Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49412 |
|
Use-After-Free in freebsd (CVE-2026-49412)
vulnerability in freebsd (CVE-2026-49412). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45258 |
|
Out-of-Bounds Read in dos (CVE-2026-45258)
vulnerability in dos (CVE-2026-45258). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10820 |
|
Vulnerability in wordpress (CVE-2026-10820)
vulnerability in wordpress (CVE-2026-10820). Data can be tampered with by attackers.
|
| CVE-2023-37524 |
|
Vulnerability in csharp (CVE-2023-37524)
vulnerability in csharp (CVE-2023-37524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56414 |
|
Unrestricted File Upload in CVE-2026-56414 (CVE-2026-56414)
vulnerability in CVE-2026-56414 (CVE-2026-56414). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33560 |
|
Unrestricted File Upload in daktronics (CVE-2026-33560)
vulnerability in daktronics (CVE-2026-33560). Data can be tampered with by attackers.
|
| CVE-2026-31928 |
|
Vulnerability in daktronics (CVE-2026-31928)
vulnerability in daktronics (CVE-2026-31928). Confidential information can be exposed externally.
|
| CVE-2026-36478 |
|
Vulnerability in csharp (CVE-2026-36478)
vulnerability in csharp (CVE-2026-36478). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55700 |
|
Path Traversal in pnpm (CVE-2026-55700)
path traversal in pnpm (CVE-2026-55700). Data can be tampered with by attackers. Exploitable via ``main``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55698 |
|
Vulnerability in pnpm (CVE-2026-55698)
vulnerability in pnpm (CVE-2026-55698). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55697 |
|
OS Command Injection in pnpm (CVE-2026-55697)
OS command injection in pnpm (CVE-2026-55697). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55487 |
|
Vulnerability in pnpm (CVE-2026-55487)
vulnerability in pnpm (CVE-2026-55487). Successful exploitation can lead to full system takeover. Exploitable via ``bf1b731ee6``. Mitigation: upgrade to `10.34.2` or later.
|
| CVE-2026-50015 |
|
Path Traversal in pnpm (CVE-2026-50015)
path traversal in pnpm (CVE-2026-50015). Data can be tampered with by attackers. Exploitable via ``patchedDependencies``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-50016 |
|
Vulnerability in pnpm (CVE-2026-50016)
vulnerability in pnpm (CVE-2026-50016). Successful exploitation can lead to full system takeover. Exploitable via ``node_modules``. Mitigation: upgrade to `11.4.0` or later.
|
| CVE-2026-55069 |
|
Vulnerability in privilege-escalation (CVE-2026-55069)
vulnerability in privilege-escalation (CVE-2026-55069). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.24` or later.
|
| CVE-2026-49984 |
|
Path Traversal in kestra (CVE-2026-49984)
path traversal in kestra (CVE-2026-49984). Confidential information can be exposed externally. Exploitable via `GET /api/v1/{tenant}/executions/{executionId}/file`. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-45807 |
|
Path Traversal in kestra (CVE-2026-45807)
path traversal in kestra (CVE-2026-45807). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.43` or later.
|
| CVE-2026-48995 |
|
Vulnerability in pnpm (CVE-2026-48995)
vulnerability in pnpm (CVE-2026-48995). Successful exploitation can lead to full system takeover. Exploitable via ``codeload.github.com``. Mitigation: upgrade to `11.0.7` or later.
|
| CVE-2026-38641 |
|
Vulnerability in dos (CVE-2026-38641)
vulnerability in dos (CVE-2026-38641). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38639 |
|
Vulnerability in dos (CVE-2026-38639)
vulnerability in dos (CVE-2026-38639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53303 |
|
Out-of-Bounds Read in linux (CVE-2026-53303)
vulnerability in linux (CVE-2026-53303). Confidential information can be exposed externally.
|
| CVE-2026-53300 |
|
Use-After-Free in linux (CVE-2026-53300)
vulnerability in linux (CVE-2026-53300). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53322 |
|
Vulnerability in linux (CVE-2026-53322)
vulnerability in linux (CVE-2026-53322). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53296 |
|
Use-After-Free in linux (CVE-2026-53296)
vulnerability in linux (CVE-2026-53296). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53294 |
|
Vulnerability in linux (CVE-2026-53294)
vulnerability in linux (CVE-2026-53294). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53286 |
|
Vulnerability in linux (CVE-2026-53286)
vulnerability in linux (CVE-2026-53286). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32833 |
|
OS Command Injection in CVE-2026-32833 (CVE-2026-32833)
OS command injection in CVE-2026-32833 (CVE-2026-32833). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53290 |
|
Use-After-Free in linux (CVE-2026-53290)
vulnerability in linux (CVE-2026-53290). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53284 |
|
Vulnerability in c (CVE-2026-53284)
vulnerability in c (CVE-2026-53284). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53281 |
|
Vulnerability in linux (CVE-2026-53281)
vulnerability in linux (CVE-2026-53281). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13372 |
|
Vulnerability in devolutions (CVE-2026-13372)
vulnerability in devolutions (CVE-2026-13372). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52884 |
|
Vulnerability in cpp (CVE-2026-52884)
vulnerability in cpp (CVE-2026-52884). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.2` or later.
|
| CVE-2026-48800 |
|
OS Command Injection in cpp (CVE-2026-48800)
OS command injection in cpp (CVE-2026-48800). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.1` or later.
|
| CVE-2026-48778 |
|
OS Command Injection in cpp (CVE-2026-48778)
OS command injection in cpp (CVE-2026-48778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.1` or later.
|
| CVE-2026-46710 |
|
Vulnerability in privilege-escalation (CVE-2026-46710)
vulnerability in privilege-escalation (CVE-2026-46710). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6` or later.
|
| CVE-2026-46604 |
|
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
|
| CVE-2026-55189 |
|
Vulnerability in CVE-2026-55189 (CVE-2026-55189)
vulnerability in CVE-2026-55189 (CVE-2026-55189). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
|
| CVE-2026-55188 |
|
Information Disclosure in CVE-2026-55188 (CVE-2026-55188)
vulnerability in CVE-2026-55188 (CVE-2026-55188). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
|
| CVE-2026-52784 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-52784)
vulnerability in csrf (CVE-2026-52784). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-52783 |
|
Vulnerability in rails (CVE-2026-52783)
vulnerability in rails (CVE-2026-52783). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-49991 |
|
Path Traversal in path-traversal (CVE-2026-49991)
path traversal in path-traversal (CVE-2026-49991). Data can be tampered with by attackers.
|
| CVE-2026-47193 |
|
Information Disclosure in CVE-2026-47193 (CVE-2026-47193)
vulnerability in CVE-2026-47193 (CVE-2026-47193). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
|
| CVE-2026-47220 |
|
Vulnerability in envoyproxy (CVE-2026-47220)
vulnerability in envoyproxy (CVE-2026-47220). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `1.37.5` or later.
|
| CVE-2026-56876 |
|
Path Traversal in max-mapper (CVE-2026-56876)
path traversal in max-mapper (CVE-2026-56876). Confidential information can be exposed externally.
|
| CVE-2026-57518 |
|
Vulnerability in privilege-escalation (CVE-2026-57518)
vulnerability in privilege-escalation (CVE-2026-57518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0828 |
|
Vulnerability in CVE-2026-0828 (CVE-2026-0828)
vulnerability in CVE-2026-0828 (CVE-2026-0828). Confidential information can be exposed externally.
|
| CVE-2026-5757 |
|
Out-of-Bounds Read in ollama (CVE-2026-5757)
vulnerability in ollama (CVE-2026-5757). Confidential information can be exposed externally.
|
| CVE-2026-45195 |
|
Vulnerability in imaginationtech (CVE-2026-45195)
vulnerability in imaginationtech (CVE-2026-45195). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21734 |
|
Vulnerability in imaginationtech (CVE-2026-21734)
vulnerability in imaginationtech (CVE-2026-21734). Data can be tampered with by attackers.
|
| CVE-2026-54341 |
|
Out-of-Bounds Read in dos (CVE-2026-54341)
vulnerability in dos (CVE-2026-54341). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.39.0` or later.
|