Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-45010 Vulnerability in thorsten/phpmyfaq (CVE-2026-45010)
vulnerability in thorsten/phpmyfaq (CVE-2026-45010). Confidential information can be exposed externally. Exploitable via `POST /admin/check`. Mitigation: upgrade to `4.1.2` or later.
CVE-2021-47965 Unrestricted File Upload in wordpress (CVE-2021-47965)
vulnerability in wordpress (CVE-2021-47965). Successful exploitation can lead to full system takeover.
CVE-2026-44717 Code Injection in CVE-2026-44717 (CVE-2026-44717)
code injection in CVE-2026-44717 (CVE-2026-44717). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.1` or later.
CVE-2026-41258 Code Injection in org.openmrs.api:openmrs-api (CVE-2026-41258)
code injection in org.openmrs.api:openmrs-api (CVE-2026-41258). Successful exploitation can lead to full system takeover. Exploitable via ``VelocityEngine``. Mitigation: upgrade to `2.8.6` or later.
CVE-2026-45772 Vulnerability in turbo (CVE-2026-45772)
vulnerability in turbo (CVE-2026-45772). Successful exploitation can lead to full system takeover. Exploitable via ``yarnPath``. Mitigation: upgrade to `2.9.14` or later.
CVE-2026-41553 OS Command Injection in dhtmlx (CVE-2026-41553)
OS command injection in dhtmlx (CVE-2026-41553). Successful exploitation can lead to full system takeover.
CVE-2026-5229 Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
CVE-2026-8398 KEV [KEV] Vulnerability in Daemon disc-soft (CVE-2026-8398)
vulnerability in Daemon disc-soft (CVE-2026-8398). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-8634 Code Injection in github.com/openclaw/crabbox (CVE-2026-8634)
code injection in github.com/openclaw/crabbox (CVE-2026-8634). Confidential information can be exposed externally. Mitigation: upgrade to `0.12.0` or later.
CVE-2026-8580 Use-After-Free in google (CVE-2026-8580)
vulnerability in google (CVE-2026-8580). Successful exploitation can lead to full system takeover.
CVE-2026-8511 Use-After-Free in google (CVE-2026-8511)
vulnerability in google (CVE-2026-8511). Successful exploitation can lead to full system takeover.
CVE-2026-45288 Vulnerability in Marten (CVE-2026-45288)
vulnerability in Marten (CVE-2026-45288). Successful exploitation can lead to full system takeover. Exploitable via ``regConfig``. Mitigation: upgrade to `8.37.0` or later.
CVE-2026-45787 Vulnerability in electerm (CVE-2026-45787)
vulnerability in electerm (CVE-2026-45787). Confidential information can be exposed externally. Mitigation: upgrade to `3.9.5` or later.
CVE-2026-45374 Code Injection in deepseek-tui (CVE-2026-45374)
code injection in deepseek-tui (CVE-2026-45374). Successful exploitation can lead to full system takeover. Exploitable via ``task_create``. Mitigation: upgrade to `0.8.26` or later.
CVE-2026-45311 Code Injection in deepseek-tui (CVE-2026-45311)
code injection in deepseek-tui (CVE-2026-45311). Successful exploitation can lead to full system takeover. Exploitable via ``run_tests``. Mitigation: upgrade to `0.8.23` or later.
CVE-2026-44592 Vulnerability in CVE-2026-44592 (CVE-2026-44592)
vulnerability in CVE-2026-44592 (CVE-2026-44592). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.1` or later.
CVE-2026-44523 Vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44523)
vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44523). Confidential information can be exposed externally. Exploitable via ``JWT_SECRET``. Mitigation: upgrade to `0.0.0-20260501152247-18b587758667` or later.
CVE-2026-41315 OS Command Injection in midoks (CVE-2026-41315)
OS command injection in midoks (CVE-2026-41315). Successful exploitation can lead to full system takeover.
CVE-2026-41615 Information Disclosure in microsoft (CVE-2026-41615)
vulnerability in microsoft (CVE-2026-41615). Successful exploitation can lead to full system takeover.
CVE-2026-44990 Cross-Site Scripting (XSS) in sanitize-html (CVE-2026-44990)
cross-site scripting in sanitize-html (CVE-2026-44990). Confidential information can be exposed externally. Exploitable via ``xmp``. Mitigation: upgrade to `2.17.4` or later.
CVE-2026-44542 Path Traversal in github.com/gtsteffaniak/filebrowser (CVE-2026-44542)
path traversal in github.com/gtsteffaniak/filebrowser (CVE-2026-44542). Data can be tampered with by attackers. Exploitable via `DELETE /public/api/resources`. Mitigation: upgrade to `0.0.0-20260501183844-112740bdd41d` or later.
CVE-2026-42555 Code Injection in com.ritense.valtimo:document (CVE-2026-42555)
code injection in com.ritense.valtimo:document (CVE-2026-42555). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/management/v1/document-definition/migrate`. Mitigation: upgrade to `12.32.0` or later.
CVE-2026-44881 Information Disclosure in github.com/portainer/portainer (CVE-2026-44881)
vulnerability in github.com/portainer/portainer (CVE-2026-44881). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/stacks/{id}/file`. Mitigation: upgrade to `2.41.0` or later.
CVE-2026-44792 SQL Injection in n8n (CVE-2026-44792)
SQL injection in n8n (CVE-2026-44792). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44791 Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-44789 Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
CVE-2026-42596 SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596). Confidential information can be exposed externally. Exploitable via `POST /upload`. Mitigation: upgrade to `8.32.0` or later.
CVE-2026-42589 OS Command Injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589)
OS command injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589). Successful exploitation can lead to full system takeover. Exploitable via ``dangerousTags``.
CVE-2026-20182 KEV [KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-44482 Vulnerability in CVE-2026-44482 (CVE-2026-44482)
vulnerability in CVE-2026-44482 (CVE-2026-44482). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.8` or later.
CVE-2026-42457 Cross-Site Scripting (XSS) in CVE-2026-42457 (CVE-2026-42457)
cross-site scripting in CVE-2026-42457 (CVE-2026-42457). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.4.3` or later.
CVE-2026-46442 Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46441 Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46440 Vulnerability in flowise (CVE-2026-46440)
vulnerability in flowise (CVE-2026-46440). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42861 Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-26191 OS Command Injection in github.com/fleetdm/fleet/v4 (CVE-2026-26191)
OS command injection in github.com/fleetdm/fleet/v4 (CVE-2026-26191). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.81.1` or later.
CVE-2026-2347 Vulnerability in CVE-2026-2347 (CVE-2026-2347)
vulnerability in CVE-2026-2347 (CVE-2026-2347). Successful exploitation can lead to full system takeover.
CVE-2025-11024 SQL Injection in sqli (CVE-2025-11024)
SQL injection in sqli (CVE-2025-11024). Successful exploitation can lead to full system takeover.
CVE-2026-6512 Vulnerability in wordpress (CVE-2026-6512)
vulnerability in wordpress (CVE-2026-6512). Confidential information can be exposed externally.
CVE-2026-6510 Vulnerability in wordpress (CVE-2026-6510)
vulnerability in wordpress (CVE-2026-6510). Successful exploitation can lead to full system takeover.
CVE-2026-6271 Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
CVE-2026-8181 Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-8500 OS Command Injection in CVE-2026-8500 (CVE-2026-8500)
OS command injection in CVE-2026-8500 (CVE-2026-8500). Successful exploitation can lead to full system takeover.
CVE-2026-45158 Vulnerability in opnsense (CVE-2026-45158)
vulnerability in opnsense (CVE-2026-45158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
CVE-2026-44442 Vulnerability in frappe (CVE-2026-44442)
vulnerability in frappe (CVE-2026-44442). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.9.1` or later.
CVE-2026-44194 OS Command Injection in opnsense (CVE-2026-44194)
OS command injection in opnsense (CVE-2026-44194). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
CVE-2026-44193 Vulnerability in opnsense (CVE-2026-44193)
vulnerability in opnsense (CVE-2026-44193). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.7` or later.
CVE-2025-27851 Cross-Site Request Forgery (CSRF) in garmin (CVE-2025-27851)
vulnerability in garmin (CVE-2025-27851). Confidential information can be exposed externally.
CVE-2026-45714 Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-45053 Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →