Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56280 |
|
Vulnerability in CVE-2026-56280 (CVE-2026-56280)
vulnerability in CVE-2026-56280 (CVE-2026-56280). Risk of unauthorized operations or information disclosure. Exploitable via `GET /build/logs/`.
|
| CVE-2026-48517 |
|
Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48516 |
|
Vulnerability in MessagePack (CVE-2026-48516)
vulnerability in MessagePack (CVE-2026-48516). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48515 |
|
Vulnerability in MessagePack (CVE-2026-48515)
vulnerability in MessagePack (CVE-2026-48515). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48514 |
|
Vulnerability in MessagePack (CVE-2026-48514)
vulnerability in MessagePack (CVE-2026-48514). Risk of unauthorized operations or information disclosure. Exploitable via ``byteLength``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48513 |
|
Vulnerability in MessagePack (CVE-2026-48513)
vulnerability in MessagePack (CVE-2026-48513). Risk of unauthorized operations or information disclosure. Exploitable via ``DynamicUnionResolver``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48512 |
|
Vulnerability in MessagePack (CVE-2026-48512)
vulnerability in MessagePack (CVE-2026-48512). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSerializer.ConvertFromJson``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48511 |
|
Vulnerability in MessagePack (CVE-2026-48511)
vulnerability in MessagePack (CVE-2026-48511). Risk of unauthorized operations or information disclosure. Exploitable via ``ExpandoObjectFormatter.Deserialize``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48510 |
|
Vulnerability in MessagePack (CVE-2026-48510)
vulnerability in MessagePack (CVE-2026-48510). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48506 |
|
Vulnerability in MessagePack (CVE-2026-48506)
vulnerability in MessagePack (CVE-2026-48506). Risk of unauthorized operations or information disclosure. Exploitable via ``StackOverflowException``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48505 |
|
Vulnerability in filament/filament (CVE-2026-48505)
vulnerability in filament/filament (CVE-2026-48505). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.5` or later.
|
| CVE-2026-48502 |
|
Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-44271 |
|
SQL Injection in sqli (CVE-2026-44271)
SQL injection in sqli (CVE-2026-44271). Confidential information can be exposed externally.
|
| CVE-2026-44272 |
|
SQL Injection in sqli (CVE-2026-44272)
SQL injection in sqli (CVE-2026-44272). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44274 |
|
Vulnerability in dell (CVE-2026-44274)
vulnerability in dell (CVE-2026-44274). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53779 |
|
Path Traversal in path-traversal (CVE-2026-53779)
path traversal in path-traversal (CVE-2026-53779). Confidential information can be exposed externally.
|
| CVE-2026-46608 |
|
Vulnerability in glances (CVE-2026-46608)
vulnerability in glances (CVE-2026-46608). Confidential information can be exposed externally. Exploitable via ``cors_origins``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2026-46607 |
|
Unsafe Deserialization in glances (CVE-2026-46607)
vulnerability in glances (CVE-2026-46607). Successful exploitation can lead to full system takeover. Exploitable via ``self.cache_file``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2026-46606 |
|
OS Command Injection in glances (CVE-2026-46606)
OS command injection in glances (CVE-2026-46606). Successful exploitation can lead to full system takeover. Exploitable via ``domain``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2026-42127 |
|
Vulnerability in dos (CVE-2026-42127)
vulnerability in dos (CVE-2026-42127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9072 |
|
Code Injection in dos (CVE-2026-9072)
code injection in dos (CVE-2026-9072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9071 |
|
Vulnerability in dos (CVE-2026-9071)
vulnerability in dos (CVE-2026-9071). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9006 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9006)
SSRF in ssrf (CVE-2026-9006). Confidential information can be exposed externally.
|
| CVE-2026-8858 |
|
Code Injection in dos (CVE-2026-8858)
code injection in dos (CVE-2026-8858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8646 |
|
Vulnerability in ibm (CVE-2026-8646)
vulnerability in ibm (CVE-2026-8646). Confidential information can be exposed externally.
|
| CVE-2026-56104 |
|
Vulnerability in CVE-2026-56104 (CVE-2026-56104)
vulnerability in CVE-2026-56104 (CVE-2026-56104). Confidential information can be exposed externally.
|
| CVE-2026-50178 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-50178)
cross-site scripting in angular (CVE-2026-50178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
|
| CVE-2026-49241 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
cross-site scripting in angular (CVE-2026-49241). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
|
| CVE-2026-41049 |
|
Authorization Flaw in presire (CVE-2026-41049)
vulnerability in presire (CVE-2026-41049). Data can be tampered with by attackers.
|
| CVE-2026-41048 |
|
Authorization Flaw in presire (CVE-2026-41048)
vulnerability in presire (CVE-2026-41048). Data can be tampered with by attackers.
|
| CVE-2026-41046 |
|
Vulnerability in path-traversal (CVE-2026-41046)
vulnerability in path-traversal (CVE-2026-41046). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41045 |
|
Vulnerability in presire (CVE-2026-41045)
vulnerability in presire (CVE-2026-41045). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10845 |
|
Authentication Bypass in ibm (CVE-2026-10845)
authentication bypass in ibm (CVE-2026-10845). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9029 |
|
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug....
|
| CVE-2026-56447 |
|
Vulnerability in misp-project (CVE-2026-56447)
vulnerability in misp-project (CVE-2026-56447). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56446 |
|
Code Injection in misp-project (CVE-2026-56446)
code injection in misp-project (CVE-2026-56446). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56425 |
|
Vulnerability in csrf (CVE-2026-56425)
vulnerability in csrf (CVE-2026-56425). Successful exploitation can lead to full system takeover. Exploitable via `Referer header`.
|
| CVE-2026-56424 |
|
Vulnerability in misp-project (CVE-2026-56424)
vulnerability in misp-project (CVE-2026-56424). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56423 |
|
Vulnerability in misp-project (CVE-2026-56423)
vulnerability in misp-project (CVE-2026-56423). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54100 |
|
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
|
| CVE-2026-54099 |
|
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
|
| CVE-2026-42129 |
|
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
The Loki datasource plugin's callResource handler contains a path traversal vulnerability. An...
|
| CVE-2025-66389 |
|
Vulnerability in microsoft (CVE-2025-66389)
vulnerability in microsoft (CVE-2025-66389). Confidential information can be exposed externally.
|
| CVE-2026-12581 |
|
Vulnerability in csharp (CVE-2026-12581)
vulnerability in csharp (CVE-2026-12581). Successful exploitation can lead to full system takeover.
|
| CVE-2023-45796 |
|
Cross-Site Scripting (XSS) in CVE-2023-45796 (CVE-2023-45796)
cross-site scripting in CVE-2023-45796 (CVE-2023-45796). Data can be tampered with by attackers.
|
| CVE-2023-45795 |
|
Cross-Site Scripting (XSS) in CVE-2023-45795 (CVE-2023-45795)
cross-site scripting in CVE-2023-45795 (CVE-2023-45795). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66336 |
|
SQL Injection in apache (CVE-2025-66336)
SQL injection in apache (CVE-2025-66336). Confidential information can be exposed externally.
|
| CVE-2026-44913 |
|
Vulnerability in apache (CVE-2026-44913)
vulnerability in apache (CVE-2026-44913). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44914 |
|
Vulnerability in apache (CVE-2026-44914)
vulnerability in apache (CVE-2026-44914). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8157 |
|
Privilege Escalation in wordpress (CVE-2026-8157)
vulnerability in wordpress (CVE-2026-8157). Successful exploitation can lead to full system takeover.
|