Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-60474 |
|
Vulnerability in c (CVE-2025-60474)
vulnerability in c (CVE-2025-60474). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9782 |
|
SQL Injection in sqli (CVE-2026-9782)
SQL injection in sqli (CVE-2026-9782). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8659 |
|
OS Command Injection in rapid7 (CVE-2026-8659)
OS command injection in rapid7 (CVE-2026-8659). Data can be tampered with by attackers.
|
| CVE-2026-9779 |
|
Vulnerability in aten (CVE-2026-9779)
vulnerability in aten (CVE-2026-9779). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9778 |
|
Path Traversal in path-traversal (CVE-2026-9778)
path traversal in path-traversal (CVE-2026-9778). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7570 |
|
SQL Injection in sqli (CVE-2026-7570)
SQL injection in sqli (CVE-2026-7570). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9772 |
|
OS Command Injection in unraid (CVE-2026-9772)
OS command injection in unraid (CVE-2026-9772). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8106 |
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
| CVE-2026-9774 |
|
Path Traversal in path-traversal (CVE-2026-9774)
path traversal in path-traversal (CVE-2026-9774). Data can be tampered with by attackers.
|
| CVE-2026-8663 |
|
OS Command Injection in rapid7 (CVE-2026-8663)
OS command injection in rapid7 (CVE-2026-8663). Data can be tampered with by attackers.
|
| CVE-2026-9780 |
|
Cross-Site Scripting (XSS) in quest (CVE-2026-9780)
cross-site scripting in quest (CVE-2026-9780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9775 |
|
Path Traversal in path-traversal (CVE-2026-9775)
path traversal in path-traversal (CVE-2026-9775). Data can be tampered with by attackers.
|
| CVE-2026-7569 |
|
Cross-Site Scripting (XSS) in quest (CVE-2026-7569)
cross-site scripting in quest (CVE-2026-7569). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60473 |
|
Vulnerability in c (CVE-2025-60473)
vulnerability in c (CVE-2025-60473). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60466 |
|
Use-After-Free in c (CVE-2025-60466)
vulnerability in c (CVE-2025-60466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9777 |
|
Path Traversal in path-traversal (CVE-2026-9777)
path traversal in path-traversal (CVE-2026-9777). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60467 |
|
Use-After-Free in c (CVE-2025-60467)
vulnerability in c (CVE-2025-60467). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9773 |
|
OS Command Injection in unraid (CVE-2026-9773)
OS command injection in unraid (CVE-2026-9773). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9776 |
|
Path Traversal in path-traversal (CVE-2026-9776)
path traversal in path-traversal (CVE-2026-9776). Confidential information can be exposed externally.
|
| CVE-2026-47093 |
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
| CVE-2026-47110 |
|
Vulnerability in dos (CVE-2026-47110)
vulnerability in dos (CVE-2026-47110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10043 |
|
Unsafe Deserialization in deserialization (CVE-2026-10043)
vulnerability in deserialization (CVE-2026-10043). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60468 |
|
Vulnerability in c (CVE-2025-60468)
vulnerability in c (CVE-2025-60468). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2050 |
|
Vulnerability in gimp (CVE-2026-2050)
vulnerability in gimp (CVE-2026-2050). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40079 |
|
OS Command Injection in cacti (CVE-2026-40079)
OS command injection in cacti (CVE-2026-40079). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39951 |
|
SQL Injection in sqli (CVE-2026-39951)
SQL injection in sqli (CVE-2026-39951). Confidential information can be exposed externally.
|
| CVE-2026-39955 |
|
SQL Injection in sqli (CVE-2026-39955)
SQL injection in sqli (CVE-2026-39955). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39948 |
|
SQL Injection in cacti (CVE-2026-39948)
SQL injection in cacti (CVE-2026-39948). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39938 |
|
Path Traversal in cacti (CVE-2026-39938)
path traversal in cacti (CVE-2026-39938). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39900 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2026-39900)
cross-site scripting in cacti (CVE-2026-39900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39899 |
|
Path Traversal in path-traversal (CVE-2026-39899)
path traversal in path-traversal (CVE-2026-39899). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55762 |
|
Vulnerability in CVE-2026-55762 (CVE-2026-55762)
vulnerability in CVE-2026-55762 (CVE-2026-55762). Data can be tampered with by attackers. Exploitable via `POST /api/v1/fingerprint`. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-55759 |
|
Authentication Bypass in CVE-2026-55759 (CVE-2026-55759)
authentication bypass in CVE-2026-55759 (CVE-2026-55759). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-55666 |
|
Authentication Bypass in CVE-2026-55666 (CVE-2026-55666)
authentication bypass in CVE-2026-55666 (CVE-2026-55666). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-55570 |
|
Cross-Site Scripting (XSS) in CVE-2026-55570 (CVE-2026-55570)
cross-site scripting in CVE-2026-55570 (CVE-2026-55570). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-55455 |
|
SSRF (Server-Side Request Forgery) in appsmith (CVE-2026-55455)
SSRF in appsmith (CVE-2026-55455). Confidential information can be exposed externally. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-55454 |
|
Vulnerability in ssrf (CVE-2026-55454)
vulnerability in ssrf (CVE-2026-55454). Successful exploitation can lead to full system takeover. Exploitable via `POST /load`. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-54759 |
|
Cross-Site Scripting (XSS) in CVE-2026-54759 (CVE-2026-54759)
cross-site scripting in CVE-2026-54759 (CVE-2026-54759). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54158 |
|
Cross-Site Scripting (XSS) in CVE-2026-54158 (CVE-2026-54158)
cross-site scripting in CVE-2026-54158 (CVE-2026-54158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54070 |
|
Cross-Site Scripting (XSS) in CVE-2026-54070 (CVE-2026-54070)
cross-site scripting in CVE-2026-54070 (CVE-2026-54070). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54069 |
|
Vulnerability in CVE-2026-54069 (CVE-2026-54069)
vulnerability in CVE-2026-54069 (CVE-2026-54069). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54068 |
|
Vulnerability in CVE-2026-54068 (CVE-2026-54068)
vulnerability in CVE-2026-54068 (CVE-2026-54068). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54067 |
|
Cross-Site Scripting (XSS) in CVE-2026-54067 (CVE-2026-54067)
cross-site scripting in CVE-2026-54067 (CVE-2026-54067). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54066 |
|
Path Traversal in path-traversal (CVE-2026-54066)
path traversal in path-traversal (CVE-2026-54066). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-53766 |
|
Path Traversal in google (CVE-2026-53766)
path traversal in google (CVE-2026-53766). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-52794 |
|
Vulnerability in dos (CVE-2026-52794)
vulnerability in dos (CVE-2026-52794). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.5.2` or later.
|
| CVE-2026-50551 |
|
Cross-Site Scripting (XSS) in CVE-2026-50551 (CVE-2026-50551)
cross-site scripting in CVE-2026-50551 (CVE-2026-50551). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-50189 |
|
Vulnerability in appsmith (CVE-2026-50189)
vulnerability in appsmith (CVE-2026-50189). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/v1/admin/env`. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-49979 |
|
Vulnerability in appsmith (CVE-2026-49979)
vulnerability in appsmith (CVE-2026-49979). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/admin/send-test-email`. Mitigation: upgrade to `1.99` or later.
|
| CVE-2026-39897 |
|
Cross-Site Scripting (XSS) in cacti (CVE-2026-39897)
cross-site scripting in cacti (CVE-2026-39897). Risk of unauthorized operations or information disclosure.
|