Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40998 |
|
XXE (XML External Entity) in CVE-2026-40998 (CVE-2026-40998)
vulnerability in CVE-2026-40998 (CVE-2026-40998). Confidential information can be exposed externally.
|
| CVE-2026-40994 |
|
Vulnerability in CVE-2026-40994 (CVE-2026-40994)
vulnerability in CVE-2026-40994 (CVE-2026-40994). Data can be tampered with by attackers.
|
| CVE-2026-40987 |
|
Path Traversal in CVE-2026-40987 (CVE-2026-40987)
path traversal in CVE-2026-40987 (CVE-2026-40987). Data can be tampered with by attackers.
|
| CVE-2026-10795 |
|
Vulnerability in wordpress (CVE-2026-10795)
vulnerability in wordpress (CVE-2026-10795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53461 |
|
Out-of-Bounds Write in Magick.NET-Q16-AnyCPU (CVE-2026-53461)
out-of-bounds write in Magick.NET-Q16-AnyCPU (CVE-2026-53461). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-53460 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-53460)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-53460). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-52726 |
|
Path Traversal in dulwich (CVE-2026-52726)
path traversal in dulwich (CVE-2026-52726). Risk of unauthorized operations or information disclosure. Exploitable via ``dulwich.porcelain.submodule_update``. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-50223 |
|
Code Injection in apache (CVE-2026-50223)
code injection in apache (CVE-2026-50223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49218 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-49218)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-49218). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.14.0` or later.
|
| CVE-2026-47342 |
|
Vulnerability in apache (CVE-2026-47342)
vulnerability in apache (CVE-2026-47342). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44693 |
|
Vulnerability in CVE-2026-44693 (CVE-2026-44693)
vulnerability in CVE-2026-44693 (CVE-2026-44693). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42558 |
|
Cross-Site Scripting (XSS) in CVE-2026-42558 (CVE-2026-42558)
cross-site scripting in CVE-2026-42558 (CVE-2026-42558). Confidential information can be exposed externally.
|
| CVE-2026-53738 |
|
Authorization Flaw in CVE-2026-53738 (CVE-2026-53738)
vulnerability in CVE-2026-53738 (CVE-2026-53738). Data can be tampered with by attackers.
|
| CVE-2026-50131 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50131)
SSRF in ssrf (CVE-2026-50131). Confidential information can be exposed externally.
|
| CVE-2026-48110 |
|
Vulnerability in russh (CVE-2026-48110)
vulnerability in russh (CVE-2026-48110). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.0` or later.
|
| CVE-2026-46669 |
|
Vulnerability in openvm (CVE-2026-46669)
vulnerability in openvm (CVE-2026-46669). Data can be tampered with by attackers.
|
| CVE-2026-42542 |
|
Vulnerability in tdengine (CVE-2026-42542)
vulnerability in tdengine (CVE-2026-42542). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2049 |
|
Vulnerability in CVE-2026-2049 (CVE-2026-2049)
vulnerability in CVE-2026-2049 (CVE-2026-2049). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10143 |
|
Vulnerability in dpkp (CVE-2026-10143)
vulnerability in dpkp (CVE-2026-10143). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10142 |
|
Vulnerability in dpkp (CVE-2026-10142)
vulnerability in dpkp (CVE-2026-10142). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-26758 |
|
Vulnerability in apple (CVE-2022-26758)
vulnerability in apple (CVE-2022-26758). Confidential information can be exposed externally.
|
| CVE-2026-6893 |
|
OS Command Injection in CVE-2026-6893 (CVE-2026-6893)
OS command injection in CVE-2026-6893 (CVE-2026-6893). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1220 |
|
Vulnerability in google (CVE-2026-1220)
vulnerability in google (CVE-2026-1220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46529 |
|
Command Injection in c (CVE-2026-46529)
command injection in c (CVE-2026-46529). Successful exploitation can lead to full system takeover. Exploitable via ``g_shell_quote``. Mitigation: upgrade to `1.6.2` or later.
|
| CVE-2026-50637 |
|
Vulnerability in pevans (CVE-2026-50637)
vulnerability in pevans (CVE-2026-50637). Data can be tampered with by attackers.
|
| CVE-2026-20251 |
|
Unsafe Deserialization in deserialization (CVE-2026-20251)
vulnerability in deserialization (CVE-2026-20251). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20258 |
|
Cross-Site Scripting (XSS) in splunk (CVE-2026-20258)
cross-site scripting in splunk (CVE-2026-20258). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20252 |
|
SSRF (Server-Side Request Forgery) in splunk (CVE-2026-20252)
SSRF in splunk (CVE-2026-20252). Confidential information can be exposed externally.
|
| CVE-2026-50570 |
|
Privilege Escalation in CVE-2026-50570 (CVE-2026-50570)
vulnerability in CVE-2026-50570 (CVE-2026-50570). Data can be tampered with by attackers.
|
| CVE-2026-50567 |
|
Path Traversal in CVE-2026-50567 (CVE-2026-50567)
path traversal in CVE-2026-50567 (CVE-2026-50567). Data can be tampered with by attackers.
|
| CVE-2026-49824 |
|
Vulnerability in github.com/fission/fission (CVE-2026-49824)
vulnerability in github.com/fission/fission (CVE-2026-49824). Confidential information can be exposed externally. Exploitable via ``spec.environment.namespace``. Mitigation: upgrade to `1.24.0` or later.
|
| CVE-2026-49823 |
|
Vulnerability in github.com/fission/fission (CVE-2026-49823)
vulnerability in github.com/fission/fission (CVE-2026-49823). Confidential information can be exposed externally. Exploitable via ``PackageRef.Namespace``. Mitigation: upgrade to `1.24.0` or later.
|
| CVE-2026-49822 |
|
Vulnerability in github.com/fission/fission (CVE-2026-49822)
vulnerability in github.com/fission/fission (CVE-2026-49822). Confidential information can be exposed externally. Exploitable via ``KubernetesWatchTrigger``. Mitigation: upgrade to `1.24.0` or later.
|
| CVE-2026-49821 |
|
Vulnerability in github.com/fission/fission (CVE-2026-49821)
vulnerability in github.com/fission/fission (CVE-2026-49821). Confidential information can be exposed externally. Exploitable via ``buildermgr``. Mitigation: upgrade to `1.24.0` or later.
|
| CVE-2026-11417 |
|
OS Command Injection in aws-cdk-lib (CVE-2026-11417)
OS command injection in aws-cdk-lib (CVE-2026-11417). Successful exploitation can lead to full system takeover. Exploitable via ``NodejsFunction``. Mitigation: upgrade to `2.246.0` or later.
|
| CVE-2025-53114 |
|
Vulnerability in org.cometd.java:cometd-java-server-common (CVE-2025-53114)
vulnerability in org.cometd.java:cometd-java-server-common (CVE-2025-53114). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.x` or later.
|
| CVE-2026-49759 |
|
Vulnerability in c (CVE-2026-49759)
vulnerability in c (CVE-2026-49759). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46558 |
|
Vulnerability in plane (CVE-2026-46558)
vulnerability in plane (CVE-2026-46558). Confidential information can be exposed externally.
|
| CVE-2026-45569 |
|
Path Traversal in c (CVE-2026-45569)
path traversal in c (CVE-2026-45569). Confidential information can be exposed externally.
|
| CVE-2026-45567 |
|
Authentication Bypass in nginx (CVE-2026-45567)
authentication bypass in nginx (CVE-2026-45567). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45565 |
|
Vulnerability in nginx (CVE-2026-45565)
vulnerability in nginx (CVE-2026-45565). Confidential information can be exposed externally.
|
| CVE-2026-25700 |
|
Vulnerability in apache (CVE-2026-25700)
vulnerability in apache (CVE-2026-25700). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9045 |
|
Vulnerability in CVE-2026-9045 (CVE-2026-9045)
vulnerability in CVE-2026-9045 (CVE-2026-9045). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8637 |
|
Vulnerability in CVE-2026-8637 (CVE-2026-8637)
vulnerability in CVE-2026-8637 (CVE-2026-8637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6090 |
|
Vulnerability in CVE-2026-6090 (CVE-2026-6090)
vulnerability in CVE-2026-6090 (CVE-2026-6090). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53689 |
|
Vulnerability in c (CVE-2026-53689)
vulnerability in c (CVE-2026-53689). Confidential information can be exposed externally.
|
| CVE-2026-53473 |
|
Cross-Site Scripting (XSS) in kubev2v (CVE-2026-53473)
cross-site scripting in kubev2v (CVE-2026-53473). Confidential information can be exposed externally.
|
| CVE-2026-45564 |
|
OS Command Injection in c (CVE-2026-45564)
OS command injection in c (CVE-2026-45564). Successful exploitation can lead to full system takeover. Exploitable via `POST /config/versions/`.
|
| CVE-2026-45549 |
|
Vulnerability in nginx (CVE-2026-45549)
vulnerability in nginx (CVE-2026-45549). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9758 |
|
Vulnerability in CVE-2026-9758 (CVE-2026-9758)
vulnerability in CVE-2026-9758 (CVE-2026-9758). Risk of unauthorized operations or information disclosure.
|