Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-21413 |
|
Vulnerability in libraw (CVE-2026-21413)
vulnerability in libraw (CVE-2026-21413). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20889 |
|
Vulnerability in libraw (CVE-2026-20889)
vulnerability in libraw (CVE-2026-20889). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20911 |
|
Vulnerability in libraw (CVE-2026-20911)
vulnerability in libraw (CVE-2026-20911). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5735 |
|
Out-of-Bounds Write in mozilla (CVE-2026-5735)
out-of-bounds write in mozilla (CVE-2026-5735). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5731 |
|
Buffer Overflow in mozilla (CVE-2026-5731)
vulnerability in mozilla (CVE-2026-5731). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5734 |
|
Out-of-Bounds Write in mozilla (CVE-2026-5734)
out-of-bounds write in mozilla (CVE-2026-5734). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33816 |
|
CVE-2026-33816 in github.com/jackc/pgx
CVE-2026-33816 in github.com/jackc/pgx
|
| CVE-2026-28808 |
|
Authorization Flaw in erlang (CVE-2026-28808)
vulnerability in erlang (CVE-2026-28808). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35030 |
|
Authentication Bypass in litellm (CVE-2026-35030)
authentication bypass in litellm (CVE-2026-35030). Confidential information can be exposed externally. Mitigation: upgrade to `1.83.0` or later.
|
| CVE-2026-34977 |
|
OS Command Injection in c (CVE-2026-34977)
OS command injection in c (CVE-2026-34977). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-34444 |
|
Vulnerability in scoder (CVE-2026-34444)
vulnerability in scoder (CVE-2026-34444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31405 |
|
Out-of-Bounds Read in linux (CVE-2026-31405)
vulnerability in linux (CVE-2026-31405). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31402 |
|
Out-of-Bounds Write in linux (CVE-2026-31402)
out-of-bounds write in linux (CVE-2026-31402). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0545 |
|
Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28373 |
|
Path Traversal in path-traversal (CVE-2026-28373)
path traversal in path-traversal (CVE-2026-28373). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23455 |
|
Out-of-Bounds Read in linux (CVE-2026-23455)
vulnerability in linux (CVE-2026-23455). Confidential information can be exposed externally.
|
| CVE-2026-23450 |
|
Use-After-Free in linux (CVE-2026-23450)
vulnerability in linux (CVE-2026-23450). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34877 |
|
Vulnerability in arm (CVE-2026-34877)
vulnerability in arm (CVE-2026-34877). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32871 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-32871)
SSRF in ssrf (CVE-2026-32871). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-34873 |
|
Authentication Bypass in trustedfirmware (CVE-2026-34873)
authentication bypass in trustedfirmware (CVE-2026-34873). Confidential information can be exposed externally.
|
| CVE-2026-34875 |
|
Vulnerability in trustedfirmware (CVE-2026-34875)
vulnerability in trustedfirmware (CVE-2026-34875). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4374 |
|
XXE (XML External Entity) in rti (CVE-2026-4374)
vulnerability in rti (CVE-2026-4374). Confidential information can be exposed externally.
|
| CVE-2026-30283 |
|
Path Traversal in peaksel (CVE-2026-30283)
path traversal in peaksel (CVE-2026-30283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30282 |
|
Path Traversal in uxgroupllc (CVE-2026-30282)
path traversal in uxgroupllc (CVE-2026-30282). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30278 |
|
Path Traversal in funair (CVE-2026-30278)
path traversal in funair (CVE-2026-30278). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34060 |
|
Code Injection in shopify (CVE-2026-34060)
code injection in shopify (CVE-2026-34060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34714 |
|
OS Command Injection in vim (CVE-2026-34714)
OS command injection in vim (CVE-2026-34714). Confidential information can be exposed externally.
|
| CVE-2025-15379 |
|
Command Injection in lfprojects (CVE-2025-15379)
command injection in lfprojects (CVE-2025-15379). Successful exploitation can lead to full system takeover. Exploitable via ``python_env.yaml``.
|
| CVE-2025-15036 |
|
Vulnerability in path-traversal (CVE-2025-15036)
vulnerability in path-traversal (CVE-2025-15036). Successful exploitation can lead to full system takeover. Exploitable via ``extract_archive_to_dir``.
|
| CVE-2026-3256 |
|
Vulnerability in ktat (CVE-2026-3256)
vulnerability in ktat (CVE-2026-3256). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33937 |
|
Code Injection in handlebarsjs (CVE-2026-33937)
code injection in handlebarsjs (CVE-2026-33937). Successful exploitation can lead to full system takeover. Exploitable via ``value``.
|
| CVE-2026-33757 |
|
Vulnerability in openbao (CVE-2026-33757)
vulnerability in openbao (CVE-2026-33757). Confidential information can be exposed externally. Exploitable via ``callback_mode``.
|
| CVE-2026-27876 |
|
Code Injection in grafana (CVE-2026-27876)
code injection in grafana (CVE-2026-27876). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22738 |
|
Vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738)
vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.1.4` or later.
|
| CVE-2026-33728 |
|
Unsafe Deserialization in com.datadoghq:dd-java-agent (CVE-2026-33728)
vulnerability in com.datadoghq:dd-java-agent (CVE-2026-33728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.60.3` or later.
|
| CVE-2026-33701 |
|
Unsafe Deserialization in linuxfoundation (CVE-2026-33701)
vulnerability in linuxfoundation (CVE-2026-33701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30458 |
|
Vulnerability in thedaylightstudio (CVE-2026-30458)
vulnerability in thedaylightstudio (CVE-2026-30458). Confidential information can be exposed externally.
|
| CVE-2026-30457 |
|
Code Injection in thedaylightstudio (CVE-2026-30457)
code injection in thedaylightstudio (CVE-2026-30457). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26213 |
|
OS Command Injection in thingino (CVE-2026-26213)
OS command injection in thingino (CVE-2026-26213). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4809 |
|
Unrestricted File Upload in laravel (CVE-2026-4809)
vulnerability in laravel (CVE-2026-4809). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26832 |
|
OS Command Injection in zapolnoch (CVE-2026-26832)
OS command injection in zapolnoch (CVE-2026-26832). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33017 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-4729 |
|
Vulnerability in mozilla (CVE-2026-4729)
vulnerability in mozilla (CVE-2026-4729). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4721 |
|
Vulnerability in mozilla (CVE-2026-4721)
vulnerability in mozilla (CVE-2026-4721). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4720 |
|
Vulnerability in mozilla (CVE-2026-4720)
vulnerability in mozilla (CVE-2026-4720). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4696 |
|
Use-After-Free in mozilla (CVE-2026-4696)
vulnerability in mozilla (CVE-2026-4696). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4700 |
|
Vulnerability in mozilla (CVE-2026-4700)
vulnerability in mozilla (CVE-2026-4700). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4691 |
|
Use-After-Free in mozilla (CVE-2026-4691)
vulnerability in mozilla (CVE-2026-4691). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4689 |
|
Vulnerability in mozilla (CVE-2026-4689)
vulnerability in mozilla (CVE-2026-4689). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4692 |
|
Vulnerability in mozilla (CVE-2026-4692)
vulnerability in mozilla (CVE-2026-4692). Successful exploitation can lead to full system takeover.
|