Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-33519 |
|
Vulnerability in esri (CVE-2026-33519)
vulnerability in esri (CVE-2026-33519). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33518 |
|
Vulnerability in esri (CVE-2026-33518)
vulnerability in esri (CVE-2026-33518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40372 |
|
Vulnerability in csharp (CVE-2026-40372)
vulnerability in csharp (CVE-2026-40372). Confidential information can be exposed externally.
|
| CVE-2026-6748 |
|
Vulnerability in mozilla (CVE-2026-6748)
vulnerability in mozilla (CVE-2026-6748). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5965 |
|
OS Command Injection in CVE-2026-5965 (CVE-2026-5965)
OS command injection in CVE-2026-5965 (CVE-2026-5965). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32311 |
|
OS Command Injection in flowsint (CVE-2026-32311)
OS command injection in flowsint (CVE-2026-32311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33557 |
|
Vulnerability in apache (CVE-2026-33557)
vulnerability in apache (CVE-2026-33557). Confidential information can be exposed externally. Exploitable via ``sasl.oauthbearer.jwt.validator.class``.
|
| CVE-2026-5963 |
|
SQL Injection in csharp (CVE-2026-5963)
SQL injection in csharp (CVE-2026-5963). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5964 |
|
SQL Injection in csharp (CVE-2026-5964)
SQL injection in csharp (CVE-2026-5964). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41242 |
|
Code Injection in protobufjs-project (CVE-2026-41242)
code injection in protobufjs-project (CVE-2026-41242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41589 |
|
Path Traversal in charm.land/wish/v2 (CVE-2026-41589)
path traversal in charm.land/wish/v2 (CVE-2026-41589). Confidential information can be exposed externally. Exploitable via ``main``. Mitigation: upgrade to `2.0.1` or later.
|
| CVE-2026-5720 |
|
Out-of-Bounds Read in dos (CVE-2026-5720)
vulnerability in dos (CVE-2026-5720). Confidential information can be exposed externally.
|
| CVE-2026-40478 |
|
Vulnerability in thymeleaf (CVE-2026-40478)
vulnerability in thymeleaf (CVE-2026-40478). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40477 |
|
Vulnerability in thymeleaf (CVE-2026-40477)
vulnerability in thymeleaf (CVE-2026-40477). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29013 |
|
Out-of-Bounds Read in c (CVE-2026-29013)
vulnerability in c (CVE-2026-29013). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15625 |
|
SQL Injection in sparxsystems (CVE-2025-15625)
SQL injection in sparxsystems (CVE-2025-15625). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43995 |
|
SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-27820 |
|
Vulnerability in zlib (CVE-2026-27820)
vulnerability in zlib (CVE-2026-27820). Successful exploitation can lead to full system takeover. Exploitable via ``zstream_buffer_ungets``. Mitigation: upgrade to `3.0.1` or later.
|
| CVE-2026-5426 |
|
Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
|
| CVE-2026-6270 |
|
Vulnerability in fastify (CVE-2026-6270)
vulnerability in fastify (CVE-2026-6270). Confidential information can be exposed externally.
|
| CVE-2026-31843 |
|
Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6350 |
|
Vulnerability in CVE-2026-6350 (CVE-2026-6350)
vulnerability in CVE-2026-6350 (CVE-2026-6350). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6349 |
|
OS Command Injection in CVE-2026-6349 (CVE-2026-6349)
OS command injection in CVE-2026-6349 (CVE-2026-6349). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40959 |
|
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
|
| CVE-2026-6388 |
|
Vulnerability in privilege-escalation (CVE-2026-6388)
vulnerability in privilege-escalation (CVE-2026-6388). Data can be tampered with by attackers.
|
| CVE-2026-6296 |
|
Vulnerability in google (CVE-2026-6296)
vulnerability in google (CVE-2026-6296). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41118 |
|
Vulnerability in c (CVE-2025-41118)
vulnerability in c (CVE-2025-41118). Confidential information can be exposed externally.
|
| CVE-2026-20186 |
|
Command Injection in dos (CVE-2026-20186)
command injection in dos (CVE-2026-20186). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33807 |
|
Vulnerability in express (CVE-2026-33807)
vulnerability in express (CVE-2026-33807). Confidential information can be exposed externally.
|
| CVE-2026-33808 |
|
Vulnerability in @fastify/express (CVE-2026-33808)
vulnerability in @fastify/express (CVE-2026-33808). Confidential information can be exposed externally. Exploitable via `GET //admin/dashboard`. Mitigation: upgrade to `4.0.3` or later.
|
| CVE-2026-39813 |
|
Vulnerability in path-traversal (CVE-2026-39813)
vulnerability in path-traversal (CVE-2026-39813). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61260 |
|
Code Injection in CVE-2025-61260 (CVE-2025-61260)
code injection in CVE-2025-61260 (CVE-2025-61260). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31414 |
|
Vulnerability in linux (CVE-2026-31414)
vulnerability in linux (CVE-2026-31414). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0234 |
|
Vulnerability in paloaltonetworks (CVE-2026-0234)
vulnerability in paloaltonetworks (CVE-2026-0234). Confidential information can be exposed externally.
|
| CVE-2026-31845 |
|
Cross-Site Scripting (XSS) in CVE-2026-31845 (CVE-2026-31845)
cross-site scripting in CVE-2026-31845 (CVE-2026-31845). Confidential information can be exposed externally.
|
| CVE-2026-6068 |
|
Use-After-Free in nasm (CVE-2026-6068)
vulnerability in nasm (CVE-2026-6068). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6057 |
|
Path Traversal in path-traversal (CVE-2026-6057)
path traversal in path-traversal (CVE-2026-6057). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33784 |
|
Vulnerability in juniper (CVE-2026-33784)
vulnerability in juniper (CVE-2026-33784). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5194 |
|
Vulnerability in wolfssl (CVE-2026-5194)
vulnerability in wolfssl (CVE-2026-5194). Confidential information can be exposed externally.
|
| CVE-2026-40089 |
|
SSRF (Server-Side Request Forgery) in c (CVE-2026-40089)
SSRF in c (CVE-2026-40089). Confidential information can be exposed externally.
|
| CVE-2025-62718 |
|
Vulnerability in axios (CVE-2025-62718)
vulnerability in axios (CVE-2025-62718). Confidential information can be exposed externally. Exploitable via ``NO_PROXY``. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-39962 |
|
Vulnerability in misp-project (CVE-2026-39962)
vulnerability in misp-project (CVE-2026-39962). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.36` or later.
|
| CVE-2026-39892 |
|
Buffer Overflow in cryptography (CVE-2026-39892)
vulnerability in cryptography (CVE-2026-39892). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `46.0.7` or later.
|
| CVE-2026-31017 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-31017)
SSRF in ssrf (CVE-2026-31017). Confidential information can be exposed externally.
|
| CVE-2026-34582 |
|
Vulnerability in c (CVE-2026-34582)
vulnerability in c (CVE-2026-34582). Confidential information can be exposed externally. Mitigation: upgrade to `3.11.1` or later.
|
| CVE-2026-31789 |
|
Out-of-Bounds Write in openssl (CVE-2026-31789)
out-of-bounds write in openssl (CVE-2026-31789). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34078 |
|
Vulnerability in flatpak (CVE-2026-34078)
vulnerability in flatpak (CVE-2026-34078). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.16.4` or later.
|
| CVE-2025-69515 |
|
Vulnerability in CVE-2025-69515 (CVE-2025-69515)
vulnerability in CVE-2025-69515 (CVE-2025-69515). Data can be tampered with by attackers.
|
| CVE-2026-4631 |
|
OS Command Injection in CVE-2026-4631 (CVE-2026-4631)
OS command injection in CVE-2026-4631 (CVE-2026-4631). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33815 |
|
Out-of-Bounds Write in github.com/jackc/pgx/v5 (CVE-2026-33815)
out-of-bounds write in github.com/jackc/pgx/v5 (CVE-2026-33815). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.9.0` or later.
|