Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43332 |
|
Vulnerability in linux (CVE-2026-43332)
vulnerability in linux (CVE-2026-43332). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43329 |
|
Vulnerability in linux (CVE-2026-43329)
vulnerability in linux (CVE-2026-43329). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43330 |
|
Out-of-Bounds Write in linux (CVE-2026-43330)
out-of-bounds write in linux (CVE-2026-43330). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43328 |
|
Vulnerability in linux (CVE-2026-43328)
vulnerability in linux (CVE-2026-43328). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43324 |
|
Vulnerability in linux (CVE-2026-43324)
vulnerability in linux (CVE-2026-43324). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43321 |
|
Vulnerability in linux (CVE-2026-43321)
vulnerability in linux (CVE-2026-43321). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43322 |
|
Use-After-Free in c (CVE-2026-43322)
vulnerability in c (CVE-2026-43322). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43307 |
|
Vulnerability in linux (CVE-2026-43307)
vulnerability in linux (CVE-2026-43307). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43303 |
|
Use-After-Free in linux (CVE-2026-43303)
vulnerability in linux (CVE-2026-43303). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43290 |
|
Vulnerability in c (CVE-2026-43290)
vulnerability in c (CVE-2026-43290). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43291 |
|
Vulnerability in linux (CVE-2026-43291)
vulnerability in linux (CVE-2026-43291). Confidential information can be exposed externally.
|
| CVE-2026-43296 |
|
Vulnerability in linux (CVE-2026-43296)
vulnerability in linux (CVE-2026-43296). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41496 |
|
SQL Injection in praisonai (CVE-2026-41496)
SQL injection in praisonai (CVE-2026-41496). Confidential information can be exposed externally. Exploitable via ``SQLiteConversationStore``. Mitigation: upgrade to `4.5.149` or later.
|
| CVE-2026-41493 |
|
Path Traversal in yard (CVE-2026-41493)
path traversal in yard (CVE-2026-41493). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.42` or later.
|
| CVE-2026-41491 |
|
Path Traversal in github.com/dapr/dapr (CVE-2026-41491)
path traversal in github.com/dapr/dapr (CVE-2026-41491). Confidential information can be exposed externally. Exploitable via ``purell.NormalizeURLString``. Mitigation: upgrade to `1.15.14` or later.
|
| CVE-2026-39816 |
|
Vulnerability in nifi (CVE-2026-39816)
vulnerability in nifi (CVE-2026-39816). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.0` or later.
|
| CVE-2026-25077 |
|
Code Injection in apache (CVE-2026-25077)
code injection in apache (CVE-2026-25077). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66172 |
|
Vulnerability in apache (CVE-2025-66172)
vulnerability in apache (CVE-2025-66172). Confidential information can be exposed externally.
|
| CVE-2025-66467 |
|
Vulnerability in apache (CVE-2025-66467)
vulnerability in apache (CVE-2025-66467). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50994 |
|
OS Command Injection in CVE-2022-50994 (CVE-2022-50994)
OS command injection in CVE-2022-50994 (CVE-2022-50994). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13836 |
|
Vulnerability in python (CVE-2025-13836)
vulnerability in python (CVE-2025-13836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.10.20, 3.11.15, 3.12.13, 3.13.11, 3.14.1` or later.
|
| CVE-2026-7330 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330)
cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5127 |
|
Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32178 |
|
Vulnerability in dotnet (CVE-2026-32178)
vulnerability in dotnet (CVE-2026-32178). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2026-26171 |
|
Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2026-43284 |
|
Vulnerability in Google linux (CVE-2026-43284)
vulnerability in Google linux (CVE-2026-43284). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4935 |
|
SQL Injection in wordpress (CVE-2026-4935)
SQL injection in wordpress (CVE-2026-4935). Confidential information can be exposed externally.
|
| CVE-2025-55449 |
|
Vulnerability in astrbot (CVE-2025-55449)
vulnerability in astrbot (CVE-2025-55449). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.5.18` or later.
|
| CVE-2025-67888 |
|
OS Command Injection in CVE-2025-67888 (CVE-2025-67888)
OS command injection in CVE-2025-67888 (CVE-2025-67888). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-53326 |
|
Unsafe Deserialization in deserialization (CVE-2024-53326)
vulnerability in deserialization (CVE-2024-53326). Successful exploitation can lead to full system takeover.
|
| CVE-2024-46507 |
|
Code Injection in yeti-platform (CVE-2024-46507)
code injection in yeti-platform (CVE-2024-46507). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-46508 |
|
Vulnerability in yeti-platform (CVE-2024-46508)
vulnerability in yeti-platform (CVE-2024-46508). Confidential information can be exposed externally.
|
| CVE-2024-45257 |
|
Command Injection in CVE-2024-45257 (CVE-2024-45257)
command injection in CVE-2024-45257 (CVE-2024-45257). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-33288 |
|
SQL Injection in sqli (CVE-2024-33288)
SQL injection in sqli (CVE-2024-33288). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-27686 |
|
Vulnerability in dos (CVE-2024-27686)
vulnerability in dos (CVE-2024-27686). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8148 |
|
Vulnerability in navercorp (CVE-2026-8148)
vulnerability in navercorp (CVE-2026-8148). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8138 |
|
Buffer Overflow in tenda (CVE-2026-8138)
vulnerability in tenda (CVE-2026-8138). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8137 |
|
Buffer Overflow in CVE-2026-8137 (CVE-2026-8137)
vulnerability in CVE-2026-8137 (CVE-2026-8137). Successful exploitation can lead to full system takeover.
|
| CVE-2023-42346 |
|
Vulnerability in CVE-2023-42346 (CVE-2023-42346)
vulnerability in CVE-2023-42346 (CVE-2023-42346). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-42344 |
|
XXE (XML External Entity) in org.opencms:opencms-core (CVE-2023-42344)
vulnerability in org.opencms:opencms-core (CVE-2023-42344). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.5.1` or later.
|
| CVE-2022-26522 |
|
Vulnerability in dos (CVE-2022-26522)
vulnerability in dos (CVE-2022-26522). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8133 |
|
Vulnerability in sqli (CVE-2026-8133)
vulnerability in sqli (CVE-2026-8133). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8132 |
|
Vulnerability in sqli (CVE-2026-8132)
vulnerability in sqli (CVE-2026-8132). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8130 |
|
Vulnerability in sqli (CVE-2026-8130)
vulnerability in sqli (CVE-2026-8130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8129 |
|
Vulnerability in sqli (CVE-2026-8129)
vulnerability in sqli (CVE-2026-8129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8131 |
|
Vulnerability in sqli (CVE-2026-8131)
vulnerability in sqli (CVE-2026-8131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43943 |
|
OS Command Injection in electerm (CVE-2026-43943)
OS command injection in electerm (CVE-2026-43943). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.9` or later.
|
| CVE-2026-43940 |
|
Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
|
| CVE-2026-42275 |
|
Path Traversal in github.com/openziti/zrok (CVE-2026-42275)
path traversal in github.com/openziti/zrok (CVE-2026-42275). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.2` or later.
|
| CVE-2026-42271 KEV |
|
[KEV] Command Injection in Berriai litellm (CVE-2026-42271)
command injection in Berriai litellm (CVE-2026-42271). Successful exploitation can lead to full system takeover. Exploitable via `POST /mcp-rest/test/connection`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.83.7` or later.
|