Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44643 |
|
Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-7813 |
|
Vulnerability in pgadmin4 (CVE-2026-7813)
vulnerability in pgadmin4 (CVE-2026-7813). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-42613 |
|
Vulnerability in getgrav/grav (CVE-2026-42613)
vulnerability in getgrav/grav (CVE-2026-42613). Confidential information can be exposed externally. Exploitable via ``groups``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42608 |
|
Path Traversal in getgrav/grav (CVE-2026-42608)
path traversal in getgrav/grav (CVE-2026-42608). Confidential information can be exposed externally. Exploitable via `POST /contact`. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-42607 |
|
Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
|
| CVE-2026-44477 |
|
Vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477)
vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477). Successful exploitation can lead to full system takeover. Exploitable via ``postgres``. Mitigation: upgrade to `1.29.1` or later.
|
| CVE-2026-44985 |
|
Vulnerability in github.com/amir20/dozzle (CVE-2026-44985)
vulnerability in github.com/amir20/dozzle (CVE-2026-44985). Successful exploitation can lead to full system takeover. Exploitable via ``true``.
|
| CVE-2026-40636 |
|
Vulnerability in dell (CVE-2026-40636)
vulnerability in dell (CVE-2026-40636). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47940 |
|
Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47932 |
|
Vulnerability in wordpress (CVE-2021-47932)
vulnerability in wordpress (CVE-2021-47932). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47933 |
|
Vulnerability in wordpress (CVE-2021-47933)
vulnerability in wordpress (CVE-2021-47933). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47936 |
|
Vulnerability in CVE-2021-47936 (CVE-2021-47936)
vulnerability in CVE-2021-47936 (CVE-2021-47936). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47923 |
|
Vulnerability in CVE-2021-47923 (CVE-2021-47923)
vulnerability in CVE-2021-47923 (CVE-2021-47923). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6104 |
|
Out-of-Bounds Read in libphp (CVE-2026-6104)
vulnerability in libphp (CVE-2026-6104). Confidential information can be exposed externally. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
|
| CVE-2026-6722 |
|
Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-7261 |
|
Use-After-Free in libphp (CVE-2026-7261)
vulnerability in libphp (CVE-2026-7261). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2025-14179 |
|
SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
|
| CVE-2026-42569 |
|
Vulnerability in nabeel/phpvms (CVE-2026-42569)
vulnerability in nabeel/phpvms (CVE-2026-42569). Data can be tampered with by attackers. Mitigation: upgrade to `7.0.6` or later.
|
| CVE-2026-42601 |
|
Vulnerability in archivebox (CVE-2026-42601)
vulnerability in archivebox (CVE-2026-42601). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42257 |
|
Command Injection in net-imap (CVE-2026-42257)
command injection in net-imap (CVE-2026-42257). Successful exploitation can lead to full system takeover. Exploitable via ``CRLF``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-20160 |
|
Vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160)
vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20147 |
|
Command Injection in Cisco dos (CVE-2026-20147)
command injection in Cisco dos (CVE-2026-20147). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20180 |
|
Path Traversal in Cisco dos (CVE-2026-20180)
path traversal in Cisco dos (CVE-2026-20180). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65856 |
|
Vulnerability in cisa (CVE-2025-65856)
vulnerability in cisa (CVE-2025-65856). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6074 |
|
Vulnerability in cisa (CVE-2026-6074)
vulnerability in cisa (CVE-2026-6074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42560 |
|
Authentication Bypass in oauth (CVE-2026-42560)
authentication bypass in oauth (CVE-2026-42560). Confidential information can be exposed externally. Exploitable via ``user.ID``.
|
| CVE-2026-44313 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
|
| CVE-2026-42454 |
|
OS Command Injection in docker (CVE-2026-42454)
OS command injection in docker (CVE-2026-42454). Successful exploitation can lead to full system takeover. Exploitable via `GET /docker/containers/`.
|
| CVE-2026-42354 |
|
Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
|
| CVE-2026-42298 |
|
Code Injection in docker (CVE-2026-42298)
code injection in docker (CVE-2026-42298). Successful exploitation can lead to full system takeover. Exploitable via ``GITHUB_TOKEN``. Mitigation: upgrade to `>= 0` or later.
|
| CVE-2026-42302 |
|
Vulnerability in openai-sdk (CVE-2026-42302)
vulnerability in openai-sdk (CVE-2026-42302). Successful exploitation can lead to full system takeover. Exploitable via ``entrypoint.sh``.
|
| CVE-2026-37709 |
|
Vulnerability in snipe/snipe-it (CVE-2026-37709)
vulnerability in snipe/snipe-it (CVE-2026-37709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-44330 |
|
Authorization Flaw in github.com/free5gc/nef (CVE-2026-44330)
vulnerability in github.com/free5gc/nef (CVE-2026-44330). Data can be tampered with by attackers. Exploitable via `GET /applications`.
|
| CVE-2026-44329 |
|
Vulnerability in github.com/free5gc/smf (CVE-2026-44329)
vulnerability in github.com/free5gc/smf (CVE-2026-44329). Data can be tampered with by attackers. Exploitable via `GET /upi/v1/upNodesLinks`. Mitigation: upgrade to `1.4.3` or later.
|
| CVE-2026-44327 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44327)
vulnerability in github.com/free5gc/nef (CVE-2026-44327). Data can be tampered with by attackers. Exploitable via ``Authorization``.
|
| CVE-2026-44326 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44326)
vulnerability in github.com/free5gc/nef (CVE-2026-44326). Data can be tampered with by attackers. Exploitable via ``Authorization``.
|
| CVE-2026-44315 |
|
Vulnerability in github.com/free5gc/nef (CVE-2026-44315)
vulnerability in github.com/free5gc/nef (CVE-2026-44315). Data can be tampered with by attackers. Exploitable via ``ServiceList``.
|
| CVE-2026-42193 |
|
Vulnerability in aws (CVE-2026-42193)
vulnerability in aws (CVE-2026-42193). Data can be tampered with by attackers.
|
| CVE-2026-44211 |
|
Vulnerability in cline (CVE-2026-44211)
vulnerability in cline (CVE-2026-44211). Successful exploitation can lead to full system takeover. Exploitable via ``kanban``.
|
| CVE-2026-44694 |
|
Vulnerability in n8n-mcp (CVE-2026-44694)
vulnerability in n8n-mcp (CVE-2026-44694). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.50.2` or later.
|
| CVE-2026-44551 |
|
Authentication Bypass in open-webui (CVE-2026-44551)
authentication bypass in open-webui (CVE-2026-44551). Confidential information can be exposed externally. Exploitable via `POST /api/v1/auths/ldap`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-41889 |
|
SQL Injection in github.com/jackc/pgx/v5 (CVE-2026-41889)
SQL injection in github.com/jackc/pgx/v5 (CVE-2026-41889). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.9.2` or later.
|
| CVE-2026-42072 |
|
Vulnerability in graph (CVE-2026-42072)
vulnerability in graph (CVE-2026-42072). Successful exploitation can lead to full system takeover. Exploitable via ``NORNICDB_ADDRESS``.
|
| CVE-2026-38360 |
|
Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44212 |
|
Cross-Site Scripting (XSS) in prestashop/prestashop (CVE-2026-44212)
cross-site scripting in prestashop/prestashop (CVE-2026-44212). Confidential information can be exposed externally. Mitigation: upgrade to `9.1.1` or later.
|
| CVE-2026-44009 |
|
Vulnerability in vm2 (CVE-2026-44009)
vulnerability in vm2 (CVE-2026-44009). Successful exploitation can lead to full system takeover. Exploitable via ``handleException``. Mitigation: upgrade to `3.11.2` or later.
|
| CVE-2026-41070 |
|
Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
|
| CVE-2026-44008 |
|
Vulnerability in vm2 (CVE-2026-44008)
vulnerability in vm2 (CVE-2026-44008). Successful exploitation can lead to full system takeover. Exploitable via ``neutralizeArraySpeciesBatch``. Mitigation: upgrade to `3.11.2` or later.
|
| CVE-2026-44497 |
|
Vulnerability in zfnd (CVE-2026-44497)
vulnerability in zfnd (CVE-2026-44497). Data can be tampered with by attackers. Exploitable via ``zcashd``. Mitigation: upgrade to `4.4.0` or later.
|
| CVE-2026-43465 |
|
Vulnerability in linux (CVE-2026-43465)
vulnerability in linux (CVE-2026-43465). Successful exploitation can lead to full system takeover.
|