Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-53283 Vulnerability in linux (CVE-2026-53283)
vulnerability in linux (CVE-2026-53283). Risk of unauthorized operations or information disclosure.
CVE-2026-53281 Vulnerability in linux (CVE-2026-53281)
vulnerability in linux (CVE-2026-53281). Successful exploitation can lead to full system takeover.
CVE-2026-13372 Vulnerability in devolutions (CVE-2026-13372)
vulnerability in devolutions (CVE-2026-13372). Successful exploitation can lead to full system takeover.
CVE-2026-49258 Vulnerability in github.com/juev/nebula-mesh (CVE-2026-49258)
vulnerability in github.com/juev/nebula-mesh (CVE-2026-49258). Risk of unauthorized operations or information disclosure. Exploitable via `POST /ui/hosts/{id}/block`.
GHSA-985r-q3qp-299h Vulnerability in thorsten/phpmyfaq (GHSA-985r-q3qp-299h)
vulnerability in thorsten/phpmyfaq (GHSA-985r-q3qp-299h). Risk of unauthorized operations or information disclosure. Exploitable via ``userId``. Mitigation: upgrade to `4.1.4` or later.
CVE-2026-52885 Vulnerability in cpp (CVE-2026-52885)
vulnerability in cpp (CVE-2026-52885). Data can be tampered with by attackers. Mitigation: upgrade to `8.9.6.4` or later.
CVE-2026-52884 Vulnerability in cpp (CVE-2026-52884)
vulnerability in cpp (CVE-2026-52884). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.2` or later.
CVE-2026-48800 OS Command Injection in cpp (CVE-2026-48800)
OS command injection in cpp (CVE-2026-48800). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.1` or later.
CVE-2026-48778 OS Command Injection in cpp (CVE-2026-48778)
OS command injection in cpp (CVE-2026-48778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6.1` or later.
CVE-2026-48770 Out-of-Bounds Read in notepad-plus-plus (CVE-2026-48770)
vulnerability in notepad-plus-plus (CVE-2026-48770). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.9.6.1` or later.
CVE-2026-46710 Vulnerability in privilege-escalation (CVE-2026-46710)
vulnerability in privilege-escalation (CVE-2026-46710). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6` or later.
CVE-2026-46604 The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.
GHSA-rp72-5v5q-2446 Path Traversal in @cardano402/mcp-server (GHSA-rp72-5v5q-2446)
path traversal in @cardano402/mcp-server (GHSA-rp72-5v5q-2446). Risk of unauthorized operations or information disclosure. Exploitable via ``Origin``. Mitigation: upgrade to `0.1.2` or later.
GHSA-75mw-h36v-2jv7 Cross-Site Scripting (XSS) in dosage (GHSA-75mw-h36v-2jv7)
cross-site scripting in dosage (GHSA-75mw-h36v-2jv7). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3` or later.
GHSA-6q7j-xr26-3h2c Vulnerability in Scriban (GHSA-6q7j-xr26-3h2c)
vulnerability in Scriban (GHSA-6q7j-xr26-3h2c). Risk of unauthorized operations or information disclosure. Exploitable via ``ExpressionDepthLimit``. Mitigation: upgrade to `6.6.0` or later.
GHSA-q6rr-fm2g-g5x8 Vulnerability in Scriban (GHSA-q6rr-fm2g-g5x8)
vulnerability in Scriban (GHSA-q6rr-fm2g-g5x8). Risk of unauthorized operations or information disclosure. Exploitable via ``LoopLimit``. Mitigation: upgrade to `7.2.1` or later.
GHSA-v2jf-442r-6mjh Vulnerability in github.com/juev/nebula-mesh (GHSA-v2jf-442r-6mjh)
vulnerability in github.com/juev/nebula-mesh (GHSA-v2jf-442r-6mjh). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.4` or later.
GHSA-q683-8468-r6h6 Information Disclosure in web-auth/webauthn-symfony-bundle (GHSA-q683-8468-r6h6)
vulnerability in web-auth/webauthn-symfony-bundle (GHSA-q683-8468-r6h6). Risk of unauthorized operations or information disclosure. Exploitable via ``LineFormatter``. Mitigation: upgrade to `5.3.4` or later.
GHSA-3p34-w4f6-5xh2 Path Traversal in better-helperjs (GHSA-3p34-w4f6-5xh2)
path traversal in better-helperjs (GHSA-3p34-w4f6-5xh2). Risk of unauthorized operations or information disclosure. Exploitable via ``startsWith``. Mitigation: upgrade to `3.0.6` or later.
GHSA-fhp4-pr5j-46m5 Vulnerability in muhammara (GHSA-fhp4-pr5j-46m5)
vulnerability in muhammara (GHSA-fhp4-pr5j-46m5). Risk of unauthorized operations or information disclosure. Exploitable via ``EarlyChange``. Mitigation: upgrade to `6.0.5` or later.
GHSA-j7f5-gfqm-pcx3 Vulnerability in pterodactyl/panel (GHSA-j7f5-gfqm-pcx3)
vulnerability in pterodactyl/panel (GHSA-j7f5-gfqm-pcx3). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.12.3` or later.
GHSA-rhq6-9rgh-v45c Vulnerability in github.com/pterodactyl/wings (GHSA-rhq6-9rgh-v45c)
vulnerability in github.com/pterodactyl/wings (GHSA-rhq6-9rgh-v45c). Risk of unauthorized operations or information disclosure. Exploitable via ``AT_SYMLINK_NOFOLLOW``. Mitigation: upgrade to `1.12.2` or later.
CVE-2026-48813 Vulnerability in flawfinder (CVE-2026-48813)
vulnerability in flawfinder (CVE-2026-48813). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.0.20` or later.
CVE-2026-48804 Vulnerability in python-socketio (CVE-2026-48804)
vulnerability in python-socketio (CVE-2026-48804). Risk of unauthorized operations or information disclosure. Exploitable via ``EVENT``. Mitigation: upgrade to `5.16.2` or later.
CVE-2026-48802 Vulnerability in python-engineio (CVE-2026-48802)
vulnerability in python-engineio (CVE-2026-48802). Risk of unauthorized operations or information disclosure. Exploitable via ``connect``. Mitigation: upgrade to `4.13.2` or later.
GHSA-98x5-vq43-vc5p Vulnerability in semantic-router (GHSA-98x5-vq43-vc5p)
vulnerability in semantic-router (GHSA-98x5-vq43-vc5p). Risk of unauthorized operations or information disclosure. Exploitable via ``litellm_init.pth``. Mitigation: upgrade to `0.1.15` or later.
CVE-2026-48809 Vulnerability in python-engineio (CVE-2026-48809)
vulnerability in python-engineio (CVE-2026-48809). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.13.2` or later.
CVE-2026-48801 Vulnerability in linkify-it (CVE-2026-48801)
vulnerability in linkify-it (CVE-2026-48801). Risk of unauthorized operations or information disclosure. Exploitable via ``LinkifyIt.prototype.match``. Mitigation: upgrade to `5.0.1` or later.
CVE-2026-48790 Vulnerability in github.com/tursodatabase/turso-cli (CVE-2026-48790)
vulnerability in github.com/tursodatabase/turso-cli (CVE-2026-48790). Risk of unauthorized operations or information disclosure. Exploitable via ``configPermissions``. Mitigation: upgrade to `1.0.26` or later.
GHSA-m8j6-rc5x-wv36 Vulnerability in nono-py (GHSA-m8j6-rc5x-wv36)
vulnerability in nono-py (GHSA-m8j6-rc5x-wv36). Risk of unauthorized operations or information disclosure. Exploitable via ``ProxyConfig``. Mitigation: upgrade to `0.10.1` or later.
GHSA-9j7f-3r4p-pwh6 Vulnerability in nono-py (GHSA-9j7f-3r4p-pwh6)
vulnerability in nono-py (GHSA-9j7f-3r4p-pwh6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.11.0` or later.
GHSA-72w7-mf9g-733p Vulnerability in nono-py (GHSA-72w7-mf9g-733p)
vulnerability in nono-py (GHSA-72w7-mf9g-733p). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTP_PROXY``. Mitigation: upgrade to `0.10.1` or later.
CVE-2026-41262 Authorization Flaw in github.com/fleetdm/fleet/v4 (CVE-2026-41262)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-41262). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/latest/fleet/policies/{policy_id}`. Mitigation: upgrade to `4.85.0` or later.
GHSA-jqc5-2p7q-fqfc Vulnerability in github.com/apernet/hysteria (GHSA-jqc5-2p7q-fqfc)
vulnerability in github.com/apernet/hysteria (GHSA-jqc5-2p7q-fqfc). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.9.2` or later.
CVE-2026-55838 Vulnerability in CVE-2026-55838 (CVE-2026-55838)
vulnerability in CVE-2026-55838 (CVE-2026-55838). Risk of unauthorized operations or information disclosure.
CVE-2026-55189 Vulnerability in CVE-2026-55189 (CVE-2026-55189)
vulnerability in CVE-2026-55189 (CVE-2026-55189). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
CVE-2026-55188 Information Disclosure in CVE-2026-55188 (CVE-2026-55188)
vulnerability in CVE-2026-55188 (CVE-2026-55188). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
CVE-2026-52785 SQL Injection in sqli (CVE-2026-52785)
SQL injection in sqli (CVE-2026-52785). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52784 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-52784)
vulnerability in csrf (CVE-2026-52784). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52783 Vulnerability in rails (CVE-2026-52783)
vulnerability in rails (CVE-2026-52783). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52782 Vulnerability in CVE-2026-52782 (CVE-2026-52782)
vulnerability in CVE-2026-52782 (CVE-2026-52782). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52781 Cross-Site Scripting (XSS) in CVE-2026-52781 (CVE-2026-52781)
cross-site scripting in CVE-2026-52781 (CVE-2026-52781). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52780 Vulnerability in CVE-2026-52780 (CVE-2026-52780)
vulnerability in CVE-2026-52780 (CVE-2026-52780). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-52779 Vulnerability in CVE-2026-52779 (CVE-2026-52779)
vulnerability in CVE-2026-52779 (CVE-2026-52779). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-49991 Path Traversal in path-traversal (CVE-2026-49991)
path traversal in path-traversal (CVE-2026-49991). Data can be tampered with by attackers.
CVE-2026-49355 Information Disclosure in CVE-2026-49355 (CVE-2026-49355)
vulnerability in CVE-2026-49355 (CVE-2026-49355). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v3/meetings/`. Mitigation: upgrade to `17.4.0` or later.
CVE-2026-47193 Information Disclosure in CVE-2026-47193 (CVE-2026-47193)
vulnerability in CVE-2026-47193 (CVE-2026-47193). Confidential information can be exposed externally. Mitigation: upgrade to `17.3.3` or later.
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2026-44736 Information Disclosure in CVE-2026-44736 (CVE-2026-44736)
vulnerability in CVE-2026-44736 (CVE-2026-44736). Confidential information can be exposed externally. Exploitable via `GET /api/v3/relations`. Mitigation: upgrade to `17.4.0` or later.
CVE-2026-44735 Authorization Flaw in CVE-2026-44735 (CVE-2026-44735)
vulnerability in CVE-2026-44735 (CVE-2026-44735). Confidential information can be exposed externally. Exploitable via `GET /api/v3/shares`. Mitigation: upgrade to `17.3.2` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →