Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-7568 |
|
Out-of-Bounds Read in libphp (CVE-2026-7568)
vulnerability in libphp (CVE-2026-7568). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-8216 |
|
Authentication Bypass in CVE-2026-8216 (CVE-2026-8216)
authentication bypass in CVE-2026-8216 (CVE-2026-8216). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42605 |
|
Path Traversal in azuracast/azuracast (CVE-2026-42605)
path traversal in azuracast/azuracast (CVE-2026-42605). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/station/{station_id}/files/upload`. Mitigation: upgrade to `0.23.6` or later.
|
| CVE-2026-42606 |
|
Vulnerability in azuracast/azuracast (CVE-2026-42606)
vulnerability in azuracast/azuracast (CVE-2026-42606). Confidential information can be exposed externally. Exploitable via ``ApplyXForwarded``. Mitigation: upgrade to `0.23.6` or later.
|
| CVE-2026-42574 |
|
Path Traversal in chainguard.dev/apko (CVE-2026-42574)
path traversal in chainguard.dev/apko (CVE-2026-42574). Data can be tampered with by attackers. Exploitable via ``TypeSymlink``. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-42575 |
|
Vulnerability in chainguard.dev/apko (CVE-2026-42575)
vulnerability in chainguard.dev/apko (CVE-2026-42575). Data can be tampered with by attackers. Exploitable via ``APKINDEX.tar.gz``. Mitigation: upgrade to `1.2.7` or later.
|
| CVE-2026-42245 |
|
Vulnerability in net-imap (CVE-2026-42245)
vulnerability in net-imap (CVE-2026-42245). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseReader``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-42246 |
|
Vulnerability in net-imap (CVE-2026-42246)
vulnerability in net-imap (CVE-2026-42246). Confidential information can be exposed externally. Exploitable via ``STARTTLS``. Mitigation: upgrade to `0.3.10` or later.
|
| CVE-2026-42562 |
|
Privilege Escalation in CVE-2026-42562 (CVE-2026-42562)
vulnerability in CVE-2026-42562 (CVE-2026-42562). Confidential information can be exposed externally. Exploitable via `PUT /api.php/v1/users/{id}.`.
|
| CVE-2026-41893 |
|
Vulnerability in signalk-server (CVE-2026-41893)
vulnerability in signalk-server (CVE-2026-41893). Data can be tampered with by attackers. Exploitable via `POST /login`. Mitigation: upgrade to `2.25.0` or later.
|
| CVE-2026-4269 |
|
Vulnerability in Amazon aws (CVE-2026-4269)
vulnerability in Amazon aws (CVE-2026-4269). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5747 |
|
Vulnerability in Amazon aws (CVE-2026-5747)
vulnerability in Amazon aws (CVE-2026-5747). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3336 |
|
Vulnerability in Amazon aws (CVE-2026-3336)
vulnerability in Amazon aws (CVE-2026-3336). Data can be tampered with by attackers.
|
| CVE-2026-20040 |
|
OS Command Injection in Cisco ios-xr (CVE-2026-20040)
OS command injection in Cisco ios-xr (CVE-2026-20040). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20151 |
|
Vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20151)
vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20151). Confidential information can be exposed externally.
|
| CVE-2026-20155 |
|
Vulnerability in Cisco evolved-programmable-network-manager (CVE-2026-20155)
vulnerability in Cisco evolved-programmable-network-manager (CVE-2026-20155). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20034 |
|
Vulnerability in Cisco unity-connection (CVE-2026-20034)
vulnerability in Cisco unity-connection (CVE-2026-20034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20167 |
|
Vulnerability in Cisco dos (CVE-2026-20167)
vulnerability in Cisco dos (CVE-2026-20167). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6297 |
|
Use-After-Free in Google chrome (CVE-2026-6297)
vulnerability in Google chrome (CVE-2026-6297). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13777 |
|
Vulnerability in cisa (CVE-2025-13777)
vulnerability in cisa (CVE-2025-13777). Confidential information can be exposed externally.
|
| CVE-2026-20074 |
|
Vulnerability in Cisco dos (CVE-2026-20074)
vulnerability in Cisco dos (CVE-2026-20074). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3828 |
|
OS Command Injection in CVE-2026-3828 (CVE-2026-3828)
OS command injection in CVE-2026-3828 (CVE-2026-3828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42311 |
|
Vulnerability in pillow (CVE-2026-42311)
vulnerability in pillow (CVE-2026-42311). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `12.2.0` or later.
|
| CVE-2026-42461 |
|
Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-42461)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-42461). Confidential information can be exposed externally. Exploitable via `GET /api/templates`. Mitigation: upgrade to `1.18.0` or later.
|
| CVE-2026-42296 |
|
Authorization Flaw in argo-workflows (CVE-2026-42296)
vulnerability in argo-workflows (CVE-2026-42296). Confidential information can be exposed externally. Exploitable via ``podSpecPatch``. Mitigation: upgrade to `3.7.14, 4.0.5` or later.
|
| CVE-2026-42297 |
|
Vulnerability in argo-workflows (CVE-2026-42297)
vulnerability in argo-workflows (CVE-2026-42297). Data can be tampered with by attackers. Exploitable via ``auth.CanI``. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-42301 |
|
Vulnerability in pyp2spec (CVE-2026-42301)
vulnerability in pyp2spec (CVE-2026-42301). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2026-42294 |
|
Vulnerability in argo-workflows (CVE-2026-42294)
vulnerability in argo-workflows (CVE-2026-42294). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/events/some-namespace`. Mitigation: upgrade to `3.7.14, 4.0.5` or later.
|
| CVE-2026-41163 |
|
Privilege Escalation in CVE-2026-41163 (CVE-2026-41163)
vulnerability in CVE-2026-41163 (CVE-2026-41163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41311 |
|
Vulnerability in liquidjs (CVE-2026-41311)
vulnerability in liquidjs (CVE-2026-41311). Risk of unauthorized operations or information disclosure. Exploitable via ``getBlockRender``. Mitigation: upgrade to `10.25.7` or later.
|
| CVE-2026-6665 |
|
Vulnerability in pgbouncer (CVE-2026-6665)
vulnerability in pgbouncer (CVE-2026-6665). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.2` or later.
|
| CVE-2026-41705 |
|
Vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705)
vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705). Confidential information can be exposed externally. Mitigation: upgrade to `1.1.6` or later.
|
| CVE-2026-6664 |
|
Vulnerability in pgbouncer (CVE-2026-6664)
vulnerability in pgbouncer (CVE-2026-6664). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.2` or later.
|
| CVE-2026-44966 |
|
Vulnerability in velocityjs (CVE-2026-44966)
vulnerability in velocityjs (CVE-2026-44966). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44983 |
|
Vulnerability in smallbitvec (CVE-2026-44983)
vulnerability in smallbitvec (CVE-2026-44983). Risk of unauthorized operations or information disclosure. Exploitable via ``smallbitvec``.
|
| CVE-2026-44900 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
|
| CVE-2026-42556 |
|
Cross-Site Scripting (XSS) in gitroom (CVE-2026-42556)
cross-site scripting in gitroom (CVE-2026-42556). Confidential information can be exposed externally.
|
| CVE-2026-42351 |
|
Path Traversal in pygeoapi (CVE-2026-42351)
path traversal in pygeoapi (CVE-2026-42351). Confidential information can be exposed externally. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42352 |
|
SSRF (Server-Side Request Forgery) in pygeoapi (CVE-2026-42352)
SSRF in pygeoapi (CVE-2026-42352). Confidential information can be exposed externally. Exploitable via ``subscriber``. Mitigation: upgrade to `0.23.3` or later.
|
| CVE-2026-42452 |
|
Vulnerability in CVE-2026-42452 (CVE-2026-42452)
vulnerability in CVE-2026-42452 (CVE-2026-42452). Confidential information can be exposed externally.
|
| CVE-2026-42345 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-42345 (CVE-2026-42345)
SSRF in CVE-2026-42345 (CVE-2026-42345). Confidential information can be exposed externally.
|
| CVE-2026-42339 |
|
SSRF (Server-Side Request Forgery) in github.com/QuantumNous/new-api (CVE-2026-42339)
SSRF in github.com/QuantumNous/new-api (CVE-2026-42339). Data can be tampered with by attackers. Exploitable via `POST /v1/chat/completions`. Mitigation: upgrade to `0.9.0.5` or later.
|
| CVE-2026-41432 |
|
Vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432)
vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432). Data can be tampered with by attackers. Exploitable via `POST /api/user/pay`. Mitigation: upgrade to `0.12.10` or later.
|
| CVE-2026-41520 |
|
Information Disclosure in cilium (CVE-2026-41520)
vulnerability in cilium (CVE-2026-41520). Confidential information can be exposed externally. Mitigation: upgrade to `1.17.15, 1.18.9, 1.19.3` or later.
|
| CVE-2026-42224 |
|
Cross-Site Scripting (XSS) in ipl/web (CVE-2026-42224)
cross-site scripting in ipl/web (CVE-2026-42224). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.10.3` or later.
|
| CVE-2026-44843 |
|
Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
|
| CVE-2026-44328 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44328)
vulnerability in github.com/free5gc/smf (CVE-2026-44328). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /upi/v1/upNodesLinks/{upNodeRef}`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44325 |
|
Vulnerability in github.com/free5gc/nrf (CVE-2026-44325)
vulnerability in github.com/free5gc/nrf (CVE-2026-44325). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44322 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44322)
vulnerability in github.com/free5gc/nef (CVE-2026-44322). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}`. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-44321 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44321)
vulnerability in github.com/free5gc/smf (CVE-2026-44321). Risk of unauthorized operations or information disclosure. Exploitable via `POST /upi/v1/upNodesLinks`.
|