Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44320 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44320)
vulnerability in github.com/free5gc/nef (CVE-2026-44320). Risk of unauthorized operations or information disclosure. Exploitable via ``NotifId``.
|
| CVE-2026-44319 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44319)
vulnerability in github.com/free5gc/nef (CVE-2026-44319). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.2.3` or later.
|
| CVE-2026-44316 |
|
Vulnerability in github.com/free5gc/pcf (CVE-2026-44316)
vulnerability in github.com/free5gc/pcf (CVE-2026-44316). Risk of unauthorized operations or information disclosure. Exploitable via `POST /npcf-smpolicycontrol/v1/sm-policies`. Mitigation: upgrade to `1.4.2` or later.
|
| CVE-2026-44566 |
|
Path Traversal in open-webui (CVE-2026-44566)
path traversal in open-webui (CVE-2026-44566). Risk of unauthorized operations or information disclosure. Exploitable via ``file``. Mitigation: upgrade to `0.1.124` or later.
|
| CVE-2026-44567 |
|
Vulnerability in open-webui (CVE-2026-44567)
vulnerability in open-webui (CVE-2026-44567). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/auths/signup`. Mitigation: upgrade to `0.1.124` or later.
|
| CVE-2026-44549 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44549)
cross-site scripting in open-webui (CVE-2026-44549). Confidential information can be exposed externally. Exploitable via ``XLSX.utils.sheet_to_html``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-44832 |
|
Vulnerability in snipe/snipe-it (CVE-2026-44832)
vulnerability in snipe/snipe-it (CVE-2026-44832). Successful exploitation can lead to full system takeover. Exploitable via ``users.edit``. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-42205 |
|
Vulnerability in avo (CVE-2026-42205)
vulnerability in avo (CVE-2026-42205). Successful exploitation can lead to full system takeover. Exploitable via `POST /admin/resources/posts/actions`. Mitigation: upgrade to `3.31.2` or later.
|
| CVE-2026-41486 |
|
Code Injection in ray (CVE-2026-41486)
code injection in ray (CVE-2026-41486). Successful exploitation can lead to full system takeover. Exploitable via ``ray.data.arrow_tensor``. Mitigation: upgrade to `2.55.0` or later.
|
| CVE-2026-44400 |
|
Vulnerability in mailenable (CVE-2026-44400)
vulnerability in mailenable (CVE-2026-44400). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44209 |
|
Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
|
| CVE-2026-44728 |
|
Vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728)
vulnerability in @babel/plugin-transform-modules-systemjs (CVE-2026-44728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.0-alpha.13` or later.
|
| CVE-2026-7807 |
|
Path Traversal in smartertools (CVE-2026-7807)
path traversal in smartertools (CVE-2026-7807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42189 |
|
Vulnerability in russh (CVE-2026-42189)
vulnerability in russh (CVE-2026-42189). Risk of unauthorized operations or information disclosure. Exploitable via ``read_userauth_info_response``. Mitigation: upgrade to `0.60.1` or later.
|
| CVE-2026-44554 |
|
Vulnerability in open-webui (CVE-2026-44554)
vulnerability in open-webui (CVE-2026-44554). Data can be tampered with by attackers. Exploitable via `POST /api/v1/retrieval/process/web`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44556 |
|
Vulnerability in open-webui (CVE-2026-44556)
vulnerability in open-webui (CVE-2026-44556). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44555 |
|
Vulnerability in open-webui (CVE-2026-44555)
vulnerability in open-webui (CVE-2026-44555). Confidential information can be exposed externally. Exploitable via `POST /api/v1/models/create`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44552 |
|
Vulnerability in open-webui (CVE-2026-44552)
vulnerability in open-webui (CVE-2026-44552). Confidential information can be exposed externally. Exploitable via ``REDIS_KEY_PREFIX``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44553 |
|
Vulnerability in open-webui (CVE-2026-44553)
vulnerability in open-webui (CVE-2026-44553). Confidential information can be exposed externally. Exploitable via `POST /api/v1/users/{B_id}/update`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44680 |
|
SQL Injection in @mikro-orm/sql (CVE-2026-44680)
SQL injection in @mikro-orm/sql (CVE-2026-44680). Confidential information can be exposed externally. Exploitable via ``Platform.quoteIdentifier``. Mitigation: upgrade to `7.0.14` or later.
|
| CVE-2026-8178 |
|
Vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178)
vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.2` or later.
|
| CVE-2026-29202 |
|
Code Injection in CVE-2026-29202 (CVE-2026-29202)
code injection in CVE-2026-29202 (CVE-2026-29202). Successful exploitation can lead to full system takeover. Exploitable via ``plugin``.
|
| CVE-2026-29203 |
|
Vulnerability in privilege-escalation (CVE-2026-29203)
vulnerability in privilege-escalation (CVE-2026-29203). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29201 |
|
Vulnerability in CVE-2026-29201 (CVE-2026-29201)
vulnerability in CVE-2026-29201 (CVE-2026-29201). Confidential information can be exposed externally.
|
| CVE-2026-6322 |
|
Vulnerability in fast-uri (CVE-2026-6322)
vulnerability in fast-uri (CVE-2026-6322). Data can be tampered with by attackers. Exploitable via ``evil.com``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-44721 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-6659 |
|
Vulnerability in CVE-2026-6659 (CVE-2026-6659)
vulnerability in CVE-2026-6659 (CVE-2026-6659). Confidential information can be exposed externally.
|
| CVE-2026-44714 |
|
Vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714)
vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714). Data can be tampered with by attackers. Exploitable via ``P2PKH``. Mitigation: upgrade to `0.17.1` or later.
|
| CVE-2026-6321 |
|
Path Traversal in fast-uri (CVE-2026-6321)
path traversal in fast-uri (CVE-2026-6321). Data can be tampered with by attackers. Mitigation: upgrade to `3.1.1` or later.
|
| CVE-2026-7768 |
|
Vulnerability in @fastify/accepts-serializer (CVE-2026-7768)
vulnerability in @fastify/accepts-serializer (CVE-2026-7768). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `6.0.4` or later.
|
| CVE-2026-44671 |
|
Vulnerability in github.com/zitadel/zitadel (CVE-2026-44671)
vulnerability in github.com/zitadel/zitadel (CVE-2026-44671). Confidential information can be exposed externally. Mitigation: upgrade to `3.4.10` or later.
|
| CVE-2026-41886 |
|
Vulnerability in locize (CVE-2026-41886)
vulnerability in locize (CVE-2026-41886). Data can be tampered with by attackers. Exploitable via ``locize``. Mitigation: upgrade to `4.0.21` or later.
|
| CVE-2026-42353 |
|
Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41683 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41690 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41693 |
|
Path Traversal in i18next-fs-backend (CVE-2026-41693)
path traversal in i18next-fs-backend (CVE-2026-41693). Confidential information can be exposed externally. Exploitable via ``lng``. Mitigation: upgrade to `2.6.4` or later.
|
| CVE-2026-41883 |
|
Vulnerability in org.omnifaces:omnifaces (CVE-2026-41883)
vulnerability in org.omnifaces:omnifaces (CVE-2026-41883). Successful exploitation can lead to full system takeover. Exploitable via ``CDNResourceHandler``. Mitigation: upgrade to `5.2.3` or later.
|
| CVE-2026-29974 |
|
Vulnerability in CVE-2026-29974 (CVE-2026-29974)
vulnerability in CVE-2026-29974 (CVE-2026-29974). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29975 |
|
Vulnerability in c (CVE-2026-29975)
vulnerability in c (CVE-2026-29975). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34354 |
|
Vulnerability in privilege-escalation (CVE-2026-34354)
vulnerability in privilege-escalation (CVE-2026-34354). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29972 |
|
Vulnerability in c (CVE-2026-29972)
vulnerability in c (CVE-2026-29972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44498 |
|
Vulnerability in zebrad (CVE-2026-44498)
vulnerability in zebrad (CVE-2026-44498). Data can be tampered with by attackers. Exploitable via ``MAX_BLOCK_SIGOPS``. Mitigation: upgrade to `4.4.0` or later.
|
| CVE-2026-43462 |
|
Vulnerability in linux (CVE-2026-43462)
vulnerability in linux (CVE-2026-43462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43464 |
|
Vulnerability in linux (CVE-2026-43464)
vulnerability in linux (CVE-2026-43464). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43466 |
|
Vulnerability in c (CVE-2026-43466)
vulnerability in c (CVE-2026-43466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43469 |
|
Vulnerability in linux (CVE-2026-43469)
vulnerability in linux (CVE-2026-43469). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43453 |
|
Out-of-Bounds Read in linux (CVE-2026-43453)
vulnerability in linux (CVE-2026-43453). Confidential information can be exposed externally.
|
| CVE-2026-43454 |
|
Vulnerability in linux (CVE-2026-43454)
vulnerability in linux (CVE-2026-43454). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43456 |
|
Vulnerability in c (CVE-2026-43456)
vulnerability in c (CVE-2026-43456). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43458 |
|
Use-After-Free in linux (CVE-2026-43458)
vulnerability in linux (CVE-2026-43458). Successful exploitation can lead to full system takeover.
|