Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-40170 ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
CVE-2025-54502 Vulnerability in privilege-escalation (CVE-2025-54502)
vulnerability in privilege-escalation (CVE-2025-54502). Successful exploitation can lead to full system takeover.
CVE-2026-56270 Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-41205 Path Traversal in Mako (CVE-2026-41205)
path traversal in Mako (CVE-2026-41205). Confidential information can be exposed externally. Exploitable via ``Template.__init__``. Mitigation: upgrade to `1.3.11` or later.
CVE-2026-41082 Vulnerability in ocaml (CVE-2026-41082)
vulnerability in ocaml (CVE-2026-41082). Data can be tampered with by attackers.
CVE-2026-33804 Vulnerability in fastify (CVE-2026-33804)
vulnerability in fastify (CVE-2026-33804). Confidential information can be exposed externally.
CVE-2026-30459 Vulnerability in thedaylightstudio (CVE-2026-30459)
vulnerability in thedaylightstudio (CVE-2026-30459). Data can be tampered with by attackers.
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
CVE-2026-6351 Vulnerability in CVE-2026-6351 (CVE-2026-6351)
vulnerability in CVE-2026-6351 (CVE-2026-6351). Confidential information can be exposed externally.
CVE-2026-6348 Vulnerability in CVE-2026-6348 (CVE-2026-6348)
vulnerability in CVE-2026-6348 (CVE-2026-6348). Successful exploitation can lead to full system takeover.
CVE-2026-5363 Vulnerability in tp-link (CVE-2026-5363)
vulnerability in tp-link (CVE-2026-5363). Successful exploitation can lead to full system takeover.
CVE-2026-34197 KEV [KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
CVE-2026-6384 Vulnerability in dos (CVE-2026-6384)
vulnerability in dos (CVE-2026-6384). Successful exploitation can lead to full system takeover. Exploitable via ``ReadJeffsImage``.
CVE-2026-40176 Vulnerability in getcomposer (CVE-2026-40176)
vulnerability in getcomposer (CVE-2026-40176). Successful exploitation can lead to full system takeover.
CVE-2026-40261 Vulnerability in getcomposer (CVE-2026-40261)
vulnerability in getcomposer (CVE-2026-40261). Successful exploitation can lead to full system takeover.
CVE-2026-6361 Vulnerability in google (CVE-2026-6361)
vulnerability in google (CVE-2026-6361). Successful exploitation can lead to full system takeover.
CVE-2026-6363 Vulnerability in google (CVE-2026-6363)
vulnerability in google (CVE-2026-6363). Successful exploitation can lead to full system takeover.
CVE-2026-6360 Use-After-Free in google (CVE-2026-6360)
vulnerability in google (CVE-2026-6360). Successful exploitation can lead to full system takeover.
CVE-2026-6358 Use-After-Free in google (CVE-2026-6358)
vulnerability in google (CVE-2026-6358). Successful exploitation can lead to full system takeover.
CVE-2026-6319 Use-After-Free in google (CVE-2026-6319)
vulnerability in google (CVE-2026-6319). Successful exploitation can lead to full system takeover.
CVE-2026-6318 Use-After-Free in google (CVE-2026-6318)
vulnerability in google (CVE-2026-6318). Successful exploitation can lead to full system takeover.
CVE-2026-6315 Use-After-Free in google (CVE-2026-6315)
vulnerability in google (CVE-2026-6315). Successful exploitation can lead to full system takeover.
CVE-2026-6314 Out-of-Bounds Write in google (CVE-2026-6314)
out-of-bounds write in google (CVE-2026-6314). Successful exploitation can lead to full system takeover.
CVE-2026-6317 Use-After-Free in google (CVE-2026-6317)
vulnerability in google (CVE-2026-6317). Successful exploitation can lead to full system takeover.
CVE-2026-6316 Use-After-Free in google (CVE-2026-6316)
vulnerability in google (CVE-2026-6316). Successful exploitation can lead to full system takeover.
CVE-2026-6308 Out-of-Bounds Read in google (CVE-2026-6308)
vulnerability in google (CVE-2026-6308). Successful exploitation can lead to full system takeover.
CVE-2026-6309 Use-After-Free in google (CVE-2026-6309)
vulnerability in google (CVE-2026-6309). Successful exploitation can lead to full system takeover.
CVE-2026-6311 Vulnerability in google (CVE-2026-6311)
vulnerability in google (CVE-2026-6311). Successful exploitation can lead to full system takeover.
CVE-2026-6310 Use-After-Free in google (CVE-2026-6310)
vulnerability in google (CVE-2026-6310). Successful exploitation can lead to full system takeover.
CVE-2026-6304 Use-After-Free in google (CVE-2026-6304)
vulnerability in google (CVE-2026-6304). Successful exploitation can lead to full system takeover.
CVE-2026-6302 Use-After-Free in google (CVE-2026-6302)
vulnerability in google (CVE-2026-6302). Successful exploitation can lead to full system takeover.
CVE-2026-6301 Vulnerability in google (CVE-2026-6301)
vulnerability in google (CVE-2026-6301). Successful exploitation can lead to full system takeover.
CVE-2026-6306 Vulnerability in google (CVE-2026-6306)
vulnerability in google (CVE-2026-6306). Successful exploitation can lead to full system takeover.
CVE-2026-6305 Vulnerability in google (CVE-2026-6305)
vulnerability in google (CVE-2026-6305). Successful exploitation can lead to full system takeover.
CVE-2026-6303 Use-After-Free in google (CVE-2026-6303)
vulnerability in google (CVE-2026-6303). Successful exploitation can lead to full system takeover.
CVE-2026-6299 Use-After-Free in google (CVE-2026-6299)
vulnerability in google (CVE-2026-6299). Successful exploitation can lead to full system takeover.
CVE-2026-6300 Use-After-Free in google (CVE-2026-6300)
vulnerability in google (CVE-2026-6300). Successful exploitation can lead to full system takeover.
CVE-2026-34632 Vulnerability in adobe (CVE-2026-34632)
vulnerability in adobe (CVE-2026-34632). Successful exploitation can lead to full system takeover.
CVE-2026-30461 Command Injection in thedaylightstudio (CVE-2026-30461)
command injection in thedaylightstudio (CVE-2026-30461). Confidential information can be exposed externally.
CVE-2026-33805 Vulnerability in @fastify/reply-from (CVE-2026-33805)
vulnerability in @fastify/reply-from (CVE-2026-33805). Data can be tampered with by attackers. Exploitable via ``Connection``. Mitigation: upgrade to `12.6.2` or later.
CVE-2026-5588 Vulnerability in CVE-2026-5588 (CVE-2026-5588)
vulnerability in CVE-2026-5588 (CVE-2026-5588). Data can be tampered with by attackers.
CVE-2026-3505 Vulnerability in CVE-2026-3505 (CVE-2026-3505)
vulnerability in CVE-2026-3505 (CVE-2026-3505). Risk of unauthorized operations or information disclosure.
CVE-2026-5598 Vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598)
vulnerability in org.bouncycastle:bcprov-jdk15to18 (CVE-2026-5598). Confidential information can be exposed externally. Mitigation: upgrade to `1.80.2` or later.
CVE-2025-14813 Vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813)
vulnerability in org.bouncycastle:bcprov-jdk14 (CVE-2025-14813). Confidential information can be exposed externally. Exploitable via ``G3413CTRBlockCipher``. Mitigation: upgrade to `1.84` or later.
CVE-2025-40899 Cross-Site Scripting (XSS) in c (CVE-2025-40899)
cross-site scripting in c (CVE-2025-40899). Data can be tampered with by attackers.
CVE-2025-40897 Authorization Flaw in CVE-2025-40897 (CVE-2025-40897)
vulnerability in CVE-2025-40897 (CVE-2025-40897). Data can be tampered with by attackers.
CVE-2026-33806 Vulnerability in fastify (CVE-2026-33806)
vulnerability in fastify (CVE-2026-33806). Data can be tampered with by attackers.
CVE-2026-2332 Vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332)
vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332). Confidential information can be exposed externally. Exploitable via `GET /smuggled`.
CVE-2026-33414 OS Command Injection in podman-project (CVE-2026-33414)
OS command injection in podman-project (CVE-2026-33414). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →