Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-44377 Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-44351 Vulnerability in fast-jwt (CVE-2026-44351)
vulnerability in fast-jwt (CVE-2026-44351). Confidential information can be exposed externally. Exploitable via ``Buffer``. Mitigation: upgrade to `6.2.4` or later.
CVE-2026-42031 SQL Injection in ckan (CVE-2026-42031)
SQL injection in ckan (CVE-2026-42031). Successful exploitation can lead to full system takeover. Exploitable via ``datastore_search_sql``. Mitigation: upgrade to `2.11.5` or later.
CVE-2026-42032 Authorization Flaw in ckan (CVE-2026-42032)
vulnerability in ckan (CVE-2026-42032). Confidential information can be exposed externally. Exploitable via ``datastore_search_sql``. Mitigation: upgrade to `2.11.5` or later.
CVE-2026-0257 KEV [KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-45411 Vulnerability in vm2 (CVE-2026-45411)
vulnerability in vm2 (CVE-2026-45411). Successful exploitation can lead to full system takeover. Exploitable via ``return``. Mitigation: upgrade to `3.11.3` or later.
CVE-2026-44007 Vulnerability in vm2 (CVE-2026-44007)
vulnerability in vm2 (CVE-2026-44007). Successful exploitation can lead to full system takeover. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.1` or later.
CVE-2026-44006 Code Injection in vm2 (CVE-2026-44006)
code injection in vm2 (CVE-2026-44006). Successful exploitation can lead to full system takeover. Exploitable via ``BaseHandler.getPrototypeOf``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44005 Code Injection in vm2 (CVE-2026-44005)
code injection in vm2 (CVE-2026-44005). Data can be tampered with by attackers. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43999 Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-43997 Code Injection in vm2 (CVE-2026-43997)
code injection in vm2 (CVE-2026-43997). Successful exploitation can lead to full system takeover. Exploitable via ``Object``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-8495 Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
CVE-2026-42557 Cross-Site Scripting (XSS) in jupyterlab (CVE-2026-42557)
cross-site scripting in jupyterlab (CVE-2026-42557). Successful exploitation can lead to full system takeover. Exploitable via ``button``. Mitigation: upgrade to `4.5.7` or later.
CVE-2026-41225 Vulnerability in f5 (CVE-2026-41225)
vulnerability in f5 (CVE-2026-41225). Successful exploitation can lead to full system takeover.
CVE-2020-37168 Vulnerability in CVE-2020-37168 (CVE-2020-37168)
vulnerability in CVE-2020-37168 (CVE-2020-37168). Successful exploitation can lead to full system takeover.
CVE-2026-45375 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45375)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45375). Successful exploitation can lead to full system takeover. Exploitable via ``name``.
CVE-2026-45083 Vulnerability in io.goobi.viewer:viewer-core (CVE-2026-45083)
vulnerability in io.goobi.viewer:viewer-core (CVE-2026-45083). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/index/stream`.
CVE-2026-44774 Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-44774)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-44774). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/providers/rest`. Mitigation: upgrade to `3.6.17` or later.
CVE-2026-42062 OS Command Injection in CVE-2026-42062 (CVE-2026-42062)
OS command injection in CVE-2026-42062 (CVE-2026-42062). Successful exploitation can lead to full system takeover.
CVE-2026-40621 Vulnerability in CVE-2026-40621 (CVE-2026-40621)
vulnerability in CVE-2026-40621 (CVE-2026-40621). Successful exploitation can lead to full system takeover.
CVE-2026-32661 Vulnerability in jvn (CVE-2026-32661)
vulnerability in jvn (CVE-2026-32661). Successful exploitation can lead to full system takeover.
CVE-2026-41050 Authorization Flaw in github.com/rancher/fleet (CVE-2026-41050)
vulnerability in github.com/rancher/fleet (CVE-2026-41050). Successful exploitation can lead to full system takeover. Exploitable via ``GitRepo``. Mitigation: upgrade to `0.11.13` or later.
CVE-2025-11159 Vulnerability in hitachi (CVE-2025-11159)
vulnerability in hitachi (CVE-2025-11159). Successful exploitation can lead to full system takeover.
CVE-2026-44547 Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
CVE-2026-41901 Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
CVE-2026-42288 Code Injection in CVE-2026-42288 (CVE-2026-42288)
code injection in CVE-2026-42288 (CVE-2026-42288). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44650 Path Traversal in sillytavern (CVE-2026-44650)
path traversal in sillytavern (CVE-2026-44650). Data can be tampered with by attackers. Exploitable via `POST /api/extensions/delete`. Mitigation: upgrade to `1.18.0` or later.
CVE-2026-44649 Vulnerability in sillytavern (CVE-2026-44649)
vulnerability in sillytavern (CVE-2026-44649). Successful exploitation can lead to full system takeover. Exploitable via ``config.yaml``. Mitigation: upgrade to `1.18.0` or later.
CVE-2026-44262 Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
CVE-2026-43948 Authorization Flaw in wger (CVE-2026-43948)
vulnerability in wger (CVE-2026-43948). Successful exploitation can lead to full system takeover. Exploitable via `GET /en/gym/user/`. Mitigation: upgrade to `2.6` or later.
CVE-2026-42854 Vulnerability in espressif (CVE-2026-42854)
vulnerability in espressif (CVE-2026-42854). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.3.8` or later.
CVE-2026-45185 Use-After-Free in exim (CVE-2026-45185)
vulnerability in exim (CVE-2026-45185). Successful exploitation can lead to full system takeover.
CVE-2026-44221 Authorization Flaw in com.arcadedb:arcadedb-server (CVE-2026-44221)
vulnerability in com.arcadedb:arcadedb-server (CVE-2026-44221). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/server`. Mitigation: upgrade to `26.4.2` or later.
CVE-2026-44225 Path Traversal in CVE-2026-44225 (CVE-2026-44225)
path traversal in CVE-2026-44225 (CVE-2026-44225). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.1` or later.
CVE-2026-42889 Vulnerability in CVE-2026-42889 (CVE-2026-42889)
vulnerability in CVE-2026-42889 (CVE-2026-42889). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.7` or later.
CVE-2026-34659 Unsafe Deserialization in deserialization (CVE-2026-34659)
vulnerability in deserialization (CVE-2026-34659). Successful exploitation can lead to full system takeover.
CVE-2026-34660 Authorization Flaw in adobe (CVE-2026-34660)
vulnerability in adobe (CVE-2026-34660). Confidential information can be exposed externally.
CVE-2026-42823 Vulnerability in microsoft (CVE-2026-42823)
vulnerability in microsoft (CVE-2026-42823). Successful exploitation can lead to full system takeover.
CVE-2026-42898 Code Injection in microsoft (CVE-2026-42898)
code injection in microsoft (CVE-2026-42898). Successful exploitation can lead to full system takeover.
CVE-2026-44277 Vulnerability in fortinet (CVE-2026-44277)
vulnerability in fortinet (CVE-2026-44277). Successful exploitation can lead to full system takeover.
CVE-2026-42833 Vulnerability in microsoft (CVE-2026-42833)
vulnerability in microsoft (CVE-2026-42833). Successful exploitation can lead to full system takeover.
CVE-2026-41096 Vulnerability in microsoft (CVE-2026-41096)
vulnerability in microsoft (CVE-2026-41096). Successful exploitation can lead to full system takeover.
CVE-2026-41089 Vulnerability in microsoft (CVE-2026-41089)
vulnerability in microsoft (CVE-2026-41089). Successful exploitation can lead to full system takeover.
CVE-2026-41103 Vulnerability in microsoft (CVE-2026-41103)
vulnerability in microsoft (CVE-2026-41103). Confidential information can be exposed externally.
CVE-2026-40379 Information Disclosure in microsoft (CVE-2026-40379)
vulnerability in microsoft (CVE-2026-40379). Confidential information can be exposed externally.
CVE-2026-40402 Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-33117 Authentication Bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117)
authentication bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117). Confidential information can be exposed externally. Mitigation: upgrade to `4.10.6` or later.
CVE-2026-31237 Unsafe Deserialization in ludwig (CVE-2026-31237)
vulnerability in ludwig (CVE-2026-31237). Successful exploitation can lead to full system takeover.
CVE-2026-31238 Unsafe Deserialization in ludwig (CVE-2026-31238)
vulnerability in ludwig (CVE-2026-31238). Successful exploitation can lead to full system takeover.
CVE-2026-31236 Code Injection in llm (CVE-2026-31236)
code injection in llm (CVE-2026-31236). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →