Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-31235 Unsafe Deserialization in imgaug (CVE-2026-31235)
vulnerability in imgaug (CVE-2026-31235). Successful exploitation can lead to full system takeover.
CVE-2026-31239 Unsafe Deserialization in mamba-ssm (CVE-2026-31239)
vulnerability in mamba-ssm (CVE-2026-31239). Successful exploitation can lead to full system takeover.
CVE-2026-31242 Vulnerability in dos (CVE-2026-31242)
vulnerability in dos (CVE-2026-31242). Data can be tampered with by attackers. Exploitable via `DELETE /memories`.
CVE-2026-31231 Code Injection in CVE-2026-31231 (CVE-2026-31231)
code injection in CVE-2026-31231 (CVE-2026-31231). Successful exploitation can lead to full system takeover.
CVE-2026-31229 Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
CVE-2026-31234 Unsafe Deserialization in horovod (CVE-2026-31234)
vulnerability in horovod (CVE-2026-31234). Successful exploitation can lead to full system takeover.
CVE-2026-31230 Vulnerability in CVE-2026-31230 (CVE-2026-31230)
vulnerability in CVE-2026-31230 (CVE-2026-31230). Successful exploitation can lead to full system takeover.
CVE-2026-31233 Code Injection in guardrails-ai (CVE-2026-31233)
code injection in guardrails-ai (CVE-2026-31233). Successful exploitation can lead to full system takeover.
CVE-2026-29204 Vulnerability in CVE-2026-29204 (CVE-2026-29204)
vulnerability in CVE-2026-29204 (CVE-2026-29204). Confidential information can be exposed externally. Exploitable via ``clientarea.php``.
CVE-2026-26083 Vulnerability in fortinet (CVE-2026-26083)
vulnerability in fortinet (CVE-2026-26083). Successful exploitation can lead to full system takeover.
CVE-2026-44343 Vulnerability in wgdashboard (CVE-2026-44343)
vulnerability in wgdashboard (CVE-2026-44343). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.3.2` or later.
CVE-2026-44183 Vulnerability in CVE-2026-44183 (CVE-2026-44183)
vulnerability in CVE-2026-44183 (CVE-2026-44183). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.10` or later.
CVE-2026-44196 Authentication Bypass in CVE-2026-44196 (CVE-2026-44196)
authentication bypass in CVE-2026-44196 (CVE-2026-44196). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.3` or later.
CVE-2026-42048 Path Traversal in langflow (CVE-2026-42048)
path traversal in langflow (CVE-2026-42048). Data can be tampered with by attackers. Exploitable via `DELETE /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-43992 Information Disclosure in CVE-2026-43992 (CVE-2026-43992)
vulnerability in CVE-2026-43992 (CVE-2026-43992). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
CVE-2025-65719 Code Injection in kubectl-mcp-server (CVE-2025-65719)
code injection in kubectl-mcp-server (CVE-2025-65719). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-42074 Vulnerability in openclaude (CVE-2026-42074)
vulnerability in openclaude (CVE-2026-42074). Successful exploitation can lead to full system takeover. Exploitable via ``dangerouslyDisableSandbox``. Mitigation: upgrade to `0.5.1` or later.
CVE-2026-43515 Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-41293 Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-43512 Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-31226 OS Command Injection in CVE-2026-31226 (CVE-2026-31226)
OS command injection in CVE-2026-31226 (CVE-2026-31226). Successful exploitation can lead to full system takeover.
CVE-2026-31228 Code Injection in CVE-2026-31228 (CVE-2026-31228)
code injection in CVE-2026-31228 (CVE-2026-31228). Successful exploitation can lead to full system takeover.
CVE-2026-34187 SQL Injection in sqli (CVE-2026-34187)
SQL injection in sqli (CVE-2026-34187). Successful exploitation can lead to full system takeover.
CVE-2026-31214 Unsafe Deserialization in deserialization (CVE-2026-31214)
vulnerability in deserialization (CVE-2026-31214). Successful exploitation can lead to full system takeover.
CVE-2026-31215 Vulnerability in dos (CVE-2026-31215)
vulnerability in dos (CVE-2026-31215). Data can be tampered with by attackers. Exploitable via `DELETE /{index_name}/documents`.
CVE-2026-31216 Vulnerability in dos (CVE-2026-31216)
vulnerability in dos (CVE-2026-31216). Data can be tampered with by attackers. Exploitable via `DELETE /storage/{object_name`.
CVE-2026-31217 Code Injection in nebuly (CVE-2026-31217)
code injection in nebuly (CVE-2026-31217). Successful exploitation can lead to full system takeover.
CVE-2026-31220 Code Injection in syft (CVE-2026-31220)
code injection in syft (CVE-2026-31220). Successful exploitation can lead to full system takeover.
CVE-2026-30805 Vulnerability in artica (CVE-2026-30805)
vulnerability in artica (CVE-2026-30805). Confidential information can be exposed externally.
CVE-2026-8401 Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8043 Vulnerability in ivanti (CVE-2026-8043)
vulnerability in ivanti (CVE-2026-8043). Confidential information can be exposed externally.
CVE-2026-45091 Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
CVE-2026-45087 Vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087)
vulnerability in github.com/hahwul/dalfox/v2 (CVE-2026-45087). Successful exploitation can lead to full system takeover. Exploitable via `POST /scan`. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-41551 Vulnerability in path-traversal (CVE-2026-41551)
vulnerability in path-traversal (CVE-2026-41551). Confidential information can be exposed externally.
CVE-2026-25786 Cross-Site Scripting (XSS) in CVE-2026-25786 (CVE-2026-25786)
cross-site scripting in CVE-2026-25786 (CVE-2026-25786). Successful exploitation can lead to full system takeover.
CVE-2026-25787 Cross-Site Scripting (XSS) in CVE-2026-25787 (CVE-2026-25787)
cross-site scripting in CVE-2026-25787 (CVE-2026-25787). Successful exploitation can lead to full system takeover.
CVE-2025-40949 OS Command Injection in siemens (CVE-2025-40949)
OS command injection in siemens (CVE-2025-40949). Successful exploitation can lead to full system takeover.
CVE-2025-6577 SQL Injection in sqli (CVE-2025-6577)
SQL injection in sqli (CVE-2025-6577). Successful exploitation can lead to full system takeover.
CVE-2026-22924 Vulnerability in siemens (CVE-2026-22924)
vulnerability in siemens (CVE-2026-22924). Data can be tampered with by attackers.
CVE-2026-34263 Vulnerability in CVE-2026-34263 (CVE-2026-34263)
vulnerability in CVE-2026-34263 (CVE-2026-34263). Successful exploitation can lead to full system takeover.
CVE-2026-34260 SQL Injection in sqli (CVE-2026-34260)
SQL injection in sqli (CVE-2026-34260). Confidential information can be exposed externally.
CVE-2026-45321 KEV [KEV] Vulnerability in @tanstack/arktype-adapter (CVE-2026-45321)
vulnerability in @tanstack/arktype-adapter (CVE-2026-45321). Successful exploitation can lead to full system takeover. Exploitable via ``pull_request_target``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.166.16` or later.
CVE-2026-43899 Vulnerability in CVE-2026-43899 (CVE-2026-43899)
vulnerability in CVE-2026-43899 (CVE-2026-43899). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.4-beta.1` or later.
CVE-2026-43900 Cross-Site Scripting (XSS) in vue (CVE-2026-43900)
cross-site scripting in vue (CVE-2026-43900). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.4-beta.1` or later.
CVE-2026-42882 Path Traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882)
path traversal in github.com/oxyno-zeta/s3-proxy (CVE-2026-42882). Confidential information can be exposed externally. Exploitable via `PUT /upload/foo/drafts/../restricted/`. Mitigation: upgrade to `0.0.0-20260424211602-1320e4abd46a` or later.
CVE-2026-42869 Authentication Bypass in CVE-2026-42869 (CVE-2026-42869)
authentication bypass in CVE-2026-42869 (CVE-2026-42869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.57` or later.
CVE-2026-43898 Code Injection in @nyariv/sandboxjs (CVE-2026-43898)
code injection in @nyariv/sandboxjs (CVE-2026-43898). Successful exploitation can lead to full system takeover. Exploitable via ``Function.caller``. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-42864 Vulnerability in firefighter-incident (CVE-2026-42864)
vulnerability in firefighter-incident (CVE-2026-42864). Confidential information can be exposed externally. Exploitable via `POST /api/v2/firefighter/raid/jira_bot`. Mitigation: upgrade to `0.0.54` or later.
CVE-2026-38567 SQL Injection in sqli (CVE-2026-38567)
SQL injection in sqli (CVE-2026-38567). Successful exploitation can lead to full system takeover.
CVE-2026-25244 OS Command Injection in @wdio/browserstack-service (CVE-2026-25244)
OS command injection in @wdio/browserstack-service (CVE-2026-25244). Successful exploitation can lead to full system takeover. Exploitable via ``source``. Mitigation: upgrade to `9.24.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →