Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-34592 |
|
Vulnerability in CVE-2026-34592 (CVE-2026-34592)
vulnerability in CVE-2026-34592 (CVE-2026-34592). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0-beta.471` or later.
|
| CVE-2026-55957 |
|
Vulnerability in apache (CVE-2026-55957)
vulnerability in apache (CVE-2026-55957). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53404 |
|
Vulnerability in apache (CVE-2026-53404)
vulnerability in apache (CVE-2026-53404). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41896 |
|
Authentication Bypass in CVE-2026-41896 (CVE-2026-41896)
authentication bypass in CVE-2026-41896 (CVE-2026-41896). Data can be tampered with by attackers. Mitigation: upgrade to `4.0.0-beta.474` or later.
|
| CVE-2026-34597 |
|
OS Command Injection in CVE-2026-34597 (CVE-2026-34597)
OS command injection in CVE-2026-34597 (CVE-2026-34597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.470` or later.
|
| CVE-2026-34594 |
|
OS Command Injection in CVE-2026-34594 (CVE-2026-34594)
OS command injection in CVE-2026-34594 (CVE-2026-34594). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.471` or later.
|
| CVE-2026-57919 |
|
Vulnerability in privilege-escalation (CVE-2026-57919)
vulnerability in privilege-escalation (CVE-2026-57919). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56018 |
|
Vulnerability in dos (CVE-2026-56018)
vulnerability in dos (CVE-2026-56018). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56017 |
|
Out-of-Bounds Read in dos (CVE-2026-56017)
vulnerability in dos (CVE-2026-56017). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43735 |
|
Cross-Site Request Forgery (CSRF) in apple (CVE-2026-43735)
vulnerability in apple (CVE-2026-43735). Confidential information can be exposed externally.
|
| CVE-2026-43731 |
|
Use-After-Free in apple (CVE-2026-43731)
vulnerability in apple (CVE-2026-43731). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43725 |
|
Vulnerability in apple (CVE-2026-43725)
vulnerability in apple (CVE-2026-43725). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43724 |
|
Vulnerability in apple (CVE-2026-43724)
vulnerability in apple (CVE-2026-43724). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43715 |
|
Use-After-Free in apple (CVE-2026-43715)
vulnerability in apple (CVE-2026-43715). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43705 |
|
Vulnerability in apple (CVE-2026-43705)
vulnerability in apple (CVE-2026-43705). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43701 |
|
Vulnerability in apple (CVE-2026-43701)
vulnerability in apple (CVE-2026-43701). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58000 |
|
OS Command Injection in CVE-2026-58000 (CVE-2026-58000)
OS command injection in CVE-2026-58000 (CVE-2026-58000). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57999 |
|
OS Command Injection in CVE-2026-57999 (CVE-2026-57999)
OS command injection in CVE-2026-57999 (CVE-2026-57999). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57950 |
|
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
|
| CVE-2026-57947 |
|
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
|
| CVE-2026-57955 |
|
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
|
| CVE-2026-56285 |
|
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
|
| CVE-2026-56780 |
|
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
|
| CVE-2026-13592 |
|
Buffer Overflow in CVE-2026-13592 (CVE-2026-13592)
vulnerability in CVE-2026-13592 (CVE-2026-13592). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36848 |
|
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
|
| CVE-2026-12912 |
|
Vulnerability in dos (CVE-2026-12912)
vulnerability in dos (CVE-2026-12912). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41052 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-41052)
vulnerability in github.com/rancher/rancher (CVE-2026-41052). Successful exploitation can lead to full system takeover. Exploitable via ``privileged``. Mitigation: upgrade to `0.0.0-20260513182521-2800aaac25b5` or later.
|
| CVE-2026-13749 |
|
Code Injection in snowflake (CVE-2026-13749)
code injection in snowflake (CVE-2026-13749). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13744 |
|
SQL Injection in snowflake (CVE-2026-13744)
SQL injection in snowflake (CVE-2026-13744). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13583 |
|
Buffer Overflow in CVE-2026-13583 (CVE-2026-13583)
vulnerability in CVE-2026-13583 (CVE-2026-13583). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13582 |
|
Buffer Overflow in CVE-2026-13582 (CVE-2026-13582)
vulnerability in CVE-2026-13582 (CVE-2026-13582). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13580 |
|
Buffer Overflow in CVE-2026-13580 (CVE-2026-13580)
vulnerability in CVE-2026-13580 (CVE-2026-13580). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57338 |
|
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
|
| CVE-2026-57336 |
|
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
|
| CVE-2026-57337 |
|
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
|
| CVE-2026-57333 |
|
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
|
| CVE-2026-57332 |
|
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
|
| CVE-2026-57320 |
|
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
|
| CVE-2026-56124 |
|
Vulnerability in CVE-2026-56124 (CVE-2026-56124)
vulnerability in CVE-2026-56124 (CVE-2026-56124). Confidential information can be exposed externally.
|
| CVE-2026-49049 |
|
Vulnerability in ollyo (CVE-2026-49049)
vulnerability in ollyo (CVE-2026-49049). Data can be tampered with by attackers.
|
| CVE-2026-55844 |
|
Vulnerability in CVE-2026-55844 (CVE-2026-55844)
vulnerability in CVE-2026-55844 (CVE-2026-55844). Confidential information can be exposed externally. Mitigation: upgrade to `2025.5.0` or later.
|
| CVE-2026-55607 |
|
Path Traversal in anthropic (CVE-2026-55607)
path traversal in anthropic (CVE-2026-55607). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.163` or later.
|
| CVE-2026-54371 |
|
Vulnerability in privilege-escalation (CVE-2026-54371)
vulnerability in privilege-escalation (CVE-2026-54371). Confidential information can be exposed externally.
|
| CVE-2026-54369 |
|
Vulnerability in privilege-escalation (CVE-2026-54369)
vulnerability in privilege-escalation (CVE-2026-54369). Confidential information can be exposed externally.
|
| CVE-2026-40524 |
|
SQL Injection in sqli (CVE-2026-40524)
SQL injection in sqli (CVE-2026-40524). Confidential information can be exposed externally.
|
| CVE-2026-40523 |
|
SQL Injection in sqli (CVE-2026-40523)
SQL injection in sqli (CVE-2026-40523). Confidential information can be exposed externally.
|
| CVE-2026-40522 |
|
SQL Injection in sqli (CVE-2026-40522)
SQL injection in sqli (CVE-2026-40522). Confidential information can be exposed externally.
|
| CVE-2026-40521 |
|
Path Traversal in path-traversal (CVE-2026-40521)
path traversal in path-traversal (CVE-2026-40521). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13676 |
|
Vulnerability in openjsf (CVE-2026-13676)
vulnerability in openjsf (CVE-2026-13676). Data can be tampered with by attackers.
|
| CVE-2026-13568 |
|
Vulnerability in CVE-2026-13568 (CVE-2026-13568)
vulnerability in CVE-2026-13568 (CVE-2026-13568). Risk of unauthorized operations or information disclosure.
|