Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-34192 |
|
Use-After-Free in CVE-2026-34192 (CVE-2026-34192)
vulnerability in CVE-2026-34192 (CVE-2026-34192). Data can be tampered with by attackers.
|
| CVE-2026-11576 |
|
Vulnerability in eclipse (CVE-2026-11576)
vulnerability in eclipse (CVE-2026-11576). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46461 |
|
Vulnerability in dell (CVE-2026-46461)
vulnerability in dell (CVE-2026-46461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12044 |
|
SQL Injection in sqli (CVE-2026-12044)
SQL injection in sqli (CVE-2026-12044). Successful exploitation can lead to full system takeover. Exploitable via ``qtLiteral``.
|
| CVE-2026-56076 |
|
Vulnerability in CVE-2026-56076 (CVE-2026-56076)
vulnerability in CVE-2026-56076 (CVE-2026-56076). Confidential information can be exposed externally. Exploitable via `POST /agui`.
|
| CVE-2026-56075 |
|
Authorization Flaw in CVE-2026-56075 (CVE-2026-56075)
vulnerability in CVE-2026-56075 (CVE-2026-56075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56078 |
|
Path Traversal in praisonai (CVE-2026-56078)
path traversal in praisonai (CVE-2026-56078). Successful exploitation can lead to full system takeover. Exploitable via ``MultiAgentLedger``. Mitigation: upgrade to `1.5.115` or later.
|
| CVE-2026-47633 |
|
Information Disclosure in microsoft (CVE-2026-47633)
vulnerability in microsoft (CVE-2026-47633). Confidential information can be exposed externally.
|
| CVE-2026-32174 |
|
Authentication Bypass in microsoft (CVE-2026-32174)
authentication bypass in microsoft (CVE-2026-32174). Data can be tampered with by attackers.
|
| CVE-2026-25865 |
|
Vulnerability in CVE-2026-25865 (CVE-2026-25865)
vulnerability in CVE-2026-25865 (CVE-2026-25865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46699 |
|
Vulnerability in CVE-2026-46699 (CVE-2026-46699)
vulnerability in CVE-2026-46699 (CVE-2026-46699). Data can be tampered with by attackers.
|
| CVE-2026-43994 |
|
Vulnerability in coturn-project (CVE-2026-43994)
vulnerability in coturn-project (CVE-2026-43994). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48716 |
|
Path Traversal in CVE-2026-48716 (CVE-2026-48716)
path traversal in CVE-2026-48716 (CVE-2026-48716). Data can be tampered with by attackers.
|
| CVE-2026-38718 |
|
Vulnerability in dos (CVE-2026-38718)
vulnerability in dos (CVE-2026-38718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55203 |
|
Vulnerability in haproxy (CVE-2026-55203)
vulnerability in haproxy (CVE-2026-55203). Data can be tampered with by attackers.
|
| CVE-2026-54104 |
|
Vulnerability in CVE-2026-54104 (CVE-2026-54104)
vulnerability in CVE-2026-54104 (CVE-2026-54104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55204 |
|
Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56020 |
|
Vulnerability in CVE-2026-56020 (CVE-2026-56020)
vulnerability in CVE-2026-56020 (CVE-2026-56020). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.641` or later.
|
| CVE-2026-55237 |
|
Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
|
| CVE-2026-46580 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-46580)
vulnerability in @theia/ai-chat-ui (CVE-2026-46580). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-44691 |
|
Vulnerability in @theia/debug (CVE-2026-44691)
vulnerability in @theia/debug (CVE-2026-44691). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.69.0` or later.
|
| CVE-2026-44688 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-44688)
vulnerability in @theia/ai-chat-ui (CVE-2026-44688). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-56012 |
|
SQL Injection in sqli (CVE-2026-56012)
SQL injection in sqli (CVE-2026-56012). Confidential information can be exposed externally.
|
| CVE-2026-8461 |
|
Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42488 |
|
Buffer Overflow in CVE-2026-42488 (CVE-2026-42488)
vulnerability in CVE-2026-42488 (CVE-2026-42488). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42487 |
|
Vulnerability in c (CVE-2026-42487)
vulnerability in c (CVE-2026-42487). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55603 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55603)
vulnerability in http-proxy-middleware (CVE-2026-55603). Data can be tampered with by attackers. Exploitable via ``req.body``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-55602 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55602)
vulnerability in http-proxy-middleware (CVE-2026-55602). Data can be tampered with by attackers. Exploitable via ``router``. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-55388 |
|
Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
|
| CVE-2026-55746 |
|
Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11395 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11395)
SSRF in wordpress (CVE-2026-11395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12407 |
|
Vulnerability in wordpress (CVE-2026-12407)
vulnerability in wordpress (CVE-2026-12407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12505 |
|
Vulnerability in CVE-2026-12505 (CVE-2026-12505)
vulnerability in CVE-2026-12505 (CVE-2026-12505). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53676 |
|
Vulnerability in CVE-2026-53676 (CVE-2026-53676)
vulnerability in CVE-2026-53676 (CVE-2026-53676). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48764 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48764)
SSRF in ssrf (CVE-2026-48764). Confidential information can be exposed externally.
|
| CVE-2026-48759 |
|
Vulnerability in CVE-2026-48759 (CVE-2026-48759)
vulnerability in CVE-2026-48759 (CVE-2026-48759). Data can be tampered with by attackers.
|
| CVE-2026-8050 |
|
Vulnerability in CVE-2026-8050 (CVE-2026-8050)
vulnerability in CVE-2026-8050 (CVE-2026-8050). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50200 |
|
Information Disclosure in Steeltoe.Management.Endpoint (CVE-2026-50200)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50200). Confidential information can be exposed externally. Exploitable via ``Sanitizer``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50196 |
|
Vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196)
vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196). Risk of unauthorized operations or information disclosure. Exploitable via ``DataCenterInfo.FromJson``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-50194 |
|
Vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-48997 |
|
OS Command Injection in c (CVE-2026-48997)
OS command injection in c (CVE-2026-48997). Data can be tampered with by attackers.
|
| CVE-2026-55200 |
|
Vulnerability in libssh2 (CVE-2026-55200)
vulnerability in libssh2 (CVE-2026-55200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55202 |
|
Vulnerability in CVE-2026-55202 (CVE-2026-55202)
vulnerability in CVE-2026-55202 (CVE-2026-55202). Confidential information can be exposed externally. Exploitable via `Host header`.
|
| CVE-2026-50107 |
|
Vulnerability in nginx (CVE-2026-50107)
vulnerability in nginx (CVE-2026-50107). Confidential information can be exposed externally.
|
| CVE-2026-12529 |
|
Vulnerability in CVE-2026-12529 (CVE-2026-12529)
vulnerability in CVE-2026-12529 (CVE-2026-12529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53871 |
|
Vulnerability in CVE-2026-53871 (CVE-2026-53871)
vulnerability in CVE-2026-53871 (CVE-2026-53871). Confidential information can be exposed externally.
|
| CVE-2026-10696 |
|
Vulnerability in devolutions (CVE-2026-10696)
vulnerability in devolutions (CVE-2026-10696). Risk of unauthorized operations or information disclosure.
|