Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-45033 Vulnerability in @github/copilot (CVE-2026-45033)
vulnerability in @github/copilot (CVE-2026-45033). Successful exploitation can lead to full system takeover. Exploitable via ``core.fsmonitor``. Mitigation: upgrade to `1.0.43` or later.
CVE-2026-44543 Vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543)
vulnerability in github.com/rancher/local-path-provisioner (CVE-2026-44543). Confidential information can be exposed externally. Exploitable via ``helperPod.yaml``. Mitigation: upgrade to `0.0.36` or later.
CVE-2026-44521 SQL Injection in studio-42/elfinder (CVE-2026-44521)
SQL injection in studio-42/elfinder (CVE-2026-44521). Successful exploitation can lead to full system takeover. Exploitable via ``elFinderVolumeMySQL``. Mitigation: upgrade to `2.1.68` or later.
CVE-2026-44516 Vulnerability in com.ritense.valtimo:web (CVE-2026-44516)
vulnerability in com.ritense.valtimo:web (CVE-2026-44516). Confidential information can be exposed externally. Exploitable via ``LoggingRestClientCustomizer``. Mitigation: upgrade to `13.26.0` or later.
CVE-2026-44483 Vulnerability in @rvf/set-get (CVE-2026-44483)
vulnerability in @rvf/set-get (CVE-2026-44483). Data can be tampered with by attackers. Exploitable via ``setPath``. Mitigation: upgrade to `6.0.4` or later.
CVE-2026-44579 Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44578 SSRF (Server-Side Request Forgery) in next (CVE-2026-44578)
SSRF in next (CVE-2026-44578). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44575 Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44574 Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44573 Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
CVE-2026-44473 Vulnerability in github.com/ellanetworks/core (CVE-2026-44473)
vulnerability in github.com/ellanetworks/core (CVE-2026-44473). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-45017 Path Traversal in python-liquid (CVE-2026-45017)
path traversal in python-liquid (CVE-2026-45017). Confidential information can be exposed externally. Exploitable via ``FileSystemLoader``. Mitigation: upgrade to `2.2.0` or later.
CVE-2026-44432 Vulnerability in urllib3 (CVE-2026-44432)
vulnerability in urllib3 (CVE-2026-44432). Risk of unauthorized operations or information disclosure. Exploitable via ``gzip``. Mitigation: upgrade to `2.7.0` or later.
CVE-2026-45022 Vulnerability in github.com/go-git/go-git/v6 (CVE-2026-45022)
vulnerability in github.com/go-git/go-git/v6 (CVE-2026-45022). Data can be tampered with by attackers. Exploitable via ``commit``. Mitigation: upgrade to `6.0.0-alpha.3` or later.
CVE-2026-44971 SSRF (Server-Side Request Forgery) in guarddog (CVE-2026-44971)
SSRF in guarddog (CVE-2026-44971). Confidential information can be exposed externally. Exploitable via ``GH_TOKEN``.
CVE-2026-44902 Vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902)
vulnerability in @opentelemetry/exporter-prometheus (CVE-2026-44902). Risk of unauthorized operations or information disclosure. Exploitable via ``TypeError``. Mitigation: upgrade to `0.217.0` or later.
CVE-2026-44346 OS Command Injection in bentoml (CVE-2026-44346)
OS command injection in bentoml (CVE-2026-44346). Successful exploitation can lead to full system takeover. Exploitable via ``bentofile.yaml``. Mitigation: upgrade to `1.4.39` or later.
CVE-2026-44345 OS Command Injection in bentoml (CVE-2026-44345)
OS command injection in bentoml (CVE-2026-44345). Successful exploitation can lead to full system takeover. Exploitable via ``docker.base_image``. Mitigation: upgrade to `1.4.39` or later.
CVE-2026-44570 Vulnerability in open-webui (CVE-2026-44570)
vulnerability in open-webui (CVE-2026-44570). Confidential information can be exposed externally. Exploitable via `POST /api/v1/memories/query`. Mitigation: upgrade to `0.6.19` or later.
CVE-2026-4802 OS Command Injection in CVE-2026-4802 (CVE-2026-4802)
OS command injection in CVE-2026-4802 (CVE-2026-4802). Successful exploitation can lead to full system takeover.
CVE-2026-44569 Vulnerability in open-webui (CVE-2026-44569)
vulnerability in open-webui (CVE-2026-44569). Data can be tampered with by attackers. Exploitable via ``message_id``. Mitigation: upgrade to `0.6.19` or later.
CVE-2026-44565 Path Traversal in open-webui (CVE-2026-44565)
path traversal in open-webui (CVE-2026-44565). Data can be tampered with by attackers. Exploitable via ``DELETE_ME``. Mitigation: upgrade to `0.6.10` or later.
CVE-2026-42595 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42595)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42595). Confidential information can be exposed externally. Exploitable via ``downloadFrom``. Mitigation: upgrade to `8.32.0` or later.
CVE-2025-10470 Vulnerability in wso2 (CVE-2025-10470)
vulnerability in wso2 (CVE-2025-10470). Risk of unauthorized operations or information disclosure.
CVE-2026-32658 Vulnerability in dell (CVE-2026-32658)
vulnerability in dell (CVE-2026-32658). Successful exploitation can lead to full system takeover.
CVE-2025-10908 Authorization Flaw in c (CVE-2025-10908)
vulnerability in c (CVE-2025-10908). Risk of unauthorized operations or information disclosure.
CVE-2026-43500 Out-of-Bounds Write in linux (CVE-2026-43500)
out-of-bounds write in linux (CVE-2026-43500). Successful exploitation can lead to full system takeover.
CVE-2026-23918 Vulnerability in jvn (CVE-2026-23918)
vulnerability in jvn (CVE-2026-23918). Successful exploitation can lead to full system takeover.
CVE-2026-41951 Path Traversal in jvn (CVE-2026-41951)
path traversal in jvn (CVE-2026-41951). Successful exploitation can lead to full system takeover.
CVE-2026-41872 Vulnerability in jvn (CVE-2026-41872)
vulnerability in jvn (CVE-2026-41872). Confidential information can be exposed externally.
CVE-2026-6433 Vulnerability in wordpress (CVE-2026-6433)
vulnerability in wordpress (CVE-2026-6433). Risk of unauthorized operations or information disclosure.
CVE-2026-8260 Buffer Overflow in dlink (CVE-2026-8260)
vulnerability in dlink (CVE-2026-8260). Successful exploitation can lead to full system takeover.
CVE-2026-8177 Out-of-Bounds Read in dos (CVE-2026-8177)
vulnerability in dos (CVE-2026-8177). Risk of unauthorized operations or information disclosure.
CVE-2026-45180 Vulnerability in CVE-2026-45180 (CVE-2026-45180)
vulnerability in CVE-2026-45180 (CVE-2026-45180). Confidential information can be exposed externally.
CVE-2022-50944 Code Injection in CVE-2022-50944 (CVE-2022-50944)
code injection in CVE-2022-50944 (CVE-2022-50944). Successful exploitation can lead to full system takeover.
CVE-2021-47949 Vulnerability in CVE-2021-47949 (CVE-2021-47949)
vulnerability in CVE-2021-47949 (CVE-2021-47949). Successful exploitation can lead to full system takeover.
CVE-2021-47938 Code Injection in CVE-2021-47938 (CVE-2021-47938)
code injection in CVE-2021-47938 (CVE-2021-47938). Successful exploitation can lead to full system takeover.
CVE-2021-47939 Code Injection in CVE-2021-47939 (CVE-2021-47939)
code injection in CVE-2021-47939 (CVE-2021-47939). Successful exploitation can lead to full system takeover.
CVE-2021-47941 SQL Injection in wordpress (CVE-2021-47941)
SQL injection in wordpress (CVE-2021-47941). Confidential information can be exposed externally.
CVE-2021-47943 Unrestricted File Upload in CVE-2021-47943 (CVE-2021-47943)
vulnerability in CVE-2021-47943 (CVE-2021-47943). Successful exploitation can lead to full system takeover.
CVE-2021-47944 Vulnerability in dos (CVE-2021-47944)
vulnerability in dos (CVE-2021-47944). Risk of unauthorized operations or information disclosure.
CVE-2021-47945 Vulnerability in CVE-2021-47945 (CVE-2021-47945)
vulnerability in CVE-2021-47945 (CVE-2021-47945). Successful exploitation can lead to full system takeover.
CVE-2021-47930 SQL Injection in sqli (CVE-2021-47930)
SQL injection in sqli (CVE-2021-47930). Confidential information can be exposed externally.
CVE-2021-47935 Code Injection in sentry (CVE-2021-47935)
code injection in sentry (CVE-2021-47935). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.2` or later.
CVE-2021-47937 Unrestricted File Upload in CVE-2021-47937 (CVE-2021-47937)
vulnerability in CVE-2021-47937 (CVE-2021-47937). Successful exploitation can lead to full system takeover.
CVE-2021-47928 SQL Injection in sqli (CVE-2021-47928)
SQL injection in sqli (CVE-2021-47928). Confidential information can be exposed externally.
CVE-2026-8234 Buffer Overflow in CVE-2026-8234 (CVE-2026-8234)
vulnerability in CVE-2026-8234 (CVE-2026-8234). Successful exploitation can lead to full system takeover.
CVE-2026-7263 Vulnerability in libphp (CVE-2026-7263)
vulnerability in libphp (CVE-2026-7263). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
CVE-2026-7258 Out-of-Bounds Read in libphp (CVE-2026-7258)
vulnerability in libphp (CVE-2026-7258). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-7262 Vulnerability in libphp (CVE-2026-7262)
vulnerability in libphp (CVE-2026-7262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →