Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-36960 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36960)
vulnerability in csrf (CVE-2026-36960). Successful exploitation can lead to full system takeover.
CVE-2025-14576 Vulnerability in dos (CVE-2025-14576)
vulnerability in dos (CVE-2025-14576). Successful exploitation can lead to full system takeover.
CVE-2026-36959 Vulnerability in u-speed (CVE-2026-36959)
vulnerability in u-speed (CVE-2026-36959). Confidential information can be exposed externally.
CVE-2026-36956 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36956)
vulnerability in csrf (CVE-2026-36956). Successful exploitation can lead to full system takeover.
CVE-2026-36957 Vulnerability in dos (CVE-2026-36957)
vulnerability in dos (CVE-2026-36957). Risk of unauthorized operations or information disclosure.
CVE-2026-36958 Vulnerability in u-speed (CVE-2026-36958)
vulnerability in u-speed (CVE-2026-36958). Risk of unauthorized operations or information disclosure.
CVE-2026-7246 Command Injection in palletsprojects (CVE-2026-7246)
command injection in palletsprojects (CVE-2026-7246). Successful exploitation can lead to full system takeover.
CVE-2026-7399 Vulnerability in CVE-2026-7399 (CVE-2026-7399)
vulnerability in CVE-2026-7399 (CVE-2026-7399). Confidential information can be exposed externally.
CVE-2026-7402 Vulnerability in CVE-2026-7402 (CVE-2026-7402)
vulnerability in CVE-2026-7402 (CVE-2026-7402). Data can be tampered with by attackers.
CVE-2024-13971 XXE (XML External Entity) in lobster-world (CVE-2024-13971)
vulnerability in lobster-world (CVE-2024-13971). Confidential information can be exposed externally.
CVE-2026-5402 Vulnerability in dos (CVE-2026-5402)
vulnerability in dos (CVE-2026-5402). Successful exploitation can lead to full system takeover.
CVE-2026-7270 Vulnerability in freebsd (CVE-2026-7270)
vulnerability in freebsd (CVE-2026-7270). Successful exploitation can lead to full system takeover.
CVE-2024-39847 XXE (XML External Entity) in 4d (CVE-2024-39847)
vulnerability in 4d (CVE-2024-39847). Confidential information can be exposed externally.
CVE-2026-41940 KEV [KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-44015 SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
CVE-2018-25304 Vulnerability in CVE-2018-25304 (CVE-2018-25304)
vulnerability in CVE-2018-25304 (CVE-2018-25304). Successful exploitation can lead to full system takeover.
CVE-2026-37555 Vulnerability in dos (CVE-2026-37555)
vulnerability in dos (CVE-2026-37555). Risk of unauthorized operations or information disclosure.
CVE-2026-6849 Improper neutralization of special elements used in an OS command ('OS command injection')...
Improper neutralization of special elements used in an OS command ('OS command injection')...
CVE-2026-42198 Vulnerability in dos (CVE-2026-42198)
vulnerability in dos (CVE-2026-42198). Risk of unauthorized operations or information disclosure.
CVE-2026-7111 Use-After-Free in hmbrand (CVE-2026-7111)
vulnerability in hmbrand (CVE-2026-7111). Successful exploitation can lead to full system takeover.
CVE-2026-5161 Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
CVE-2026-5141 Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
CVE-2026-41952 Vulnerability in privilege-escalation (CVE-2026-41952)
vulnerability in privilege-escalation (CVE-2026-41952). Successful exploitation can lead to full system takeover.
CVE-2026-41220 Out-of-Bounds Write in privilege-escalation (CVE-2026-41220)
out-of-bounds write in privilege-escalation (CVE-2026-41220). Successful exploitation can lead to full system takeover.
CVE-2026-5140 Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
CVE-2026-42167 SQL Injection in proftpd (CVE-2026-42167)
SQL injection in proftpd (CVE-2026-42167). Successful exploitation can lead to full system takeover.
CVE-2026-42432 Vulnerability in openclaw (CVE-2026-42432)
vulnerability in openclaw (CVE-2026-42432). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.8` or later.
CVE-2026-42429 Privilege Escalation in openclaw (CVE-2026-42429)
vulnerability in openclaw (CVE-2026-42429). Data can be tampered with by attackers. Exploitable via ``operator.read``. Mitigation: upgrade to `2026.4.8` or later.
CVE-2026-38949 Cross-Site Scripting (XSS) in CVE-2026-38949 (CVE-2026-38949)
cross-site scripting in CVE-2026-38949 (CVE-2026-38949). Confidential information can be exposed externally.
CVE-2026-38651 Vulnerability in netmaker (CVE-2026-38651)
vulnerability in netmaker (CVE-2026-38651). Confidential information can be exposed externally.
CVE-2026-7323 Buffer Overflow in mozilla (CVE-2026-7323)
vulnerability in mozilla (CVE-2026-7323). Risk of unauthorized operations or information disclosure.
CVE-2026-7324 Buffer Overflow in mozilla (CVE-2026-7324)
vulnerability in mozilla (CVE-2026-7324). Risk of unauthorized operations or information disclosure.
CVE-2026-7322 Buffer Overflow in mozilla (CVE-2026-7322)
vulnerability in mozilla (CVE-2026-7322). Risk of unauthorized operations or information disclosure.
CVE-2026-7320 Buffer Overflow in mozilla (CVE-2026-7320)
vulnerability in mozilla (CVE-2026-7320). Confidential information can be exposed externally.
CVE-2026-5944 Vulnerability in cisco (CVE-2026-5944)
vulnerability in cisco (CVE-2026-5944). Risk of unauthorized operations or information disclosure.
CVE-2026-5781 Vulnerability in agilonhealth (CVE-2026-5781)
vulnerability in agilonhealth (CVE-2026-5781). Successful exploitation can lead to full system takeover.
CVE-2026-41605 Vulnerability in apache (CVE-2026-41605)
vulnerability in apache (CVE-2026-41605). Risk of unauthorized operations or information disclosure.
CVE-2026-41604 Out-of-Bounds Read in apache (CVE-2026-41604)
vulnerability in apache (CVE-2026-41604). Risk of unauthorized operations or information disclosure.
CVE-2026-41603 Vulnerability in apache (CVE-2026-41603)
vulnerability in apache (CVE-2026-41603). Confidential information can be exposed externally.
CVE-2025-48431 Vulnerability in apache (CVE-2025-48431)
vulnerability in apache (CVE-2025-48431). Risk of unauthorized operations or information disclosure.
CVE-2026-3323 Vulnerability in vega (CVE-2026-3323)
vulnerability in vega (CVE-2026-3323). Confidential information can be exposed externally.
CVE-2026-41602 Vulnerability in apache (CVE-2026-41602)
vulnerability in apache (CVE-2026-41602). Risk of unauthorized operations or information disclosure.
CVE-2024-54013 Vulnerability in hanwhavision (CVE-2024-54013)
vulnerability in hanwhavision (CVE-2024-54013). Successful exploitation can lead to full system takeover.
CVE-2026-1460 OS Command Injection in zyxel (CVE-2026-1460)
OS command injection in zyxel (CVE-2026-1460). Successful exploitation can lead to full system takeover.
CVE-2024-1708 KEV [KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-3087 Path Traversal in libpython (CVE-2026-3087)
path traversal in libpython (CVE-2026-3087). Data can be tampered with by attackers. Mitigation: upgrade to `3.14.5` or later.
CVE-2026-31686 Vulnerability in linux (CVE-2026-31686)
vulnerability in linux (CVE-2026-31686). Successful exploitation can lead to full system takeover.
CVE-2026-38934 Cross-Site Request Forgery (CSRF) in CVE-2026-38934 (CVE-2026-38934)
vulnerability in CVE-2026-38934 (CVE-2026-38934). Successful exploitation can lead to full system takeover.
CVE-2026-40022 Vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022)
vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022). Confidential information can be exposed externally. Mitigation: upgrade to `4.20.0` or later.
CVE-2026-27172 Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →