Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-61025 |
|
SQL Injection in dos (CVE-2025-61025)
SQL injection in dos (CVE-2025-61025). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61023 |
|
SQL Injection in dos (CVE-2025-61023)
SQL injection in dos (CVE-2025-61023). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61022 |
|
SQL Injection in dos (CVE-2025-61022)
SQL injection in dos (CVE-2025-61022). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61021 |
|
SQL Injection in dos (CVE-2025-61021)
SQL injection in dos (CVE-2025-61021). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61020 |
|
SQL Injection in dos (CVE-2025-61020)
SQL injection in dos (CVE-2025-61020). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61019 |
|
SQL Injection in dos (CVE-2025-61019)
SQL injection in dos (CVE-2025-61019). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61018 |
|
SQL Injection in dos (CVE-2025-61018)
SQL injection in dos (CVE-2025-61018). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12957 |
|
Vulnerability in Amazon aws (CVE-2026-12957)
vulnerability in Amazon aws (CVE-2026-12957). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52808 |
|
Privilege Escalation in gogs.io/gogs (CVE-2026-52808)
vulnerability in gogs.io/gogs (CVE-2026-52808). Data can be tampered with by attackers. Exploitable via `PATCH /api/v1/repos/`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52805 |
|
SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-52805)
SSRF in gogs.io/gogs (CVE-2026-52805). Confidential information can be exposed externally. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-1840 |
|
Vulnerability in cisa (CVE-2026-1840)
vulnerability in cisa (CVE-2026-1840). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56815 |
|
Vulnerability in CVE-2026-56815 (CVE-2026-56815)
vulnerability in CVE-2026-56815 (CVE-2026-56815). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35019 |
|
Vulnerability in CVE-2026-35019 (CVE-2026-35019)
vulnerability in CVE-2026-35019 (CVE-2026-35019). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35018 |
|
OS Command Injection in CVE-2026-35018 (CVE-2026-35018)
OS command injection in CVE-2026-35018 (CVE-2026-35018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56784 |
|
Vulnerability in CVE-2026-56784 (CVE-2026-56784)
vulnerability in CVE-2026-56784 (CVE-2026-56784). Confidential information can be exposed externally.
|
| CVE-2026-56379 |
|
Vulnerability in imagemagick (CVE-2026-56379)
vulnerability in imagemagick (CVE-2026-56379). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56322 |
|
Information Disclosure in CVE-2026-56322 (CVE-2026-56322)
vulnerability in CVE-2026-56322 (CVE-2026-56322). Confidential information can be exposed externally.
|
| CVE-2026-56275 |
|
SSRF (Server-Side Request Forgery) in flowiseai (CVE-2026-56275)
SSRF in flowiseai (CVE-2026-56275). Confidential information can be exposed externally.
|
| CVE-2026-56258 |
|
Path Traversal in kidocode (CVE-2026-56258)
path traversal in kidocode (CVE-2026-56258). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56248 |
|
Vulnerability in dos (CVE-2026-56248)
vulnerability in dos (CVE-2026-56248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56243 |
|
Vulnerability in CVE-2026-56243 (CVE-2026-56243)
vulnerability in CVE-2026-56243 (CVE-2026-56243). Confidential information can be exposed externally.
|
| CVE-2026-56225 |
|
Privilege Escalation in CVE-2026-56225 (CVE-2026-56225)
vulnerability in CVE-2026-56225 (CVE-2026-56225). Confidential information can be exposed externally.
|
| CVE-2026-56222 |
|
Vulnerability in CVE-2026-56222 (CVE-2026-56222)
vulnerability in CVE-2026-56222 (CVE-2026-56222). Successful exploitation can lead to full system takeover. Exploitable via `POST /private/role_bindings`.
|
| CVE-2026-10711 |
|
Vulnerability in CVE-2026-10711 (CVE-2026-10711)
vulnerability in CVE-2026-10711 (CVE-2026-10711). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71376 |
|
Unsafe Deserialization in CVE-2025-71376 (CVE-2025-71376)
vulnerability in CVE-2025-71376 (CVE-2025-71376). Confidential information can be exposed externally.
|
| CVE-2025-71370 |
|
Unsafe Deserialization in CVE-2025-71370 (CVE-2025-71370)
vulnerability in CVE-2025-71370 (CVE-2025-71370). Confidential information can be exposed externally.
|
| CVE-2025-71365 |
|
Unsafe Deserialization in CVE-2025-71365 (CVE-2025-71365)
vulnerability in CVE-2025-71365 (CVE-2025-71365). Confidential information can be exposed externally.
|
| CVE-2025-71341 |
|
Unsafe Deserialization in CVE-2025-71341 (CVE-2025-71341)
vulnerability in CVE-2025-71341 (CVE-2025-71341). Confidential information can be exposed externally.
|
| CVE-2025-71337 |
|
Vulnerability in flowiseai (CVE-2025-71337)
vulnerability in flowiseai (CVE-2025-71337). Confidential information can be exposed externally.
|
| CVE-2023-54365 |
|
Vulnerability in traefik (CVE-2023-54365)
vulnerability in traefik (CVE-2023-54365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10521 |
|
An high privileged remote attacker can access a hidden configuration method, that should not be...
An high privileged remote attacker can access a hidden configuration method, that should not be...
|
| CVE-2026-8379 |
|
Vulnerability in wordpress (CVE-2026-8379)
vulnerability in wordpress (CVE-2026-8379). Confidential information can be exposed externally.
|
| CVE-2026-8172 |
|
Vulnerability in wordpress (CVE-2026-8172)
vulnerability in wordpress (CVE-2026-8172). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8163 |
|
Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10658 |
|
Out-of-Bounds Read in c (CVE-2026-10658)
vulnerability in c (CVE-2026-10658). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10651 |
|
Vulnerability in c (CVE-2026-10651)
vulnerability in c (CVE-2026-10651). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52801 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52801)
vulnerability in gogs.io/gogs (CVE-2026-52801). Confidential information can be exposed externally. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52800 |
|
Cross-Site Request Forgery (CSRF) in gogs.io/gogs (CVE-2026-52800)
vulnerability in gogs.io/gogs (CVE-2026-52800). Successful exploitation can lead to full system takeover. Exploitable via ``TeamsAction``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52799 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52799)
vulnerability in gogs.io/gogs (CVE-2026-52799). Confidential information can be exposed externally. Exploitable via `GET /attachments/`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52798 |
|
Cross-Site Scripting (XSS) in gogs.io/gogs (CVE-2026-52798)
cross-site scripting in gogs.io/gogs (CVE-2026-52798). Confidential information can be exposed externally. Exploitable via ``poc``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-54353 |
|
Vulnerability in @budibase/backend-core (CVE-2026-54353)
vulnerability in @budibase/backend-core (CVE-2026-54353). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-54351 |
|
Vulnerability in @budibase/server (CVE-2026-54351)
vulnerability in @budibase/server (CVE-2026-54351). Confidential information can be exposed externally. Exploitable via `POST /api/webhooks/trigger/`. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-49229 |
|
Vulnerability in @actual-app/sync-server (CVE-2026-49229)
vulnerability in @actual-app/sync-server (CVE-2026-49229). Confidential information can be exposed externally. Exploitable via `PATCH /admin/users`. Mitigation: upgrade to `26.6.0` or later.
|
| CVE-2026-54232 |
|
Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
|
| CVE-2026-50136 |
|
Vulnerability in @budibase/server (CVE-2026-50136)
vulnerability in @budibase/server (CVE-2026-50136). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.2` or later.
|
| CVE-2026-50132 |
|
Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-47267 |
|
SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-47267)
SSRF in gogs.io/gogs (CVE-2026-47267). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56324 |
|
Vulnerability in CVE-2026-56324 (CVE-2026-56324)
vulnerability in CVE-2026-56324 (CVE-2026-56324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56323 |
|
Information Disclosure in CVE-2026-56323 (CVE-2026-56323)
vulnerability in CVE-2026-56323 (CVE-2026-56323). Confidential information can be exposed externally.
|
| CVE-2026-56314 |
|
Vulnerability in CVE-2026-56314 (CVE-2026-56314)
vulnerability in CVE-2026-56314 (CVE-2026-56314). Data can be tampered with by attackers.
|