Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42678 |
|
Cross-Site Scripting (XSS) in CVE-2026-42678 (CVE-2026-42678)
cross-site scripting in CVE-2026-42678 (CVE-2026-42678). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42677 |
|
Vulnerability in CVE-2026-42677 (CVE-2026-42677)
vulnerability in CVE-2026-42677 (CVE-2026-42677). Confidential information can be exposed externally.
|
| CVE-2026-42675 |
|
Vulnerability in CVE-2026-42675 (CVE-2026-42675)
vulnerability in CVE-2026-42675 (CVE-2026-42675). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42674 |
|
Vulnerability in CVE-2026-42674 (CVE-2026-42674)
vulnerability in CVE-2026-42674 (CVE-2026-42674). Data can be tampered with by attackers.
|
| CVE-2026-42673 |
|
Vulnerability in CVE-2026-42673 (CVE-2026-42673)
vulnerability in CVE-2026-42673 (CVE-2026-42673). Confidential information can be exposed externally.
|
| CVE-2026-38950 |
|
Unsafe Deserialization in deserialization (CVE-2026-38950)
vulnerability in deserialization (CVE-2026-38950). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37227 |
|
Vulnerability in CVE-2026-37227 (CVE-2026-37227)
vulnerability in CVE-2026-37227 (CVE-2026-37227). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37225 |
|
Vulnerability in CVE-2026-37225 (CVE-2026-37225)
vulnerability in CVE-2026-37225 (CVE-2026-37225). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37223 |
|
Vulnerability in CVE-2026-37223 (CVE-2026-37223)
vulnerability in CVE-2026-37223 (CVE-2026-37223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37222 |
|
Vulnerability in CVE-2026-37222 (CVE-2026-37222)
vulnerability in CVE-2026-37222 (CVE-2026-37222). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37224 |
|
Vulnerability in CVE-2026-37224 (CVE-2026-37224)
vulnerability in CVE-2026-37224 (CVE-2026-37224). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10273 |
|
Command Injection in CVE-2026-10273 (CVE-2026-10273)
command injection in CVE-2026-10273 (CVE-2026-10273). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10270 |
|
Buffer Overflow in dlink (CVE-2026-10270)
vulnerability in dlink (CVE-2026-10270). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10118 |
|
Vulnerability in dos (CVE-2026-10118)
vulnerability in dos (CVE-2026-10118). Successful exploitation can lead to full system takeover. Exploitable via ``tilingPatternFill``.
|
| CVE-2022-4991 |
|
Vulnerability in CVE-2022-4991 (CVE-2022-4991)
vulnerability in CVE-2022-4991 (CVE-2022-4991). Confidential information can be exposed externally.
|
| CVE-2026-48865 |
|
Cross-Site Scripting (XSS) in CVE-2026-48865 (CVE-2026-48865)
cross-site scripting in CVE-2026-48865 (CVE-2026-48865). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42681 |
|
Cross-Site Scripting (XSS) in CVE-2026-42681 (CVE-2026-42681)
cross-site scripting in CVE-2026-42681 (CVE-2026-42681). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48839 |
|
Cross-Site Scripting (XSS) in CVE-2026-48839 (CVE-2026-48839)
cross-site scripting in CVE-2026-48839 (CVE-2026-48839). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42683 |
|
Cross-Site Scripting (XSS) in CVE-2026-42683 (CVE-2026-42683)
cross-site scripting in CVE-2026-42683 (CVE-2026-42683). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37221 |
|
Vulnerability in CVE-2026-37221 (CVE-2026-37221)
vulnerability in CVE-2026-37221 (CVE-2026-37221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37220 |
|
Vulnerability in CVE-2026-37220 (CVE-2026-37220)
vulnerability in CVE-2026-37220 (CVE-2026-37220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10259 |
|
Buffer Overflow in CVE-2026-10259 (CVE-2026-10259)
vulnerability in CVE-2026-10259 (CVE-2026-10259). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10260 |
|
Vulnerability in sqli (CVE-2026-10260)
vulnerability in sqli (CVE-2026-10260). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10262 |
|
Vulnerability in sqli (CVE-2026-10262)
vulnerability in sqli (CVE-2026-10262). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10263 |
|
Vulnerability in sqli (CVE-2026-10263)
vulnerability in sqli (CVE-2026-10263). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10261 |
|
Vulnerability in sqli (CVE-2026-10261)
vulnerability in sqli (CVE-2026-10261). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-40646 |
|
Path Traversal in path-traversal (CVE-2024-40646)
path traversal in path-traversal (CVE-2024-40646). Confidential information can be exposed externally.
|
| CVE-2026-48119 |
|
Vulnerability in github.com/nezhahq/nezha (CVE-2026-48119)
vulnerability in github.com/nezhahq/nezha (CVE-2026-48119). Data can be tampered with by attackers. Exploitable via ``TaskResult``. Mitigation: upgrade to `2.0.12` or later.
|
| CVE-2026-10253 |
|
Vulnerability in sqli (CVE-2026-10253)
vulnerability in sqli (CVE-2026-10253). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10252 |
|
Vulnerability in sqli (CVE-2026-10252)
vulnerability in sqli (CVE-2026-10252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10251 |
|
Vulnerability in sqli (CVE-2026-10251)
vulnerability in sqli (CVE-2026-10251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10250 |
|
Vulnerability in sqli (CVE-2026-10250)
vulnerability in sqli (CVE-2026-10250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10249 |
|
Vulnerability in sqli (CVE-2026-10249)
vulnerability in sqli (CVE-2026-10249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48827 |
|
Path Traversal in apache (CVE-2026-48827)
path traversal in apache (CVE-2026-48827). Confidential information can be exposed externally.
|
| CVE-2026-49361 |
|
Vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361)
vulnerability in org.apache.fluss:fluss-common (CVE-2026-49361). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.1-incubating` or later.
|
| CVE-2026-9024 |
|
Cross-Site Scripting (XSS) in CVE-2026-9024 (CVE-2026-9024)
cross-site scripting in CVE-2026-9024 (CVE-2026-9024). Confidential information can be exposed externally.
|
| CVE-2026-49298 |
|
Vulnerability in airflow (CVE-2026-49298)
vulnerability in airflow (CVE-2026-49298). Successful exploitation can lead to full system takeover. Exploitable via ``KubernetesExecutor``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-49157 |
|
Vulnerability in activemq (CVE-2026-49157)
vulnerability in activemq (CVE-2026-49157). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-45505 |
|
Vulnerability in activemq (CVE-2026-45505)
vulnerability in activemq (CVE-2026-45505). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-41084 |
|
Vulnerability in apache-airflow (CVE-2026-41084)
vulnerability in apache-airflow (CVE-2026-41084). Data can be tampered with by attackers. Exploitable via `DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-44825 |
|
Vulnerability in solr (CVE-2026-44825)
vulnerability in solr (CVE-2026-44825). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.0.0` or later.
|
| CVE-2026-42588 |
|
Vulnerability in activemq (CVE-2026-42588)
vulnerability in activemq (CVE-2026-42588). Confidential information can be exposed externally. Mitigation: upgrade to `5.19.7, 6.2.6` or later.
|
| CVE-2026-45360 |
|
Unsafe Deserialization in apache-airflow (CVE-2026-45360)
vulnerability in apache-airflow (CVE-2026-45360). Risk of unauthorized operations or information disclosure. Exploitable via ``DeadlineReference``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-42359 |
|
Unsafe Deserialization in apache-airflow (CVE-2026-42359)
vulnerability in apache-airflow (CVE-2026-42359). Successful exploitation can lead to full system takeover. Exploitable via `PATCH /api/v2/xcomEntries/{key}`. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-40961 |
|
Open Redirect in airflow (CVE-2026-40961)
vulnerability in airflow (CVE-2026-40961). Risk of unauthorized operations or information disclosure. Exploitable via ``is_safe_url``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-32325 |
|
Vulnerability in CVE-2026-32325 (CVE-2026-32325)
vulnerability in CVE-2026-32325 (CVE-2026-32325). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10243 |
|
Authentication Bypass in CVE-2026-10243 (CVE-2026-10243)
authentication bypass in CVE-2026-10243 (CVE-2026-10243). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10236 |
|
Vulnerability in CVE-2026-10236 (CVE-2026-10236)
vulnerability in CVE-2026-10236 (CVE-2026-10236). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27788 |
|
Vulnerability in jvn (CVE-2026-27788)
vulnerability in jvn (CVE-2026-27788). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35563 |
|
Vulnerability in org.apache.directory.api:api-ldap-client-api (CVE-2026-35563)
vulnerability in org.apache.directory.api:api-ldap-client-api (CVE-2026-35563). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.8` or later.
|