Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2018-25418 SQL Injection in sqli (CVE-2018-25418)
SQL injection in sqli (CVE-2018-25418). Confidential information can be exposed externally.
CVE-2018-25414 SQL Injection in sqli (CVE-2018-25414)
SQL injection in sqli (CVE-2018-25414). Confidential information can be exposed externally.
CVE-2018-25415 SQL Injection in sqli (CVE-2018-25415)
SQL injection in sqli (CVE-2018-25415). Confidential information can be exposed externally.
CVE-2018-25416 SQL Injection in sqli (CVE-2018-25416)
SQL injection in sqli (CVE-2018-25416). Confidential information can be exposed externally.
CVE-2018-25413 SQL Injection in sqli (CVE-2018-25413)
SQL injection in sqli (CVE-2018-25413). Confidential information can be exposed externally.
CVE-2018-25407 SQL Injection in sqli (CVE-2018-25407)
SQL injection in sqli (CVE-2018-25407). Confidential information can be exposed externally.
CVE-2018-25408 Path Traversal in path-traversal (CVE-2018-25408)
path traversal in path-traversal (CVE-2018-25408). Confidential information can be exposed externally.
CVE-2018-25409 Unrestricted File Upload in CVE-2018-25409 (CVE-2018-25409)
vulnerability in CVE-2018-25409 (CVE-2018-25409). Successful exploitation can lead to full system takeover.
CVE-2018-25411 SQL Injection in sqli (CVE-2018-25411)
SQL injection in sqli (CVE-2018-25411). Confidential information can be exposed externally.
CVE-2018-25410 SQL Injection in sqli (CVE-2018-25410)
SQL injection in sqli (CVE-2018-25410). Confidential information can be exposed externally.
CVE-2018-25406 SQL Injection in sqli (CVE-2018-25406)
SQL injection in sqli (CVE-2018-25406). Confidential information can be exposed externally.
CVE-2018-25405 SQL Injection in sqli (CVE-2018-25405)
SQL injection in sqli (CVE-2018-25405). Confidential information can be exposed externally.
CVE-2026-10120 Buffer Overflow in CVE-2026-10120 (CVE-2026-10120)
vulnerability in CVE-2026-10120 (CVE-2026-10120). Successful exploitation can lead to full system takeover.
CVE-2026-10119 Buffer Overflow in CVE-2026-10119 (CVE-2026-10119)
vulnerability in CVE-2026-10119 (CVE-2026-10119). Successful exploitation can lead to full system takeover.
CVE-2026-46242 Use-After-Free in linux (CVE-2026-46242)
vulnerability in linux (CVE-2026-46242). Successful exploitation can lead to full system takeover.
CVE-2026-7465 Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
CVE-2026-9757 SQL Injection in wordpress (CVE-2026-9757)
SQL injection in wordpress (CVE-2026-9757). Confidential information can be exposed externally.
CVE-2026-7459 Vulnerability in wordpress (CVE-2026-7459)
vulnerability in wordpress (CVE-2026-7459). Successful exploitation can lead to full system takeover.
CVE-2026-10111 Vulnerability in sqli (CVE-2026-10111)
vulnerability in sqli (CVE-2026-10111). Risk of unauthorized operations or information disclosure.
CVE-2026-10110 Vulnerability in sqli (CVE-2026-10110)
vulnerability in sqli (CVE-2026-10110). Risk of unauthorized operations or information disclosure.
CVE-2026-47201 Vulnerability in goauthentik.io (CVE-2026-47201)
vulnerability in goauthentik.io (CVE-2026-47201). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.0-20260528144335-a370d76d23c7` or later.
CVE-2026-46599 Vulnerability in golang.org/x/image (CVE-2026-46599)
vulnerability in golang.org/x/image (CVE-2026-46599). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.41.0` or later.
CVE-2026-46527 Vulnerability in c (CVE-2026-46527)
vulnerability in c (CVE-2026-46527). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-47123 Vulnerability in laravel (CVE-2026-47123)
vulnerability in laravel (CVE-2026-47123). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.220` or later.
CVE-2026-48557 Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
CVE-2026-48555 SSRF (Server-Side Request Forgery) in spatie/laravel-medialibrary (CVE-2026-48555)
SSRF in spatie/laravel-medialibrary (CVE-2026-48555). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.23.0` or later.
CVE-2026-44420 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel b...
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process...
CVE-2026-44285 FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network prot...
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This is achieved by exploi...
CVE-2026-44422 Vulnerability in freerdp (CVE-2026-44422)
vulnerability in freerdp (CVE-2026-44422). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
CVE-2026-44421 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
CVE-2026-47260 SSRF (Server-Side Request Forgery) in phanan/koel (CVE-2026-47260)
SSRF in phanan/koel (CVE-2026-47260). Confidential information can be exposed externally. Exploitable via `POST /api/podcasts`. Mitigation: upgrade to `9.3.5` or later.
CVE-2026-46702 Vulnerability in russh (CVE-2026-46702)
vulnerability in russh (CVE-2026-46702). Risk of unauthorized operations or information disclosure. Exploitable via ``russh``. Mitigation: upgrade to `0.61.1` or later.
CVE-2026-49374 Vulnerability in jetbrains (CVE-2026-49374)
vulnerability in jetbrains (CVE-2026-49374). Confidential information can be exposed externally.
CVE-2026-49372 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49373 Vulnerability in jetbrains (CVE-2026-49373)
vulnerability in jetbrains (CVE-2026-49373). Confidential information can be exposed externally.
CVE-2026-49368 In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CVE-2026-49366 In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVE-2026-49371 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-49367 In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVE-2026-47740 shopper/framework: Authorization bypass in multiple Livewire admin components
shopper/framework: Authorization bypass in multiple Livewire admin components
CVE-2026-42929 Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
CVE-2026-5768 Vulnerability in CVE-2026-5768 (CVE-2026-5768)
vulnerability in CVE-2026-5768 (CVE-2026-5768). Successful exploitation can lead to full system takeover.
CVE-2026-10107 SSRF (Server-Side Request Forgery) in CVE-2026-10107 (CVE-2026-10107)
SSRF in CVE-2026-10107 (CVE-2026-10107). Confidential information can be exposed externally.
CVE-2026-10108 Path Traversal in xiaomusic (CVE-2026-10108)
path traversal in xiaomusic (CVE-2026-10108). Confidential information can be exposed externally. Exploitable via `GET /music/{file_path`. Mitigation: upgrade to `0.5.8` or later.
CVE-2026-10105 SQL Injection in agno (CVE-2026-10105)
SQL injection in agno (CVE-2026-10105). Confidential information can be exposed externally.
CVE-2026-47139 Vulnerability in vm2 (CVE-2026-47139)
vulnerability in vm2 (CVE-2026-47139). Confidential information can be exposed externally. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47209 Vulnerability in vm2 (CVE-2026-47209)
vulnerability in vm2 (CVE-2026-47209). Data can be tampered with by attackers. Exploitable via ``BaseHandler.set``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-47135 Vulnerability in vm2 (CVE-2026-47135)
vulnerability in vm2 (CVE-2026-47135). Confidential information can be exposed externally. Exploitable via ``Symbol.for``. Mitigation: upgrade to `3.11.4` or later.
CVE-2026-45662 OS Command Injection in CVE-2026-45662 (CVE-2026-45662)
OS command injection in CVE-2026-45662 (CVE-2026-45662). Successful exploitation can lead to full system takeover.
CVE-2026-35674 Authorization Flaw in openclaw (CVE-2026-35674)
vulnerability in openclaw (CVE-2026-35674). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →