Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-36608 |
|
Vulnerability in CVE-2026-36608 (CVE-2026-36608)
vulnerability in CVE-2026-36608 (CVE-2026-36608). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40290 |
|
Use-After-Free in linaro (CVE-2026-40290)
vulnerability in linaro (CVE-2026-40290). Successful exploitation can lead to full system takeover. Exploitable via ``sp_mem_lock``.
|
| CVE-2026-20230 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Cisco ssrf (CVE-2026-20230)
SSRF in Cisco ssrf (CVE-2026-20230). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6657 |
|
Vulnerability in jupyter (CVE-2026-6657)
vulnerability in jupyter (CVE-2026-6657). Successful exploitation can lead to full system takeover. Exploitable via ``allow_origin_pat``.
|
| CVE-2026-37462 |
|
Vulnerability in dos (CVE-2026-37462)
vulnerability in dos (CVE-2026-37462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36574 |
|
Vulnerability in CVE-2026-36574 (CVE-2026-36574)
vulnerability in CVE-2026-36574 (CVE-2026-36574). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37460 |
|
Vulnerability in c (CVE-2026-37460)
vulnerability in c (CVE-2026-37460). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-49042 |
|
Vulnerability in synology (CVE-2022-49042)
vulnerability in synology (CVE-2022-49042). Successful exploitation can lead to full system takeover.
|
| CVE-2022-49036 |
|
Vulnerability in synology (CVE-2022-49036)
vulnerability in synology (CVE-2022-49036). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35085 |
|
Vulnerability in mbs-solutions (CVE-2026-35085)
vulnerability in mbs-solutions (CVE-2026-35085). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35084 |
|
Vulnerability in mbs-solutions (CVE-2026-35084)
vulnerability in mbs-solutions (CVE-2026-35084). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35083 |
|
Vulnerability in mbs-solutions (CVE-2026-35083)
vulnerability in mbs-solutions (CVE-2026-35083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35082 |
|
Path Traversal in mbs-solutions (CVE-2026-35082)
path traversal in mbs-solutions (CVE-2026-35082). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35081 |
|
Vulnerability in mbs-solutions (CVE-2026-35081)
vulnerability in mbs-solutions (CVE-2026-35081). Data can be tampered with by attackers.
|
| CVE-2026-35080 |
|
Vulnerability in mbs-solutions (CVE-2026-35080)
vulnerability in mbs-solutions (CVE-2026-35080). Data can be tampered with by attackers.
|
| CVE-2026-35079 |
|
Vulnerability in mbs-solutions (CVE-2026-35079)
vulnerability in mbs-solutions (CVE-2026-35079). Data can be tampered with by attackers.
|
| CVE-2026-35078 |
|
Vulnerability in mbs-solutions (CVE-2026-35078)
vulnerability in mbs-solutions (CVE-2026-35078). Data can be tampered with by attackers.
|
| CVE-2026-35077 |
|
Vulnerability in mbs-solutions (CVE-2026-35077)
vulnerability in mbs-solutions (CVE-2026-35077). Data can be tampered with by attackers.
|
| CVE-2026-35076 |
|
Vulnerability in mbs-solutions (CVE-2026-35076)
vulnerability in mbs-solutions (CVE-2026-35076). Data can be tampered with by attackers.
|
| CVE-2026-41032 |
|
Information Disclosure in CVE-2026-41032 (CVE-2026-41032)
vulnerability in CVE-2026-41032 (CVE-2026-41032). Confidential information can be exposed externally.
|
| CVE-2025-15656 |
|
Vulnerability in privilege-escalation (CVE-2025-15656)
vulnerability in privilege-escalation (CVE-2025-15656). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15655 |
|
SQL Injection in sqli (CVE-2025-15655)
SQL injection in sqli (CVE-2025-15655). Confidential information can be exposed externally.
|
| CVE-2025-14774 |
|
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
Incorrect Authorization vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
|
| CVE-2025-14773 |
|
Cross-Site Scripting (XSS) in abb (CVE-2025-14773)
cross-site scripting in abb (CVE-2025-14773). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14772 |
|
Vulnerability in abb (CVE-2025-14772)
vulnerability in abb (CVE-2025-14772). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4035 |
|
Vulnerability in mlflow (CVE-2026-4035)
vulnerability in mlflow (CVE-2026-4035). Confidential information can be exposed externally. Exploitable via ``api_key``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2025-15654 |
|
Cross-Site Scripting (XSS) in CVE-2025-15654 (CVE-2025-15654)
cross-site scripting in CVE-2025-15654 (CVE-2025-15654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50031 |
|
Vulnerability in CVE-2026-50031 (CVE-2026-50031)
vulnerability in CVE-2026-50031 (CVE-2026-50031). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10704 |
|
Vulnerability in sqli (CVE-2026-10704)
vulnerability in sqli (CVE-2026-10704). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9516 |
|
Vulnerability in dos (CVE-2026-9516)
vulnerability in dos (CVE-2026-9516). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9334 |
|
Vulnerability in rurban (CVE-2026-9334)
vulnerability in rurban (CVE-2026-9334). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10694 |
|
Vulnerability in CVE-2026-10694 (CVE-2026-10694)
vulnerability in CVE-2026-10694 (CVE-2026-10694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42504 |
|
Vulnerability in stdlib (CVE-2026-42504)
vulnerability in stdlib (CVE-2026-42504). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.11, 1.26.4` or later.
|
| CVE-2010-0249 KEV |
|
[KEV] Use-After-Free in Microsoft internet-explorer (CVE-2010-0249)
vulnerability in Microsoft internet-explorer (CVE-2010-0249). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-44654 |
|
Authorization Flaw in librechat (CVE-2026-44654)
vulnerability in librechat (CVE-2026-44654). Data can be tampered with by attackers. Exploitable via `DELETE /api/files`.
|
| CVE-2026-35482 |
|
Authorization Flaw in CVE-2026-35482 (CVE-2026-35482)
vulnerability in CVE-2026-35482 (CVE-2026-35482). Successful exploitation can lead to full system takeover. Exploitable via ``returnClass``.
|
| CVE-2026-31942 |
|
Vulnerability in librechat (CVE-2026-31942)
vulnerability in librechat (CVE-2026-31942). Data can be tampered with by attackers. Exploitable via `PUT /api/keys`.
|
| CVE-2024-14036 |
|
Vulnerability in dos (CVE-2024-14036)
vulnerability in dos (CVE-2024-14036). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-4992 |
|
Vulnerability in CVE-2022-4992 (CVE-2022-4992)
vulnerability in CVE-2022-4992 (CVE-2022-4992). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-4481 |
|
Vulnerability in privilege-escalation (CVE-2021-4481)
vulnerability in privilege-escalation (CVE-2021-4481). Data can be tampered with by attackers.
|
| CVE-2021-4480 |
|
Vulnerability in privilege-escalation (CVE-2021-4480)
vulnerability in privilege-escalation (CVE-2021-4480). Data can be tampered with by attackers.
|
| CVE-2026-10620 |
|
Vulnerability in sqli (CVE-2026-10620)
vulnerability in sqli (CVE-2026-10620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10619 |
|
Authentication Bypass in CVE-2026-10619 (CVE-2026-10619)
authentication bypass in CVE-2026-10619 (CVE-2026-10619). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49443 |
|
Authentication Bypass in authentik (CVE-2026-49443)
authentication bypass in authentik (CVE-2026-49443). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
|
| CVE-2026-49143 |
|
Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
|
| CVE-2026-8036 |
|
Vulnerability in privilege-escalation (CVE-2026-8036)
vulnerability in privilege-escalation (CVE-2026-8036). Confidential information can be exposed externally.
|
| CVE-2026-8035 |
|
Vulnerability in dos (CVE-2026-8035)
vulnerability in dos (CVE-2026-8035). Data can be tampered with by attackers.
|
| CVE-2026-5073 |
|
SQL Injection in wordpress (CVE-2026-5073)
SQL injection in wordpress (CVE-2026-5073). Confidential information can be exposed externally.
|
| CVE-2026-49120 |
|
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription...
|
| CVE-2026-47265 |
|
Vulnerability in aiohttp (CVE-2026-47265)
vulnerability in aiohttp (CVE-2026-47265). Confidential information can be exposed externally. Exploitable via ``cookies``. Mitigation: upgrade to `3.14.0` or later.
|