Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-36960 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36960)
vulnerability in csrf (CVE-2026-36960). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14576 |
|
Vulnerability in dos (CVE-2025-14576)
vulnerability in dos (CVE-2025-14576). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36959 |
|
Vulnerability in u-speed (CVE-2026-36959)
vulnerability in u-speed (CVE-2026-36959). Confidential information can be exposed externally.
|
| CVE-2026-36956 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-36956)
vulnerability in csrf (CVE-2026-36956). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36957 |
|
Vulnerability in dos (CVE-2026-36957)
vulnerability in dos (CVE-2026-36957). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36958 |
|
Vulnerability in u-speed (CVE-2026-36958)
vulnerability in u-speed (CVE-2026-36958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7246 |
|
Command Injection in palletsprojects (CVE-2026-7246)
command injection in palletsprojects (CVE-2026-7246). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7399 |
|
Vulnerability in CVE-2026-7399 (CVE-2026-7399)
vulnerability in CVE-2026-7399 (CVE-2026-7399). Confidential information can be exposed externally.
|
| CVE-2026-7402 |
|
Vulnerability in CVE-2026-7402 (CVE-2026-7402)
vulnerability in CVE-2026-7402 (CVE-2026-7402). Data can be tampered with by attackers.
|
| CVE-2024-13971 |
|
XXE (XML External Entity) in lobster-world (CVE-2024-13971)
vulnerability in lobster-world (CVE-2024-13971). Confidential information can be exposed externally.
|
| CVE-2026-5402 |
|
Vulnerability in dos (CVE-2026-5402)
vulnerability in dos (CVE-2026-5402). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7270 |
|
Vulnerability in freebsd (CVE-2026-7270)
vulnerability in freebsd (CVE-2026-7270). Successful exploitation can lead to full system takeover.
|
| CVE-2024-39847 |
|
XXE (XML External Entity) in 4d (CVE-2024-39847)
vulnerability in 4d (CVE-2024-39847). Confidential information can be exposed externally.
|
| CVE-2026-41940 KEV |
|
[KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-44015 |
|
SSRF (Server-Side Request Forgery) in github.com/0xJacky/Nginx-UI (CVE-2026-44015)
SSRF in github.com/0xJacky/Nginx-UI (CVE-2026-44015). Confidential information can be exposed externally. Exploitable via `GET /api/settings`.
|
| CVE-2018-25304 |
|
Vulnerability in CVE-2018-25304 (CVE-2018-25304)
vulnerability in CVE-2018-25304 (CVE-2018-25304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37555 |
|
Vulnerability in dos (CVE-2026-37555)
vulnerability in dos (CVE-2026-37555). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6849 |
|
Improper neutralization of special elements used in an OS command ('OS command injection')...
Improper neutralization of special elements used in an OS command ('OS command injection')...
|
| CVE-2026-42198 |
|
Vulnerability in dos (CVE-2026-42198)
vulnerability in dos (CVE-2026-42198). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7111 |
|
Use-After-Free in hmbrand (CVE-2026-7111)
vulnerability in hmbrand (CVE-2026-7111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5161 |
|
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
|
| CVE-2026-5141 |
|
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment...
|
| CVE-2026-41952 |
|
Vulnerability in privilege-escalation (CVE-2026-41952)
vulnerability in privilege-escalation (CVE-2026-41952). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41220 |
|
Out-of-Bounds Write in privilege-escalation (CVE-2026-41220)
out-of-bounds write in privilege-escalation (CVE-2026-41220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5140 |
|
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
|
| CVE-2026-42167 |
|
SQL Injection in proftpd (CVE-2026-42167)
SQL injection in proftpd (CVE-2026-42167). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42432 |
|
Vulnerability in openclaw (CVE-2026-42432)
vulnerability in openclaw (CVE-2026-42432). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.8` or later.
|
| CVE-2026-42429 |
|
Privilege Escalation in openclaw (CVE-2026-42429)
vulnerability in openclaw (CVE-2026-42429). Data can be tampered with by attackers. Exploitable via ``operator.read``. Mitigation: upgrade to `2026.4.8` or later.
|
| CVE-2026-38949 |
|
Cross-Site Scripting (XSS) in CVE-2026-38949 (CVE-2026-38949)
cross-site scripting in CVE-2026-38949 (CVE-2026-38949). Confidential information can be exposed externally.
|
| CVE-2026-38651 |
|
Vulnerability in netmaker (CVE-2026-38651)
vulnerability in netmaker (CVE-2026-38651). Confidential information can be exposed externally.
|
| CVE-2026-7323 |
|
Buffer Overflow in mozilla (CVE-2026-7323)
vulnerability in mozilla (CVE-2026-7323). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7324 |
|
Buffer Overflow in mozilla (CVE-2026-7324)
vulnerability in mozilla (CVE-2026-7324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7322 |
|
Buffer Overflow in mozilla (CVE-2026-7322)
vulnerability in mozilla (CVE-2026-7322). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7320 |
|
Buffer Overflow in mozilla (CVE-2026-7320)
vulnerability in mozilla (CVE-2026-7320). Confidential information can be exposed externally.
|
| CVE-2026-5944 |
|
Vulnerability in cisco (CVE-2026-5944)
vulnerability in cisco (CVE-2026-5944). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5781 |
|
Vulnerability in agilonhealth (CVE-2026-5781)
vulnerability in agilonhealth (CVE-2026-5781). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41605 |
|
Vulnerability in apache (CVE-2026-41605)
vulnerability in apache (CVE-2026-41605). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41604 |
|
Out-of-Bounds Read in apache (CVE-2026-41604)
vulnerability in apache (CVE-2026-41604). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41603 |
|
Vulnerability in apache (CVE-2026-41603)
vulnerability in apache (CVE-2026-41603). Confidential information can be exposed externally.
|
| CVE-2025-48431 |
|
Vulnerability in apache (CVE-2025-48431)
vulnerability in apache (CVE-2025-48431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3323 |
|
Vulnerability in vega (CVE-2026-3323)
vulnerability in vega (CVE-2026-3323). Confidential information can be exposed externally.
|
| CVE-2026-41602 |
|
Vulnerability in apache (CVE-2026-41602)
vulnerability in apache (CVE-2026-41602). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-54013 |
|
Vulnerability in hanwhavision (CVE-2024-54013)
vulnerability in hanwhavision (CVE-2024-54013). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1460 |
|
OS Command Injection in zyxel (CVE-2026-1460)
OS command injection in zyxel (CVE-2026-1460). Successful exploitation can lead to full system takeover.
|
| CVE-2024-1708 KEV |
|
[KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-3087 |
|
Path Traversal in libpython (CVE-2026-3087)
path traversal in libpython (CVE-2026-3087). Data can be tampered with by attackers. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-31686 |
|
Vulnerability in linux (CVE-2026-31686)
vulnerability in linux (CVE-2026-31686). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38934 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-38934 (CVE-2026-38934)
vulnerability in CVE-2026-38934 (CVE-2026-38934). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40022 |
|
Vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022)
vulnerability in org.apache.camel:camel-platform-http-main (CVE-2026-40022). Confidential information can be exposed externally. Mitigation: upgrade to `4.20.0` or later.
|
| CVE-2026-27172 |
|
Unsafe Deserialization in apache (CVE-2026-27172)
vulnerability in apache (CVE-2026-27172). Successful exploitation can lead to full system takeover.
|