). Data can be tampered with by attackers. Exploitable via ``setPath``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-44579 |
|
Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44578 |
|
SSRF (Server-Side Request Forgery) in next (CVE-2026-44578)
SSRF in next (CVE-2026-44578). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44575 |
|
Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44574 |
|
Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44573 |
|
Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44473 |
|
Vulnerability in github.com/ellanetworks/core (CVE-2026-44473)
vulnerability in github.com/ellanetworks/core (CVE-2026-44473). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.0` or later.
|
| CVE-2026-45017 |
|
Path Traversal in python-liquid (CVE-2026-45017)
path traversal in python-liquid (CVE-2026-45017). Confidential information can be exposed externally. Exploitable via ``FileSystemLoader``. Mitigation: upgrade to `2.2.0` or later.
|
| CVE-2026-44432 |
|
Vulnerability in urllib3 (CVE-2026-44432)
vulnerability in urllib3 (CVE-2026-44432). Risk of unauthorized operations or information disclosure. Exploitable via ``gzip``. Mitigation: upgrade to `2.7.0` or later.
|
| CVE-2026-45022 |
|
Vulnerability in github.com/go-git/go-git/v6 (CVE-2026-45022)
vulnerability in github.com/go-git/go-git/v6 (CVE-2026-45022). Data can be tampered with by attackers. Exploitable via ``commit``. Mitigation: upgrade to `6.0.0-alpha.3` or later.
|
| CVE-2026-44971 |
|
SSRF (Server-Side Request Forgery) in guarddog (CVE-2026-44971)
SSRF in guarddog (CVE-2026-44971). Confidential information can be exposed externally. Exploitable via ``GH_TOKEN``.
|
| CVE-2026-44902 |
|
Vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902)
vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``. Mitigation: upgrade to `0.217.0` or later.
|
| CVE-2026-44346 |
|
OS Command Injection in bentoml (CVE-2026-44346)
OS command injection in bentoml (CVE-2026-44346). Successful exploitation can lead to full system takeover. Exploitable via ``bentofile.yaml``. Mitigation: upgrade to `1.4.39` or later.
|
| CVE-2026-44345 |
|
OS Command Injection in bentoml (CVE-2026-44345)
OS command injection in bentoml (CVE-2026-44345). Successful exploitation can lead to full system takeover. Exploitable via ``docker.base_image``. Mitigation: upgrade to `1.4.39` or later.
|
| CVE-2026-44570 |
|
Vulnerability in open-webui (CVE-2026-44570)
vulnerability in open-webui (CVE-2026-44570). Confidential information can be exposed externally. Exploitable via `POST /api/v1/memories/query`. Mitigation: upgrade to `0.6.19` or later.
|
| CVE-2026-4802 |
|
OS Command Injection in CVE-2026-4802 (CVE-2026-4802)
OS command injection in CVE-2026-4802 (CVE-2026-4802). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44569 |
|
Vulnerability in open-webui (CVE-2026-44569)
vulnerability in open-webui (CVE-2026-44569). Data can be tampered with by attackers. Exploitable via ``message_id``. Mitigation: upgrade to `0.6.19` or later.
|
| CVE-2026-44565 |
|
Path Traversal in open-webui (CVE-2026-44565)
path traversal in open-webui (CVE-2026-44565). Data can be tampered with by attackers. Exploitable via ``DELETE_ME``. Mitigation: upgrade to `0.6.10` or later.
|
| CVE-2026-42595 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42595)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42595). Confidential information can be exposed externally. Exploitable via ``downloadFrom``. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2025-10470 |
|
Vulnerability in wso2 (CVE-2025-10470)
vulnerability in wso2 (CVE-2025-10470). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32658 |
|
Vulnerability in dell (CVE-2026-32658)
vulnerability in dell (CVE-2026-32658). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10908 |
|
Authorization Flaw in c (CVE-2025-10908)
vulnerability in c (CVE-2025-10908). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43500 |
|
Out-of-Bounds Write in linux (CVE-2026-43500)
out-of-bounds write in linux (CVE-2026-43500). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23918 |
|
Vulnerability in jvn (CVE-2026-23918)
vulnerability in jvn (CVE-2026-23918). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41951 |
|
Path Traversal in jvn (CVE-2026-41951)
path traversal in jvn (CVE-2026-41951). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41872 |
|
Vulnerability in jvn (CVE-2026-41872)
vulnerability in jvn (CVE-2026-41872). Confidential information can be exposed externally.
|
| CVE-2026-6433 |
|
Vulnerability in wordpress (CVE-2026-6433)
vulnerability in wordpress (CVE-2026-6433). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8260 |
|
Buffer Overflow in dlink (CVE-2026-8260)
vulnerability in dlink (CVE-2026-8260). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8177 |
|
Out-of-Bounds Read in dos (CVE-2026-8177)
vulnerability in dos (CVE-2026-8177). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45180 |
|
Vulnerability in CVE-2026-45180 (CVE-2026-45180)
vulnerability in CVE-2026-45180 (CVE-2026-45180). Confidential information can be exposed externally.
|
| CVE-2022-50944 |
|
Code Injection in CVE-2022-50944 (CVE-2022-50944)
code injection in CVE-2022-50944 (CVE-2022-50944). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47949 |
|
Vulnerability in CVE-2021-47949 (CVE-2021-47949)
vulnerability in CVE-2021-47949 (CVE-2021-47949). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47938 |
|
Code Injection in CVE-2021-47938 (CVE-2021-47938)
code injection in CVE-2021-47938 (CVE-2021-47938). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47939 |
|
Code Injection in CVE-2021-47939 (CVE-2021-47939)
code injection in CVE-2021-47939 (CVE-2021-47939). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47941 |
|
SQL Injection in wordpress (CVE-2021-47941)
SQL injection in wordpress (CVE-2021-47941). Confidential information can be exposed externally.
|
| CVE-2021-47943 |
|
Unrestricted File Upload in CVE-2021-47943 (CVE-2021-47943)
vulnerability in CVE-2021-47943 (CVE-2021-47943). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47944 |
|
Vulnerability in dos (CVE-2021-47944)
vulnerability in dos (CVE-2021-47944). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47945 |
|
Vulnerability in CVE-2021-47945 (CVE-2021-47945)
vulnerability in CVE-2021-47945 (CVE-2021-47945). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47930 |
|
SQL Injection in sqli (CVE-2021-47930)
SQL injection in sqli (CVE-2021-47930). Confidential information can be exposed externally.
|
| CVE-2021-47935 |
|
Code Injection in sentry (CVE-2021-47935)
code injection in sentry (CVE-2021-47935). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.2` or later.
|
| CVE-2021-47937 |
|
Unrestricted File Upload in CVE-2021-47937 (CVE-2021-47937)
vulnerability in CVE-2021-47937 (CVE-2021-47937). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47928 |
|
SQL Injection in sqli (CVE-2021-47928)
SQL injection in sqli (CVE-2021-47928). Confidential information can be exposed externally.
|
| CVE-2026-8234 |
|
Buffer Overflow in CVE-2026-8234 (CVE-2026-8234)
vulnerability in CVE-2026-8234 (CVE-2026-8234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7263 |
|
Vulnerability in libphp (CVE-2026-7263)
vulnerability in libphp (CVE-2026-7263). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
|
| CVE-2026-7258 |
|
Out-of-Bounds Read in libphp (CVE-2026-7258)
vulnerability in libphp (CVE-2026-7258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7262 |
|
Vulnerability in libphp (CVE-2026-7262)
vulnerability in libphp (CVE-2026-7262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|