Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-22016 |
|
Information Disclosure in c (CVE-2026-22016)
vulnerability in c (CVE-2026-22016). Confidential information can be exposed externally.
|
| CVE-2026-40895 |
|
Information Disclosure in follow-redirects-project (CVE-2026-40895)
vulnerability in follow-redirects-project (CVE-2026-40895). Confidential information can be exposed externally. Exploitable via `Cookie header`. Mitigation: upgrade to `1.16.0` or later.
|
| CVE-2025-70420 |
|
SQL Injection in sqli (CVE-2025-70420)
SQL injection in sqli (CVE-2025-70420). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40938 |
|
Vulnerability in github.com/tektoncd/pipeline (CVE-2026-40938)
vulnerability in github.com/tektoncd/pipeline (CVE-2026-40938). Successful exploitation can lead to full system takeover. Exploitable via ``revision``. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-33813 |
|
Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image
|
| CVE-2026-40161 |
|
Vulnerability in github.com/tektoncd/pipeline (CVE-2026-40161)
vulnerability in github.com/tektoncd/pipeline (CVE-2026-40161). Confidential information can be exposed externally. Exploitable via ``serverURL``. Mitigation: upgrade to `1.11.1` or later.
|
| CVE-2026-40611 |
|
Path Traversal in path-traversal (CVE-2026-40611)
path traversal in path-traversal (CVE-2026-40611). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.34.0` or later.
|
| CVE-2026-6784 |
|
Out-of-Bounds Read in mozilla (CVE-2026-6784)
vulnerability in mozilla (CVE-2026-6784). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6754 |
|
Use-After-Free in mozilla (CVE-2026-6754)
vulnerability in mozilla (CVE-2026-6754). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6752 |
|
Buffer Overflow in mozilla (CVE-2026-6752)
vulnerability in mozilla (CVE-2026-6752). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6753 |
|
Buffer Overflow in mozilla (CVE-2026-6753)
vulnerability in mozilla (CVE-2026-6753). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6750 |
|
Privilege Escalation in privilege-escalation (CVE-2026-6750)
vulnerability in privilege-escalation (CVE-2026-6750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6749 |
|
Vulnerability in mozilla (CVE-2026-6749)
vulnerability in mozilla (CVE-2026-6749). Confidential information can be exposed externally.
|
| CVE-2026-6746 |
|
Use-After-Free in mozilla (CVE-2026-6746)
vulnerability in mozilla (CVE-2026-6746). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6747 |
|
Use-After-Free in mozilla (CVE-2026-6747)
vulnerability in mozilla (CVE-2026-6747). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6751 |
|
Vulnerability in mozilla (CVE-2026-6751)
vulnerability in mozilla (CVE-2026-6751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31018 |
|
Code Injection in dolibarr (CVE-2026-31018)
code injection in dolibarr (CVE-2026-31018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31019 |
|
OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31368 |
|
Privilege Escalation in CVE-2026-31368 (CVE-2026-31368)
vulnerability in CVE-2026-31368 (CVE-2026-31368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40244 |
|
Vulnerability in openexr (CVE-2026-40244)
vulnerability in openexr (CVE-2026-40244). Data can be tampered with by attackers. Exploitable via ``int32``.
|
| CVE-2026-30266 |
|
Vulnerability in deepcool (CVE-2026-30266)
vulnerability in deepcool (CVE-2026-30266). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31430 |
|
Out-of-Bounds Read in linux (CVE-2026-31430)
vulnerability in linux (CVE-2026-31430). Confidential information can be exposed externally.
|
| CVE-2026-5966 |
|
Vulnerability in path-traversal (CVE-2026-5966)
vulnerability in path-traversal (CVE-2026-5966). Data can be tampered with by attackers.
|
| CVE-2026-39454 |
|
Vulnerability in skygroup (CVE-2026-39454)
vulnerability in skygroup (CVE-2026-39454). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5967 |
|
OS Command Injection in privilege-escalation (CVE-2026-5967)
OS command injection in privilege-escalation (CVE-2026-5967). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20122 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122)
vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20133 KEV |
|
[KEV] Information Disclosure in Cisco catalyst-sd-wan-manager (CVE-2026-20133)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2749 KEV |
|
[KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27351 KEV |
|
[KEV] Authentication Bypass in Papercut ngmf (CVE-2023-27351)
authentication bypass in Papercut ngmf (CVE-2023-27351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48700 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20128 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32975 KEV |
|
[KEV] Authentication Bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975)
authentication bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-27199 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40192 |
|
Vulnerability in pillow (CVE-2026-40192)
vulnerability in pillow (CVE-2026-40192). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.2.0` or later.
|
| CVE-2026-40323 |
|
Vulnerability in succinct (CVE-2026-40323)
vulnerability in succinct (CVE-2026-40323). Data can be tampered with by attackers.
|
| CVE-2026-40476 |
|
Vulnerability in webonyx/graphql-php (CVE-2026-40476)
vulnerability in webonyx/graphql-php (CVE-2026-40476). Risk of unauthorized operations or information disclosure. Exploitable via ``OverlappingFieldsCanBeMerged``. Mitigation: upgrade to `15.31.5` or later.
|
| CVE-2026-40527 |
|
OS Command Injection in radare (CVE-2026-40527)
OS command injection in radare (CVE-2026-40527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40066 |
|
Vulnerability in anviz (CVE-2026-40066)
vulnerability in anviz (CVE-2026-40066). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21733 |
|
Vulnerability in CVE-2026-21733 (CVE-2026-21733)
vulnerability in CVE-2026-21733 (CVE-2026-21733). Confidential information can be exposed externally.
|
| CVE-2026-40518 |
|
Path Traversal in path-traversal (CVE-2026-40518)
path traversal in path-traversal (CVE-2026-40518). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15623 |
|
Vulnerability in sparxsystems (CVE-2025-15623)
vulnerability in sparxsystems (CVE-2025-15623). Confidential information can be exposed externally.
|
| CVE-2025-15624 |
|
Vulnerability in sparxsystems (CVE-2025-15624)
vulnerability in sparxsystems (CVE-2025-15624). Confidential information can be exposed externally.
|
| CVE-2026-23853 |
|
Vulnerability in dell (CVE-2026-23853)
vulnerability in dell (CVE-2026-23853). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5807 |
|
Vulnerability in hashicorp (CVE-2026-5807)
vulnerability in hashicorp (CVE-2026-5807). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4525 |
|
Vulnerability in hashicorp (CVE-2026-4525)
vulnerability in hashicorp (CVE-2026-4525). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.0.0` or later.
|
| CVE-2026-3605 |
|
Vulnerability in hashicorp (CVE-2026-3605)
vulnerability in hashicorp (CVE-2026-3605). Data can be tampered with by attackers.
|
| CVE-2026-6100 |
|
Use-After-Free in python (CVE-2026-6100)
vulnerability in python (CVE-2026-6100). Successful exploitation can lead to full system takeover. Exploitable via ``lzma.LZMADecompressor``. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-4786 |
|
Command Injection in libpython (CVE-2026-4786)
command injection in libpython (CVE-2026-4786). Confidential information can be exposed externally. Mitigation: upgrade to `3.14.5` or later.
|
| CVE-2026-41113 |
|
OS Command Injection in c (CVE-2026-41113)
OS command injection in c (CVE-2026-41113). Successful exploitation can lead to full system takeover.
|