Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40170 |
|
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
|
| CVE-2025-54502 |
|
Vulnerability in privilege-escalation (CVE-2025-54502)
vulnerability in privilege-escalation (CVE-2025-54502). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56270 |
|
Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-41205 |
|
Path Traversal in Mako (CVE-2026-41205)
path traversal in Mako (CVE-2026-41205). Confidential information can be exposed externally. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.11` or later.
|
| CVE-2026-41082 |
|
Vulnerability in ocaml (CVE-2026-41082)
vulnerability in ocaml (CVE-2026-41082). Data can be tampered with by attackers.
|
| CVE-2026-33804 |
|
Vulnerability in fastify (CVE-2026-33804)
vulnerability in fastify (CVE-2026-33804). Confidential information can be exposed externally.
|
| CVE-2026-30459 |
|
Vulnerability in thedaylightstudio (CVE-2026-30459)
vulnerability in thedaylightstudio (CVE-2026-30459). Data can be tampered with by attackers.
|
| CVE-2026-41035 |
|
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
|
| CVE-2026-6351 |
|
Vulnerability in CVE-2026-6351 (CVE-2026-6351)
vulnerability in CVE-2026-6351 (CVE-2026-6351). Confidential information can be exposed externally.
|
| CVE-2026-6348 |
|
Vulnerability in CVE-2026-6348 (CVE-2026-6348)
vulnerability in CVE-2026-6348 (CVE-2026-6348). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5363 |
|
Vulnerability in tp-link (CVE-2026-5363)
vulnerability in tp-link (CVE-2026-5363). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40316 |
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
|
| CVE-2026-6384 |
|
Vulnerability in dos (CVE-2026-6384)
vulnerability in dos (CVE-2026-6384). Successful exploitation can lead to full system takeover. Exploitable via ``ReadJeffsImage``.
|
| CVE-2026-40176 |
|
Vulnerability in getcomposer (CVE-2026-40176)
vulnerability in getcomposer (CVE-2026-40176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40261 |
|
Vulnerability in getcomposer (CVE-2026-40261)
vulnerability in getcomposer (CVE-2026-40261). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6361 |
|
Vulnerability in google (CVE-2026-6361)
vulnerability in google (CVE-2026-6361). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6363 |
|
Vulnerability in google (CVE-2026-6363)
vulnerability in google (CVE-2026-6363). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6360 |
|
Use-After-Free in google (CVE-2026-6360)
vulnerability in google (CVE-2026-6360). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6358 |
|
Use-After-Free in google (CVE-2026-6358)
vulnerability in google (CVE-2026-6358). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6319 |
|
Use-After-Free in google (CVE-2026-6319)
vulnerability in google (CVE-2026-6319). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6318 |
|
Use-After-Free in google (CVE-2026-6318)
vulnerability in google (CVE-2026-6318). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6315 |
|
Use-After-Free in google (CVE-2026-6315)
vulnerability in google (CVE-2026-6315). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6314 |
|
Out-of-Bounds Write in google (CVE-2026-6314)
out-of-bounds write in google (CVE-2026-6314). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6317 |
|
Use-After-Free in google (CVE-2026-6317)
vulnerability in google (CVE-2026-6317). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6316 |
|
Use-After-Free in google (CVE-2026-6316)
vulnerability in google (CVE-2026-6316). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6308 |
|
Out-of-Bounds Read in google (CVE-2026-6308)
vulnerability in google (CVE-2026-6308). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6309 |
|
Use-After-Free in google (CVE-2026-6309)
vulnerability in google (CVE-2026-6309). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6311 |
|
Vulnerability in google (CVE-2026-6311)
vulnerability in google (CVE-2026-6311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6310 |
|
Use-After-Free in google (CVE-2026-6310)
vulnerability in google (CVE-2026-6310). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6304 |
|
Use-After-Free in google (CVE-2026-6304)
vulnerability in google (CVE-2026-6304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6302 |
|
Use-After-Free in google (CVE-2026-6302)
vulnerability in google (CVE-2026-6302). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6301 |
|
Vulnerability in google (CVE-2026-6301)
vulnerability in google (CVE-2026-6301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6306 |
|
Vulnerability in google (CVE-2026-6306)
vulnerability in google (CVE-2026-6306). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6305 |
|
Vulnerability in google (CVE-2026-6305)
vulnerability in google (CVE-2026-6305). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6303 |
|
Use-After-Free in google (CVE-2026-6303)
vulnerability in google (CVE-2026-6303). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6299 |
|
Use-After-Free in google (CVE-2026-6299)
vulnerability in google (CVE-2026-6299). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6300 |
|
Use-After-Free in google (CVE-2026-6300)
vulnerability in google (CVE-2026-6300). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34632 |
|
Vulnerability in adobe (CVE-2026-34632)
vulnerability in adobe (CVE-2026-34632). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30461 |
|
Command Injection in thedaylightstudio (CVE-2026-30461)
command injection in thedaylightstudio (CVE-2026-30461). Confidential information can be exposed externally.
|
| CVE-2026-33805 |
|
Vulnerability in @fastify/reply-from (CVE-2026-33805)
vulnerability in @fastify/reply-from (CVE-2026-33805). Data can be tampered with by attackers. Exploitable via ``Connection``. Mitigation: upgrade to `12.6.2` or later.
|
| CVE-2026-5588 |
|
Vulnerability in CVE-2026-5588 (CVE-2026-5588)
vulnerability in CVE-2026-5588 (CVE-2026-5588). Data can be tampered with by attackers.
|
| CVE-2026-3505 |
|
Vulnerability in CVE-2026-3505 (CVE-2026-3505)
vulnerability in CVE-2026-3505 (CVE-2026-3505). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5598 |
|
Vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598)
vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598). Confidential information can be exposed externally. Mitigation: upgrade to `1.80.2` or later.
|
| CVE-2025-14813 |
|
Vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813)
vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813). Confidential information can be exposed externally. Exploitable via ``G3413CTRBlockCipher``. Mitigation: upgrade to `1.84` or later.
|
| CVE-2025-40899 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-40899)
cross-site scripting in c (CVE-2025-40899). Data can be tampered with by attackers.
|
| CVE-2025-40897 |
|
Authorization Flaw in CVE-2025-40897 (CVE-2025-40897)
vulnerability in CVE-2025-40897 (CVE-2025-40897). Data can be tampered with by attackers.
|
| CVE-2026-33806 |
|
Vulnerability in fastify (CVE-2026-33806)
vulnerability in fastify (CVE-2026-33806). Data can be tampered with by attackers.
|
| CVE-2026-2332 |
|
Vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332)
vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332). Confidential information can be exposed externally. Exploitable via `GET /smuggled`.
|
| CVE-2026-33414 |
|
OS Command Injection in podman-project (CVE-2026-33414)
OS command injection in podman-project (CVE-2026-33414). Successful exploitation can lead to full system takeover.
|