Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-44320 Vulnerability in github.com/free5gc/nef (CVE-2026-44320)
vulnerability in github.com/free5gc/nef (CVE-2026-44320). Risk of unauthorized operations or information disclosure. Exploitable via ``NotifId``.
CVE-2026-44319 Vulnerability in github.com/free5gc/nef (CVE-2026-44319)
vulnerability in github.com/free5gc/nef (CVE-2026-44319). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.2.3` or later.
CVE-2026-44316 Vulnerability in github.com/free5gc/pcf (CVE-2026-44316)
vulnerability in github.com/free5gc/pcf (CVE-2026-44316). Risk of unauthorized operations or information disclosure. Exploitable via `POST /npcf-smpolicycontrol/v1/sm-policies`. Mitigation: upgrade to `1.4.2` or later.
CVE-2026-44566 Path Traversal in open-webui (CVE-2026-44566)
path traversal in open-webui (CVE-2026-44566). Risk of unauthorized operations or information disclosure. Exploitable via ``file``. Mitigation: upgrade to `0.1.124` or later.
CVE-2026-44567 Vulnerability in open-webui (CVE-2026-44567)
vulnerability in open-webui (CVE-2026-44567). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/auths/signup`. Mitigation: upgrade to `0.1.124` or later.
CVE-2026-44549 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
cross-site scripting in open-webui (CVE-2026-44549). Confidential information can be exposed externally. Exploitable via ``XLSX.utils.sheet_to_html``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-44832 Vulnerability in snipe/snipe-it (CVE-2026-44832)
vulnerability in snipe/snipe-it (CVE-2026-44832). Successful exploitation can lead to full system takeover. Exploitable via ``users.edit``. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-42205 Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
CVE-2026-41486 Code Injection in ray (CVE-2026-41486)
code injection in ray (CVE-2026-41486). Successful exploitation can lead to full system takeover. Exploitable via ``ray.data.arrow_tensor``. Mitigation: upgrade to `2.55.0` or later.
CVE-2026-44400 Vulnerability in mailenable (CVE-2026-44400)
vulnerability in mailenable (CVE-2026-44400). Successful exploitation can lead to full system takeover.
CVE-2026-44209 Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
CVE-2026-44728 Vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728)
vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.0-alpha.13` or later.
CVE-2026-7807 Path Traversal in smartertools (CVE-2026-7807)
path traversal in smartertools (CVE-2026-7807). Successful exploitation can lead to full system takeover.
CVE-2026-42189 Vulnerability in russh (CVE-2026-42189)
vulnerability in russh (CVE-2026-42189). Risk of unauthorized operations or information disclosure. Exploitable via ``read_userauth_info_response``. Mitigation: upgrade to `0.60.1` or later.
CVE-2026-44554 Vulnerability in open-webui (CVE-2026-44554)
vulnerability in open-webui (CVE-2026-44554). Data can be tampered with by attackers. Exploitable via `POST /api/v1/retrieval/process/web`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44556 Vulnerability in open-webui (CVE-2026-44556)
vulnerability in open-webui (CVE-2026-44556). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44555 Vulnerability in open-webui (CVE-2026-44555)
vulnerability in open-webui (CVE-2026-44555). Confidential information can be exposed externally. Exploitable via `POST /api/v1/models/create`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44552 Vulnerability in open-webui (CVE-2026-44552)
vulnerability in open-webui (CVE-2026-44552). Confidential information can be exposed externally. Exploitable via ``REDIS_KEY_PREFIX``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44553 Vulnerability in open-webui (CVE-2026-44553)
vulnerability in open-webui (CVE-2026-44553). Confidential information can be exposed externally. Exploitable via `POST /api/v1/users/{B_id}/update`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44680 SQL Injection in @mikro-orm/sql (CVE-2026-44680)
SQL injection in @mikro-orm/sql (CVE-2026-44680). Confidential information can be exposed externally. Exploitable via ``Platform.quoteIdentifier``. Mitigation: upgrade to `7.0.14` or later.
CVE-2026-8178 Vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178)
vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.2` or later.
CVE-2026-29202 Code Injection in CVE-2026-29202 (CVE-2026-29202)
code injection in CVE-2026-29202 (CVE-2026-29202). Successful exploitation can lead to full system takeover. Exploitable via ``plugin``.
CVE-2026-29203 Vulnerability in privilege-escalation (CVE-2026-29203)
vulnerability in privilege-escalation (CVE-2026-29203). Successful exploitation can lead to full system takeover.
CVE-2026-29201 Vulnerability in CVE-2026-29201 (CVE-2026-29201)
vulnerability in CVE-2026-29201 (CVE-2026-29201). Confidential information can be exposed externally.
CVE-2026-6322 Vulnerability in fast-uri (CVE-2026-6322)
vulnerability in fast-uri (CVE-2026-6322). Data can be tampered with by attackers. Exploitable via ``evil.com``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-44721 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-6659 Vulnerability in CVE-2026-6659 (CVE-2026-6659)
vulnerability in CVE-2026-6659 (CVE-2026-6659). Confidential information can be exposed externally.
CVE-2026-44714 Vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714)
vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714). Data can be tampered with by attackers. Exploitable via ``P2PKH``. Mitigation: upgrade to `0.17.1` or later.
CVE-2026-6321 Path Traversal in fast-uri (CVE-2026-6321)
path traversal in fast-uri (CVE-2026-6321). Data can be tampered with by attackers. Mitigation: upgrade to `3.1.1` or later.
CVE-2026-7768 Vulnerability in @fastify/accepts-serializer (CVE-2026-7768)
vulnerability in @fastify/accepts-serializer (CVE-2026-7768). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `6.0.4` or later.
CVE-2026-44671 Vulnerability in github.com/zitadel/zitadel (CVE-2026-44671)
vulnerability in github.com/zitadel/zitadel (CVE-2026-44671). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.10` or later.
CVE-2026-41886 Vulnerability in locize (CVE-2026-41886)
vulnerability in locize (CVE-2026-41886). Data can be tampered with by attackers. Exploitable via ``locize``. Mitigation: upgrade to `4.0.21` or later.
CVE-2026-42353 Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41683 Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41690 Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-41693 Path Traversal in i18next-fs-backend (CVE-2026-41693)
path traversal in i18next-fs-backend (CVE-2026-41693). Confidential information can be exposed externally. Exploitable via ``lng``. Mitigation: upgrade to `2.6.4` or later.
CVE-2026-41883 Vulnerability in org.omnifaces:omnifaces (CVE-2026-41883)
vulnerability in org.omnifaces:omnifaces (CVE-2026-41883). Successful exploitation can lead to full system takeover. Exploitable via ``CDNResourceHandler``. Mitigation: upgrade to `5.2.3` or later.
CVE-2026-29974 Vulnerability in CVE-2026-29974 (CVE-2026-29974)
vulnerability in CVE-2026-29974 (CVE-2026-29974). Risk of unauthorized operations or information disclosure.
CVE-2026-29975 Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
CVE-2026-34354 Vulnerability in privilege-escalation (CVE-2026-34354)
vulnerability in privilege-escalation (CVE-2026-34354). Successful exploitation can lead to full system takeover.
CVE-2026-29972 Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
CVE-2026-44498 Vulnerability in zebrad (CVE-2026-44498)
vulnerability in zebrad (CVE-2026-44498). Data can be tampered with by attackers. Exploitable via ``MAX_BLOCK_SIGOPS``. Mitigation: upgrade to `4.4.0` or later.
CVE-2026-43462 Vulnerability in linux (CVE-2026-43462)
vulnerability in linux (CVE-2026-43462). Risk of unauthorized operations or information disclosure.
CVE-2026-43464 Vulnerability in linux (CVE-2026-43464)
vulnerability in linux (CVE-2026-43464). Risk of unauthorized operations or information disclosure.
CVE-2026-43466 Vulnerability in c (CVE-2026-43466)
vulnerability in c (CVE-2026-43466). Risk of unauthorized operations or information disclosure.
CVE-2026-43469 Vulnerability in linux (CVE-2026-43469)
vulnerability in linux (CVE-2026-43469). Risk of unauthorized operations or information disclosure.
CVE-2026-43453 Out-of-Bounds Read in linux (CVE-2026-43453)
vulnerability in linux (CVE-2026-43453). Confidential information can be exposed externally.
CVE-2026-43454 Vulnerability in linux (CVE-2026-43454)
vulnerability in linux (CVE-2026-43454). Successful exploitation can lead to full system takeover.
CVE-2026-43456 Vulnerability in c (CVE-2026-43456)
vulnerability in c (CVE-2026-43456). Successful exploitation can lead to full system takeover.
CVE-2026-43458 Use-After-Free in linux (CVE-2026-43458)
vulnerability in linux (CVE-2026-43458). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →