Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-44643 Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
CVE-2026-7813 Vulnerability in pgadmin4 (CVE-2026-7813)
vulnerability in pgadmin4 (CVE-2026-7813). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
CVE-2026-42613 Vulnerability in getgrav/grav (CVE-2026-42613)
vulnerability in getgrav/grav (CVE-2026-42613). Confidential information can be exposed externally. Exploitable via ``groups``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42608 Path Traversal in getgrav/grav (CVE-2026-42608)
path traversal in getgrav/grav (CVE-2026-42608). Confidential information can be exposed externally. Exploitable via `POST /contact`. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-42607 Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-44477 Vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477)
vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477). Successful exploitation can lead to full system takeover. Exploitable via ``postgres``. Mitigation: upgrade to `1.29.1` or later.
CVE-2026-44985 Vulnerability in github.com/amir20/dozzle (CVE-2026-44985)
vulnerability in github.com/amir20/dozzle (CVE-2026-44985). Successful exploitation can lead to full system takeover. Exploitable via ``true``.
CVE-2026-40636 Vulnerability in dell (CVE-2026-40636)
vulnerability in dell (CVE-2026-40636). Successful exploitation can lead to full system takeover.
CVE-2021-47940 Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
CVE-2021-47932 Vulnerability in wordpress (CVE-2021-47932)
vulnerability in wordpress (CVE-2021-47932). Successful exploitation can lead to full system takeover.
CVE-2021-47933 Vulnerability in wordpress (CVE-2021-47933)
vulnerability in wordpress (CVE-2021-47933). Successful exploitation can lead to full system takeover.
CVE-2021-47936 Vulnerability in CVE-2021-47936 (CVE-2021-47936)
vulnerability in CVE-2021-47936 (CVE-2021-47936). Successful exploitation can lead to full system takeover.
CVE-2021-47923 Vulnerability in CVE-2021-47923 (CVE-2021-47923)
vulnerability in CVE-2021-47923 (CVE-2021-47923). Successful exploitation can lead to full system takeover.
CVE-2026-6104 Out-of-Bounds Read in libphp (CVE-2026-6104)
vulnerability in libphp (CVE-2026-6104). Confidential information can be exposed externally. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
CVE-2026-6722 Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-7261 Use-After-Free in libphp (CVE-2026-7261)
vulnerability in libphp (CVE-2026-7261). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2025-14179 SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-42569 Vulnerability in nabeel/phpvms (CVE-2026-42569)
vulnerability in nabeel/phpvms (CVE-2026-42569). Data can be tampered with by attackers. Mitigation: upgrade to `7.0.6` or later.
CVE-2026-42601 Vulnerability in archivebox (CVE-2026-42601)
vulnerability in archivebox (CVE-2026-42601). Successful exploitation can lead to full system takeover.
CVE-2026-42257 Command Injection in net-imap (CVE-2026-42257)
command injection in net-imap (CVE-2026-42257). Successful exploitation can lead to full system takeover. Exploitable via ``CRLF``. Mitigation: upgrade to `0.4.24` or later.
CVE-2026-20160 Vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160)
vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160). Successful exploitation can lead to full system takeover.
CVE-2026-20147 Command Injection in Cisco dos (CVE-2026-20147)
command injection in Cisco dos (CVE-2026-20147). Successful exploitation can lead to full system takeover.
CVE-2026-20180 Path Traversal in Cisco dos (CVE-2026-20180)
path traversal in Cisco dos (CVE-2026-20180). Successful exploitation can lead to full system takeover.
CVE-2025-65856 Vulnerability in cisa (CVE-2025-65856)
vulnerability in cisa (CVE-2025-65856). Successful exploitation can lead to full system takeover.
CVE-2026-6074 Vulnerability in cisa (CVE-2026-6074)
vulnerability in cisa (CVE-2026-6074). Successful exploitation can lead to full system takeover.
CVE-2026-42560 Authentication Bypass in oauth (CVE-2026-42560)
authentication bypass in oauth (CVE-2026-42560). Confidential information can be exposed externally. Exploitable via ``user.ID``.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.
CVE-2026-42454 OS Command Injection in docker (CVE-2026-42454)
OS command injection in docker (CVE-2026-42454). Successful exploitation can lead to full system takeover. Exploitable via `GET /docker/containers/`.
CVE-2026-42354 Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
CVE-2026-42298 Code Injection in docker (CVE-2026-42298)
code injection in docker (CVE-2026-42298). Successful exploitation can lead to full system takeover. Exploitable via ``GITHUB_TOKEN``. Mitigation: upgrade to `>= 0` or later.
CVE-2026-42302 Vulnerability in openai-sdk (CVE-2026-42302)
vulnerability in openai-sdk (CVE-2026-42302). Successful exploitation can lead to full system takeover. Exploitable via ``entrypoint.sh``.
CVE-2026-37709 Vulnerability in snipe/snipe-it (CVE-2026-37709)
vulnerability in snipe/snipe-it (CVE-2026-37709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-44330 Authorization Flaw in github.com/free5gc/nef (CVE-2026-44330)
vulnerability in github.com/free5gc/nef (CVE-2026-44330). Data can be tampered with by attackers. Exploitable via `GET /applications`.
CVE-2026-44329 Vulnerability in github.com/free5gc/smf (CVE-2026-44329)
vulnerability in github.com/free5gc/smf (CVE-2026-44329). Data can be tampered with by attackers. Exploitable via `GET /upi/v1/upNodesLinks`. Mitigation: upgrade to `1.4.3` or later.
CVE-2026-44327 Vulnerability in github.com/free5gc/nef (CVE-2026-44327)
vulnerability in github.com/free5gc/nef (CVE-2026-44327). Data can be tampered with by attackers. Exploitable via ``Authorization``.
CVE-2026-44326 Vulnerability in github.com/free5gc/nef (CVE-2026-44326)
vulnerability in github.com/free5gc/nef (CVE-2026-44326). Data can be tampered with by attackers. Exploitable via ``Authorization``.
CVE-2026-44315 Vulnerability in github.com/free5gc/nef (CVE-2026-44315)
vulnerability in github.com/free5gc/nef (CVE-2026-44315). Data can be tampered with by attackers. Exploitable via ``ServiceList``.
CVE-2026-42193 Vulnerability in aws (CVE-2026-42193)
vulnerability in aws (CVE-2026-42193). Data can be tampered with by attackers.
CVE-2026-44211 Vulnerability in cline (CVE-2026-44211)
vulnerability in cline (CVE-2026-44211). Successful exploitation can lead to full system takeover. Exploitable via ``kanban``.
CVE-2026-44694 Vulnerability in n8n-mcp (CVE-2026-44694)
vulnerability in n8n-mcp (CVE-2026-44694). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.50.2` or later.
CVE-2026-44551 Authentication Bypass in open-webui (CVE-2026-44551)
authentication bypass in open-webui (CVE-2026-44551). Confidential information can be exposed externally. Exploitable via `POST /api/v1/auths/ldap`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-41889 SQL Injection in github.com/jackc/pgx/v5 (CVE-2026-41889)
SQL injection in github.com/jackc/pgx/v5 (CVE-2026-41889). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.9.2` or later.
CVE-2026-42072 Vulnerability in graph (CVE-2026-42072)
vulnerability in graph (CVE-2026-42072). Successful exploitation can lead to full system takeover. Exploitable via ``NORNICDB_ADDRESS``.
CVE-2026-38360 Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
CVE-2026-44212 Cross-Site Scripting (XSS) in prestashop/prestashop (CVE-2026-44212)
cross-site scripting in prestashop/prestashop (CVE-2026-44212). Confidential information can be exposed externally. Mitigation: upgrade to `9.1.1` or later.
CVE-2026-44009 Vulnerability in vm2 (CVE-2026-44009)
vulnerability in vm2 (CVE-2026-44009). Successful exploitation can lead to full system takeover. Exploitable via ``handleException``. Mitigation: upgrade to `3.11.2` or later.
CVE-2026-41070 Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
CVE-2026-44008 Vulnerability in vm2 (CVE-2026-44008)
vulnerability in vm2 (CVE-2026-44008). Successful exploitation can lead to full system takeover. Exploitable via ``neutralizeArraySpeciesBatch``. Mitigation: upgrade to `3.11.2` or later.
CVE-2026-44497 Vulnerability in zfnd (CVE-2026-44497)
vulnerability in zfnd (CVE-2026-44497). Data can be tampered with by attackers. Exploitable via ``zcashd``. Mitigation: upgrade to `4.4.0` or later.
CVE-2026-43465 Vulnerability in linux (CVE-2026-43465)
vulnerability in linux (CVE-2026-43465). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →