Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-34971 |
|
Out-of-Bounds Read in bytecodealliance (CVE-2026-34971)
vulnerability in bytecodealliance (CVE-2026-34971). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `36.0.7` or later.
|
| CVE-2026-1584 |
|
Vulnerability in dos (CVE-2026-1584)
vulnerability in dos (CVE-2026-1584). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40072 |
|
SSRF (Server-Side Request Forgery) in web3 (CVE-2026-40072)
SSRF in web3 (CVE-2026-40072). Risk of unauthorized operations or information disclosure. Exploitable via ``OffchainLookup``. Mitigation: upgrade to `8.0.0b2` or later.
|
| CVE-2026-39983 |
|
Vulnerability in patrickjuchli (CVE-2026-39983)
vulnerability in patrickjuchli (CVE-2026-39983). Data can be tampered with by attackers. Mitigation: upgrade to `5.2.1` or later.
|
| CVE-2026-39981 |
|
Path Traversal in path-traversal (CVE-2026-39981)
path traversal in path-traversal (CVE-2026-39981). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-39976 |
|
Authentication Bypass in laravel (CVE-2026-39976)
authentication bypass in laravel (CVE-2026-39976). Confidential information can be exposed externally. Mitigation: upgrade to `13.7.1` or later.
|
| CVE-2026-35205 |
|
Vulnerability in helm (CVE-2026-35205)
vulnerability in helm (CVE-2026-35205). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2026-35204 |
|
Path Traversal in helm (CVE-2026-35204)
path traversal in helm (CVE-2026-35204). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.1.4` or later.
|
| CVE-2025-70364 |
|
Code Injection in CVE-2025-70364 (CVE-2025-70364)
code injection in CVE-2025-70364 (CVE-2025-70364). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4116 |
|
Vulnerability in sonicwall (CVE-2026-4116)
vulnerability in sonicwall (CVE-2026-4116). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4112 |
|
SQL Injection in sqli (CVE-2026-4112)
SQL injection in sqli (CVE-2026-4112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4113 |
|
Vulnerability in sonicwall (CVE-2026-4113)
vulnerability in sonicwall (CVE-2026-4113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4660 |
|
Information Disclosure in CVE-2026-4660 (CVE-2026-4660)
vulnerability in CVE-2026-4660 (CVE-2026-4660). Confidential information can be exposed externally.
|
| CVE-2026-5863 |
|
Vulnerability in google (CVE-2026-5863)
vulnerability in google (CVE-2026-5863). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5883 |
|
Use-After-Free in google (CVE-2026-5883)
vulnerability in google (CVE-2026-5883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5879 |
|
Vulnerability in google (CVE-2026-5879)
vulnerability in google (CVE-2026-5879). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5865 |
|
Vulnerability in google (CVE-2026-5865)
vulnerability in google (CVE-2026-5865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5860 |
|
Use-After-Free in google (CVE-2026-5860)
vulnerability in google (CVE-2026-5860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39883 |
|
Vulnerability in opentelemetry (CVE-2026-39883)
vulnerability in opentelemetry (CVE-2026-39883). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.43.0` or later.
|
| CVE-2026-23869 |
|
Vulnerability in react (CVE-2026-23869)
vulnerability in react (CVE-2026-23869). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32589 |
|
Vulnerability in redhat (CVE-2026-32589)
vulnerability in redhat (CVE-2026-32589). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32590 |
|
Unsafe Deserialization in redhat (CVE-2026-32590)
vulnerability in redhat (CVE-2026-32590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5795 |
|
Vulnerability in privilege-escalation (CVE-2026-5795)
vulnerability in privilege-escalation (CVE-2026-5795). Confidential information can be exposed externally.
|
| CVE-2026-35585 |
|
OS Command Injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-35585)
OS command injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-35585). Successful exploitation can lead to full system takeover. Exploitable via ``os.Expand``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-27140 |
|
Authorization Flaw in toolchain (CVE-2026-27140)
vulnerability in toolchain (CVE-2026-27140). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-32280 |
|
Vulnerability in stdlib (CVE-2026-32280)
vulnerability in stdlib (CVE-2026-32280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-32283 |
|
Vulnerability in stdlib (CVE-2026-32283)
vulnerability in stdlib (CVE-2026-32283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-33810 |
|
Vulnerability in stdlib (CVE-2026-33810)
vulnerability in stdlib (CVE-2026-33810). Confidential information can be exposed externally. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-34580 |
|
Vulnerability in c (CVE-2026-34580)
vulnerability in c (CVE-2026-34580). Data can be tampered with by attackers. Mitigation: upgrade to `3.11.1` or later.
|
| CVE-2026-28389 |
|
Vulnerability in dos (CVE-2026-28389)
vulnerability in dos (CVE-2026-28389). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28390 |
|
Vulnerability in dos (CVE-2026-28390)
vulnerability in dos (CVE-2026-28390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31790 |
|
Vulnerability in openssl (CVE-2026-31790)
vulnerability in openssl (CVE-2026-31790). Confidential information can be exposed externally.
|
| CVE-2026-28387 |
|
Use-After-Free in openssl (CVE-2026-28387)
vulnerability in openssl (CVE-2026-28387). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28388 |
|
Vulnerability in dos (CVE-2026-28388)
vulnerability in dos (CVE-2026-28388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34045 |
|
Vulnerability in linuxfoundation (CVE-2026-34045)
vulnerability in linuxfoundation (CVE-2026-34045). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-29181 |
|
Vulnerability in opentelemetry (CVE-2026-29181)
vulnerability in opentelemetry (CVE-2026-29181). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.41.0` or later.
|
| CVE-2026-39364 |
|
Vulnerability in vitejs (CVE-2026-39364)
vulnerability in vitejs (CVE-2026-39364). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-39363 |
|
Information Disclosure in vitejs (CVE-2026-39363)
vulnerability in vitejs (CVE-2026-39363). Confidential information can be exposed externally. Mitigation: upgrade to `6.4.2` or later.
|
| CVE-2026-24156 |
|
Unsafe Deserialization in deserialization (CVE-2026-24156)
vulnerability in deserialization (CVE-2026-24156). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14821 |
|
Vulnerability in c (CVE-2025-14821)
vulnerability in c (CVE-2025-14821). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30460 |
|
Code Injection in thedaylightstudio (CVE-2026-30460)
code injection in thedaylightstudio (CVE-2026-30460). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24660 |
|
Vulnerability in libraw (CVE-2026-24660)
vulnerability in libraw (CVE-2026-24660). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5732 |
|
Vulnerability in mozilla (CVE-2026-5732)
vulnerability in mozilla (CVE-2026-5732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5733 |
|
Buffer Overflow in mozilla (CVE-2026-5733)
vulnerability in mozilla (CVE-2026-5733). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4740 |
|
Vulnerability in privilege-escalation (CVE-2026-4740)
vulnerability in privilege-escalation (CVE-2026-4740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32144 |
|
Vulnerability in erlang (CVE-2026-32144)
vulnerability in erlang (CVE-2026-32144). Confidential information can be exposed externally.
|
| CVE-2026-35172 |
|
Vulnerability in distribution (CVE-2026-35172)
vulnerability in distribution (CVE-2026-35172). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-35029 |
|
Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
|
| CVE-2026-34982 |
|
OS Command Injection in vim (CVE-2026-34982)
OS command injection in vim (CVE-2026-34982). Confidential information can be exposed externally. Exploitable via ``complete``.
|