Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8091 |
|
Vulnerability in firefox (CVE-2026-8091)
vulnerability in firefox (CVE-2026-8091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8094 |
|
Code Injection in firefox (CVE-2026-8094)
code injection in firefox (CVE-2026-8094). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40982 |
|
Path Traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982)
path traversal in org.springframework.cloud:spring-cloud-config-server (CVE-2026-40982). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
|
| CVE-2026-42216 |
|
Out-of-Bounds Read in openexr (CVE-2026-42216)
vulnerability in openexr (CVE-2026-42216). Confidential information can be exposed externally. Exploitable via ``c13e0e1320a6652e02c5c90c6dbd984d532efe44``.
|
| CVE-2026-42217 |
|
Vulnerability in openexr (CVE-2026-42217)
vulnerability in openexr (CVE-2026-42217). Successful exploitation can lead to full system takeover. Exploitable via ``ImfIDManifest.cpp``.
|
| CVE-2026-44484 |
|
Vulnerability in pytorch-lightning (CVE-2026-44484)
vulnerability in pytorch-lightning (CVE-2026-44484). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7910 |
|
Use-After-Free in google (CVE-2026-7910)
vulnerability in google (CVE-2026-7910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5081 |
|
Vulnerability in apache (CVE-2026-5081)
vulnerability in apache (CVE-2026-5081). Confidential information can be exposed externally.
|
| CVE-2026-43208 |
|
Vulnerability in linux (CVE-2026-43208)
vulnerability in linux (CVE-2026-43208). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43197 |
|
Vulnerability in linux (CVE-2026-43197)
vulnerability in linux (CVE-2026-43197). Confidential information can be exposed externally.
|
| CVE-2026-43198 |
|
Vulnerability in linux (CVE-2026-43198)
vulnerability in linux (CVE-2026-43198). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43185 |
|
Vulnerability in linux (CVE-2026-43185)
vulnerability in linux (CVE-2026-43185). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43186 |
|
Vulnerability in c (CVE-2026-43186)
vulnerability in c (CVE-2026-43186). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43125 |
|
Out-of-Bounds Write in linux (CVE-2026-43125)
out-of-bounds write in linux (CVE-2026-43125). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43114 |
|
Vulnerability in c (CVE-2026-43114)
vulnerability in c (CVE-2026-43114). Confidential information can be exposed externally.
|
| CVE-2026-43117 |
|
Vulnerability in linux (CVE-2026-43117)
vulnerability in linux (CVE-2026-43117). Confidential information can be exposed externally.
|
| CVE-2026-43083 |
|
Vulnerability in linux (CVE-2026-43083)
vulnerability in linux (CVE-2026-43083). Confidential information can be exposed externally.
|
| CVE-2026-28780 |
|
Vulnerability in apache (CVE-2026-28780)
vulnerability in apache (CVE-2026-28780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0300 KEV |
|
[KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-35579 |
|
Authentication Bypass in github.com/coredns/coredns (CVE-2026-35579)
authentication bypass in github.com/coredns/coredns (CVE-2026-35579). Successful exploitation can lead to full system takeover. Exploitable via ``tsigStatus``. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-38428 |
|
SQL Injection in sqli (CVE-2026-38428)
SQL injection in sqli (CVE-2026-38428). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/main/flows/search`.
|
| CVE-2026-27960 |
|
Authentication Bypass in pycti (CVE-2026-27960)
authentication bypass in pycti (CVE-2026-27960). Successful exploitation can lead to full system takeover. Exploitable via ``APP__ADMIN__EXTERNALLY_MANAGED``. Mitigation: upgrade to `6.9.13` or later.
|
| CVE-2026-38431 |
|
Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43071 |
|
Vulnerability in c (CVE-2026-43071)
vulnerability in c (CVE-2026-43071). Confidential information can be exposed externally.
|
| CVE-2026-43067 |
|
Vulnerability in linux (CVE-2026-43067)
vulnerability in linux (CVE-2026-43067). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36356 |
|
OS Command Injection in CVE-2026-36356 (CVE-2026-36356)
OS command injection in CVE-2026-36356 (CVE-2026-36356). Confidential information can be exposed externally.
|
| CVE-2026-44112 |
|
Vulnerability in openclaw (CVE-2026-44112)
vulnerability in openclaw (CVE-2026-44112). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.22` or later.
|
| CVE-2026-42027 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42027). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-42809 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42809). Successful exploitation can lead to full system takeover. Exploitable via ``location``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42810 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810). Successful exploitation can lead to full system takeover. Exploitable via ``TABLE_CREATE``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42811 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-42812 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812). Successful exploitation can lead to full system takeover. Exploitable via ``write.metadata.path``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-40682 |
|
XXE (XML External Entity) in org.apache.opennlp:opennlp-tools (CVE-2026-40682)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-40682). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-42796 |
|
Vulnerability in workiva (CVE-2026-42796)
vulnerability in workiva (CVE-2026-42796). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42088 |
|
Vulnerability in openc3 (CVE-2026-42088)
vulnerability in openc3 (CVE-2026-42088). Confidential information can be exposed externally.
|
| CVE-2026-42087 |
|
SQL Injection in sqli (CVE-2026-42087)
SQL injection in sqli (CVE-2026-42087). Confidential information can be exposed externally. Exploitable via ``tsdb_lookup``.
|
| CVE-2026-42376 |
|
Vulnerability in dlink (CVE-2026-42376)
vulnerability in dlink (CVE-2026-42376). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42090 |
|
Cross-Site Scripting (XSS) in streetwriters (CVE-2026-42090)
cross-site scripting in streetwriters (CVE-2026-42090). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26956 |
|
Vulnerability in vm2-project (CVE-2026-26956)
vulnerability in vm2-project (CVE-2026-26956). Successful exploitation can lead to full system takeover. Exploitable via ``catch``.
|
| CVE-2026-26332 |
|
Code Injection in vm2-project (CVE-2026-26332)
code injection in vm2-project (CVE-2026-26332). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24118 |
|
Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
|
| CVE-2026-24120 |
|
Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
|
| CVE-2026-24781 |
|
Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
|
| CVE-2026-7482 |
|
Out-of-Bounds Read in github.com/ollama/ollama (CVE-2026-7482)
vulnerability in github.com/ollama/ollama (CVE-2026-7482). Confidential information can be exposed externally. Mitigation: upgrade to `0.17.1` or later.
|
| CVE-2025-70067 |
|
Vulnerability in CVE-2025-70067 (CVE-2025-70067)
vulnerability in CVE-2025-70067 (CVE-2025-70067). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14320 |
|
Cross-Site Scripting (XSS) in CVE-2025-14320 (CVE-2025-14320)
cross-site scripting in CVE-2025-14320 (CVE-2025-14320). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7161 |
|
Vulnerability in geovision (CVE-2026-7161)
vulnerability in geovision (CVE-2026-7161). Confidential information can be exposed externally.
|
| CVE-2026-42368 |
|
Vulnerability in privilege-escalation (CVE-2026-42368)
vulnerability in privilege-escalation (CVE-2026-42368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42364 |
|
OS Command Injection in geovision (CVE-2026-42364)
OS command injection in geovision (CVE-2026-42364). Successful exploitation can lead to full system takeover.
|