Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44658 |
|
Vulnerability in CVE-2026-44658 (CVE-2026-44658)
vulnerability in CVE-2026-44658 (CVE-2026-44658). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.12b` or later.
|
| DEBIAN-CVE-2026-43895 |
|
Vulnerability in jq (DEBIAN-CVE-2026-43895)
vulnerability in jq (DEBIAN-CVE-2026-43895). Risk of unauthorized operations or information disclosure.
|
| DEBIAN-CVE-2026-43894 |
|
Vulnerability in jq (DEBIAN-CVE-2026-43894)
vulnerability in jq (DEBIAN-CVE-2026-43894). Risk of unauthorized operations or information disclosure.
|
| DEBIAN-CVE-2026-43896 |
|
Vulnerability in jq (DEBIAN-CVE-2026-43896)
vulnerability in jq (DEBIAN-CVE-2026-43896). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44226 |
|
Vulnerability in pyload-ng (CVE-2026-44226)
vulnerability in pyload-ng (CVE-2026-44226). Risk of unauthorized operations or information disclosure. Exploitable via ``filename``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-43896 |
|
Vulnerability in jqlang (CVE-2026-43896)
vulnerability in jqlang (CVE-2026-43896). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43895 |
|
Vulnerability in c (CVE-2026-43895)
vulnerability in c (CVE-2026-43895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43894 |
|
Vulnerability in jqlang (CVE-2026-43894)
vulnerability in jqlang (CVE-2026-43894). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42865 |
|
Information Disclosure in CVE-2026-42865 (CVE-2026-42865)
vulnerability in CVE-2026-42865 (CVE-2026-42865). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.29.3` or later.
|
| CVE-2026-42860 |
|
SSRF (Server-Side Request Forgery) in edx-enterprise (CVE-2026-42860)
SSRF in edx-enterprise (CVE-2026-42860). Confidential information can be exposed externally. Exploitable via ``sync_provider_data``. Mitigation: upgrade to `7.0.5` or later.
|
| CVE-2026-42859 |
|
Vulnerability in c (CVE-2026-42859)
vulnerability in c (CVE-2026-42859). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-42858 |
|
SSRF (Server-Side Request Forgery) in openedx (CVE-2026-42858)
SSRF in openedx (CVE-2026-42858). Confidential information can be exposed externally.
|
| CVE-2026-42857 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-42857)
cross-site scripting in django (CVE-2026-42857). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42856 |
|
Vulnerability in network-ai (CVE-2026-42856)
vulnerability in network-ai (CVE-2026-42856). Risk of unauthorized operations or information disclosure. Exploitable via `GET /tools`. Mitigation: upgrade to `5.1.3` or later.
|
| CVE-2026-42316 |
|
Vulnerability in CVE-2026-42316 (CVE-2026-42316)
vulnerability in CVE-2026-42316 (CVE-2026-42316). Confidential information can be exposed externally. Mitigation: upgrade to `5.2.3` or later.
|
| CVE-2026-42315 |
|
Path Traversal in pyload-ng (CVE-2026-42315)
path traversal in pyload-ng (CVE-2026-42315). Data can be tampered with by attackers. Exploitable via ``Perms.MODIFY``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-42314 |
|
Path Traversal in pyload-ng (CVE-2026-42314)
path traversal in pyload-ng (CVE-2026-42314). Data can be tampered with by attackers. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| DEBIAN-CVE-2026-41257 |
|
Vulnerability in jq (DEBIAN-CVE-2026-41257)
vulnerability in jq (DEBIAN-CVE-2026-41257). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42313 |
|
Vulnerability in pyload-ng (CVE-2026-42313)
vulnerability in pyload-ng (CVE-2026-42313). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-42312 |
|
Vulnerability in pyload-ng (CVE-2026-42312)
vulnerability in pyload-ng (CVE-2026-42312). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-41431 |
|
Vulnerability in CVE-2026-41431 (CVE-2026-41431)
vulnerability in CVE-2026-41431 (CVE-2026-41431). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.19.9b` or later.
|
| CVE-2026-41257 |
|
Vulnerability in jqlang (CVE-2026-41257)
vulnerability in jqlang (CVE-2026-41257). Risk of unauthorized operations or information disclosure.
|
| DEBIAN-CVE-2026-41256 |
|
Vulnerability in jq (DEBIAN-CVE-2026-41256)
vulnerability in jq (DEBIAN-CVE-2026-41256). Data can be tampered with by attackers.
|
| DEBIAN-CVE-2026-40612 |
|
Vulnerability in jq (DEBIAN-CVE-2026-40612)
vulnerability in jq (DEBIAN-CVE-2026-40612). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41256 |
|
Vulnerability in jqlang (CVE-2026-41256)
vulnerability in jqlang (CVE-2026-41256). Data can be tampered with by attackers.
|
| CVE-2026-41250 |
|
Cross-Site Scripting (XSS) in CVE-2026-41250 (CVE-2026-41250)
cross-site scripting in CVE-2026-41250 (CVE-2026-41250). Confidential information can be exposed externally. Mitigation: upgrade to `6.9.1` or later.
|
| CVE-2026-40612 |
|
Vulnerability in c (CVE-2026-40612)
vulnerability in c (CVE-2026-40612). Risk of unauthorized operations or information disclosure.
|
| DEBIAN-CVE-2026-34095 |
|
Vulnerability in mediawiki (DEBIAN-CVE-2026-34095)
vulnerability in mediawiki (DEBIAN-CVE-2026-34095). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1:1.39.17-1+deb12u2` or later.
|
| DEBIAN-CVE-2026-34094 |
|
Vulnerability in mediawiki (DEBIAN-CVE-2026-34094)
vulnerability in mediawiki (DEBIAN-CVE-2026-34094). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1:1.43.8+dfsg-1~deb13u1` or later.
|
| DEBIAN-CVE-2026-34093 |
|
Vulnerability in mediawiki (DEBIAN-CVE-2026-34093)
vulnerability in mediawiki (DEBIAN-CVE-2026-34093). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1:1.39.17-1+deb12u2` or later.
|
| DEBIAN-CVE-2026-2291 |
|
Vulnerability in dnsmasq (DEBIAN-CVE-2026-2291)
vulnerability in dnsmasq (DEBIAN-CVE-2026-2291). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.90-4~deb12u2` or later.
|
| CVE-2026-33052 |
|
Vulnerability in mantisbt/mantisbt (CVE-2026-33052)
vulnerability in mantisbt/mantisbt (CVE-2026-33052). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-27478 |
|
Vulnerability in io.unitycatalog:unitycatalog-server (CVE-2026-27478)
vulnerability in io.unitycatalog:unitycatalog-server (CVE-2026-27478). Confidential information can be exposed externally. Exploitable via ``jwks``. Mitigation: upgrade to `0.4.1` or later.
|
| MAL-2026-3430 |
|
Vulnerability in cplace-bmw-emt-mvp (MAL-2026-3430)
vulnerability in cplace-bmw-emt-mvp (MAL-2026-3430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25244 |
|
OS Command Injection in @wdio/browserstack-service (CVE-2026-25244)
OS command injection in @wdio/browserstack-service (CVE-2026-25244). Successful exploitation can lead to full system takeover. Exploitable via ``source``. Mitigation: upgrade to `9.24.0` or later.
|
| GHSA-h29g-c9cx-c73q |
|
Unsafe Deserialization in torrentpier/torrentpier (GHSA-h29g-c9cx-c73q)
vulnerability in torrentpier/torrentpier (GHSA-h29g-c9cx-c73q). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.4` or later.
|
| MAL-2026-3429 |
|
Vulnerability in openai-spellchecker (MAL-2026-3429)
vulnerability in openai-spellchecker (MAL-2026-3429). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44738 |
|
Information Disclosure in getgrav/grav (CVE-2026-44738)
vulnerability in getgrav/grav (CVE-2026-44738). Confidential information can be exposed externally. Exploitable via ``admin.pages``. Mitigation: upgrade to `2.0.0-rc.2` or later.
|
| CVE-2026-42845 |
|
Vulnerability in getgrav/grav-plugin-form (CVE-2026-42845)
vulnerability in getgrav/grav-plugin-form (CVE-2026-42845). Risk of unauthorized operations or information disclosure. Exploitable via `GET /upload`. Mitigation: upgrade to `9.1.0` or later.
|
| CVE-2026-42843 |
|
Authorization Flaw in getgrav/grav-plugin-api (CVE-2026-42843)
vulnerability in getgrav/grav-plugin-api (CVE-2026-42843). Successful exploitation can lead to full system takeover. Exploitable via ``api.access``. Mitigation: upgrade to `1.0.0-beta.15` or later.
|
| CVE-2026-42842 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-42842)
cross-site scripting in getgrav/grav (CVE-2026-42842). Risk of unauthorized operations or information disclosure. Exploitable via ``on_events``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42603 |
|
Code Injection in CVE-2026-42603 (CVE-2026-42603)
code injection in CVE-2026-42603 (CVE-2026-42603). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.2` or later.
|
| CVE-2026-42349 |
|
Vulnerability in @clerk/shared (CVE-2026-42349)
vulnerability in @clerk/shared (CVE-2026-42349). Risk of unauthorized operations or information disclosure. Exploitable via ``clerkMiddleware``. Mitigation: upgrade to `4.8.3` or later.
|
| MAL-2026-3508 |
|
Vulnerability in crypto-javascri (MAL-2026-3508)
vulnerability in crypto-javascri (MAL-2026-3508). Risk of unauthorized operations or information disclosure.
|
| USN-8267-1 |
|
Vulnerability in linux-azure (USN-8267-1)
vulnerability in linux-azure (USN-8267-1). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.15.0-1200.215~16.04.1` or later.
|
| MAL-2026-3506 |
|
Vulnerability in @mimecast-ui/charts (MAL-2026-3506)
vulnerability in @mimecast-ui/charts (MAL-2026-3506). Risk of unauthorized operations or information disclosure.
|
| MAL-2026-3507 |
|
Vulnerability in @mimecast-ui/components (MAL-2026-3507)
vulnerability in @mimecast-ui/components (MAL-2026-3507). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45109 |
|
Vulnerability in next (CVE-2026-45109)
vulnerability in next (CVE-2026-45109). Confidential information can be exposed externally. Exploitable via ``middleware.ts``. Mitigation: upgrade to `16.2.6` or later.
|
| CVE-2026-44643 |
|
Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-45061 |
|
SSRF (Server-Side Request Forgery) in budibase (CVE-2026-45061)
SSRF in budibase (CVE-2026-45061). Confidential information can be exposed externally. Exploitable via `POST /api/plugin`. Mitigation: upgrade to `3.35.10` or later.
|