Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-8091 Vulnerability in firefox (CVE-2026-8091)
vulnerability in firefox (CVE-2026-8091). Successful exploitation can lead to full system takeover.
CVE-2026-8094 Code Injection in firefox (CVE-2026-8094)
code injection in firefox (CVE-2026-8094). Successful exploitation can lead to full system takeover.
CVE-2026-40982 Path Traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982)
path traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
CVE-2026-42216 Out-of-Bounds Read in openexr (CVE-2026-42216)
vulnerability in openexr (CVE-2026-42216). Confidential information can be exposed externally. Exploitable via ``c13e0e1320a6652e02c5c90c6dbd984d532efe44``.
CVE-2026-42217 Vulnerability in openexr (CVE-2026-42217)
vulnerability in openexr (CVE-2026-42217). Successful exploitation can lead to full system takeover. Exploitable via ``ImfIDManifest.cpp``.
CVE-2026-44484 Vulnerability in pytorch-lightning (CVE-2026-44484)
vulnerability in pytorch-lightning (CVE-2026-44484). Successful exploitation can lead to full system takeover.
CVE-2026-7910 Use-After-Free in google (CVE-2026-7910)
vulnerability in google (CVE-2026-7910). Successful exploitation can lead to full system takeover.
CVE-2026-5081 Vulnerability in apache (CVE-2026-5081)
vulnerability in apache (CVE-2026-5081). Confidential information can be exposed externally.
CVE-2026-43208 Vulnerability in linux (CVE-2026-43208)
vulnerability in linux (CVE-2026-43208). Successful exploitation can lead to full system takeover.
CVE-2026-43197 Vulnerability in linux (CVE-2026-43197)
vulnerability in linux (CVE-2026-43197). Confidential information can be exposed externally.
CVE-2026-43198 Vulnerability in linux (CVE-2026-43198)
vulnerability in linux (CVE-2026-43198). Successful exploitation can lead to full system takeover.
CVE-2026-43185 Vulnerability in linux (CVE-2026-43185)
vulnerability in linux (CVE-2026-43185). Successful exploitation can lead to full system takeover.
CVE-2026-43186 Vulnerability in c (CVE-2026-43186)
vulnerability in c (CVE-2026-43186). Successful exploitation can lead to full system takeover.
CVE-2026-43125 Out-of-Bounds Write in linux (CVE-2026-43125)
out-of-bounds write in linux (CVE-2026-43125). Successful exploitation can lead to full system takeover.
CVE-2026-43114 Vulnerability in c (CVE-2026-43114)
vulnerability in c (CVE-2026-43114). Confidential information can be exposed externally.
CVE-2026-43117 Vulnerability in linux (CVE-2026-43117)
vulnerability in linux (CVE-2026-43117). Confidential information can be exposed externally.
CVE-2026-43083 Vulnerability in linux (CVE-2026-43083)
vulnerability in linux (CVE-2026-43083). Confidential information can be exposed externally.
CVE-2026-28780 Vulnerability in apache (CVE-2026-28780)
vulnerability in apache (CVE-2026-28780). Successful exploitation can lead to full system takeover.
CVE-2026-0300 KEV [KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-35579 Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-34084 Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
CVE-2026-38428 SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.
CVE-2026-27960 Authentication Bypass in pycti (CVE-2026-27960)
authentication bypass in pycti (CVE-2026-27960). Successful exploitation can lead to full system takeover. Exploitable via ``APP__ADMIN__EXTERNALLY_MANAGED``. Mitigation: upgrade to `6.9.13` or later.
CVE-2026-38431 Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
CVE-2026-43071 Vulnerability in c (CVE-2026-43071)
vulnerability in c (CVE-2026-43071). Confidential information can be exposed externally.
CVE-2026-43067 Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
CVE-2026-36356 OS Command Injection in CVE-2026-36356 (CVE-2026-36356)
OS command injection in CVE-2026-36356 (CVE-2026-36356). Confidential information can be exposed externally.
CVE-2026-44112 Vulnerability in openclaw (CVE-2026-44112)
vulnerability in openclaw (CVE-2026-44112). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.22` or later.
CVE-2026-42027 Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2026-42809 Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809). Successful exploitation can lead to full system takeover. Exploitable via ``location``. Mitigation: upgrade to `1.4.1` or later.
CVE-2026-42810 Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810). Successful exploitation can lead to full system takeover. Exploitable via ``TABLE_CREATE``. Mitigation: upgrade to `1.4.1` or later.
CVE-2026-42811 Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.4.1` or later.
CVE-2026-42812 Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812). Successful exploitation can lead to full system takeover. Exploitable via ``write.metadata.path``. Mitigation: upgrade to `1.4.1` or later.
CVE-2026-40682 XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
CVE-2026-42796 Vulnerability in workiva (CVE-2026-42796)
vulnerability in workiva (CVE-2026-42796). Successful exploitation can lead to full system takeover.
CVE-2026-42088 Vulnerability in openc3 (CVE-2026-42088)
vulnerability in openc3 (CVE-2026-42088). Confidential information can be exposed externally.
CVE-2026-42087 SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.
CVE-2026-42376 Vulnerability in dlink (CVE-2026-42376)
vulnerability in dlink (CVE-2026-42376). Successful exploitation can lead to full system takeover.
CVE-2026-42090 Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
cross-site scripting in streetwriters (CVE-2026-42090). Successful exploitation can lead to full system takeover.
CVE-2026-26956 Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
CVE-2026-26332 Code Injection in vm2-project (CVE-2026-26332)
code injection in vm2-project (CVE-2026-26332). Successful exploitation can lead to full system takeover.
CVE-2026-24118 Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
CVE-2026-24120 Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
CVE-2026-24781 Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
CVE-2026-7482 Out-of-Bounds Read in github.com/ollama/ollama (CVE-2026-7482)
vulnerability in github.com/ollama/ollama (CVE-2026-7482). Confidential information can be exposed externally. Mitigation: upgrade to `0.17.1` or later.
CVE-2025-70067 Vulnerability in CVE-2025-70067 (CVE-2025-70067)
vulnerability in CVE-2025-70067 (CVE-2025-70067). Successful exploitation can lead to full system takeover.
CVE-2025-14320 Cross-Site Scripting (XSS) in CVE-2025-14320 (CVE-2025-14320)
cross-site scripting in CVE-2025-14320 (CVE-2025-14320). Successful exploitation can lead to full system takeover.
CVE-2026-7161 Vulnerability in geovision (CVE-2026-7161)
vulnerability in geovision (CVE-2026-7161). Confidential information can be exposed externally.
CVE-2026-42368 Vulnerability in privilege-escalation (CVE-2026-42368)
vulnerability in privilege-escalation (CVE-2026-42368). Successful exploitation can lead to full system takeover.
CVE-2026-42364 OS Command Injection in geovision (CVE-2026-42364)
OS command injection in geovision (CVE-2026-42364). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →