Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42153 |
|
OS Command Injection in CVE-2026-42153 (CVE-2026-42153)
OS command injection in CVE-2026-42153 (CVE-2026-42153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42148 |
|
OS Command Injection in CVE-2026-42148 (CVE-2026-42148)
OS command injection in CVE-2026-42148 (CVE-2026-42148). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41899 |
|
Vulnerability in CVE-2026-41899 (CVE-2026-41899)
vulnerability in CVE-2026-41899 (CVE-2026-41899). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/feedback`.
|
| CVE-2026-38979 |
|
Vulnerability in CVE-2026-38979 (CVE-2026-38979)
vulnerability in CVE-2026-38979 (CVE-2026-38979). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38976 |
|
Vulnerability in c (CVE-2026-38976)
vulnerability in c (CVE-2026-38976). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38973 |
|
Vulnerability in CVE-2026-38973 (CVE-2026-38973)
vulnerability in CVE-2026-38973 (CVE-2026-38973). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34599 |
|
OS Command Injection in CVE-2026-34599 (CVE-2026-34599)
OS command injection in CVE-2026-34599 (CVE-2026-34599). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34167 |
|
Vulnerability in CVE-2026-34167 (CVE-2026-34167)
vulnerability in CVE-2026-34167 (CVE-2026-34167). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34153 |
|
OS Command Injection in CVE-2026-34153 (CVE-2026-34153)
OS command injection in CVE-2026-34153 (CVE-2026-34153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34050 |
|
Vulnerability in CVE-2026-34050 (CVE-2026-34050)
vulnerability in CVE-2026-34050 (CVE-2026-34050). Data can be tampered with by attackers.
|
| CVE-2026-34049 |
|
OS Command Injection in CVE-2026-34049 (CVE-2026-34049)
OS command injection in CVE-2026-34049 (CVE-2026-34049). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32718 |
|
Authorization Flaw in CVE-2026-32718 (CVE-2026-32718)
vulnerability in CVE-2026-32718 (CVE-2026-32718). Data can be tampered with by attackers.
|
| CVE-2026-35381 |
|
Vulnerability in uu_cut (CVE-2026-35381)
vulnerability in uu_cut (CVE-2026-35381). Risk of unauthorized operations or information disclosure. Exploitable via ``cut``. Mitigation: upgrade to `0.7.0` or later.
|
| CVE-2026-35361 |
|
Vulnerability in uu_mknod (CVE-2026-35361)
vulnerability in uu_mknod (CVE-2026-35361). Risk of unauthorized operations or information disclosure. Exploitable via ``mknod``. Mitigation: upgrade to `0.6.0` or later.
|
| GHSA-qrwj-vh9x-gw5v |
|
Authorization Flaw in github.com/coder/coder/v2 (GHSA-qrwj-vh9x-gw5v)
vulnerability in github.com/coder/coder/v2 (GHSA-qrwj-vh9x-gw5v). Risk of unauthorized operations or information disclosure. Exploitable via ``http.Client``. Mitigation: upgrade to `2.29.19` or later.
|
| GHSA-cgfv-jrfp-2r7v |
|
SQL Injection in io.openremote:openremote-manager (GHSA-cgfv-jrfp-2r7v)
SQL injection in io.openremote:openremote-manager (GHSA-cgfv-jrfp-2r7v). Risk of unauthorized operations or information disclosure. Exploitable via ``SELECT``. Mitigation: upgrade to `1.26.0` or later.
|
| CVE-2026-55630 |
|
Cross-Site Scripting (XSS) in kiwitcms (CVE-2026-55630)
cross-site scripting in kiwitcms (CVE-2026-55630). Risk of unauthorized operations or information disclosure. Exploitable via ``TestCase.extra_link``.
|
| CVE-2026-55501 |
|
Vulnerability in 9router (CVE-2026-55501)
vulnerability in 9router (CVE-2026-55501). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/auth/login`. Mitigation: upgrade to `0.4.77` or later.
|
| CVE-2026-55500 |
|
Information Disclosure in 9router (CVE-2026-55500)
vulnerability in 9router (CVE-2026-55500). Risk of unauthorized operations or information disclosure. Exploitable via ``ALWAYS_PROTECTED``.
|
| CVE-2026-59713 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-59713)
vulnerability in csrf (CVE-2026-59713). Confidential information can be exposed externally.
|
| CVE-2026-59711 |
|
Cross-Site Scripting (XSS) in CVE-2026-59711 (CVE-2026-59711)
cross-site scripting in CVE-2026-59711 (CVE-2026-59711). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55727 |
|
Authentication Bypass in CVE-2026-55727 (CVE-2026-55727)
authentication bypass in CVE-2026-55727 (CVE-2026-55727). Confidential information can be exposed externally.
|
| CVE-2026-59712 |
|
Vulnerability in CVE-2026-59712 (CVE-2026-59712)
vulnerability in CVE-2026-59712 (CVE-2026-59712). Confidential information can be exposed externally.
|
| CVE-2026-48267 |
|
Vulnerability in CVE-2026-48267 (CVE-2026-48267)
vulnerability in CVE-2026-48267 (CVE-2026-48267). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25268 |
|
Vulnerability in qualcomm (CVE-2026-25268)
vulnerability in qualcomm (CVE-2026-25268). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21368 |
|
Out-of-Bounds Write in qualcomm (CVE-2026-21368)
out-of-bounds write in qualcomm (CVE-2026-21368). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21369 |
|
Out-of-Bounds Write in qualcomm (CVE-2026-21369)
out-of-bounds write in qualcomm (CVE-2026-21369). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25271 |
|
Vulnerability in qualcomm (CVE-2026-25271)
vulnerability in qualcomm (CVE-2026-25271). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21383 |
|
Vulnerability in qualcomm (CVE-2026-21383)
vulnerability in qualcomm (CVE-2026-21383). Confidential information can be exposed externally.
|
| CVE-2026-21379 |
|
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
|
| CVE-2026-21370 |
|
Out-of-Bounds Write in qualcomm (CVE-2026-21370)
out-of-bounds write in qualcomm (CVE-2026-21370). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21384 |
|
Out-of-Bounds Write in qualcomm (CVE-2026-21384)
out-of-bounds write in qualcomm (CVE-2026-21384). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-14468 |
|
Path Traversal in CVE-2026-14468 (CVE-2026-14468)
path traversal in CVE-2026-14468 (CVE-2026-14468). Confidential information can be exposed externally.
|
| CVE-2025-59617 |
|
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.
|
| CVE-2025-59615 |
|
Use-After-Free in qualcomm (CVE-2025-59615)
vulnerability in qualcomm (CVE-2025-59615). Data can be tampered with by attackers.
|
| CVE-2025-59616 |
|
Use-After-Free in qualcomm (CVE-2025-59616)
vulnerability in qualcomm (CVE-2025-59616). Data can be tampered with by attackers.
|
| CVE-2026-14471 |
|
SQL Injection in Amazon aws (CVE-2026-14471)
SQL injection in Amazon aws (CVE-2026-14471). Confidential information can be exposed externally.
|
| CVE-2026-54724 |
|
Open Redirect in kiwitcms (CVE-2026-54724)
vulnerability in kiwitcms (CVE-2026-54724). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54496 |
|
Vulnerability in zebrad (CVE-2026-54496)
vulnerability in zebrad (CVE-2026-54496). Risk of unauthorized operations or information disclosure. Exploitable via ``halo2_gadgets``. Mitigation: upgrade to `5.0.0` or later.
|
| CVE-2026-55615 |
|
Vulnerability in langroid (CVE-2026-55615)
vulnerability in langroid (CVE-2026-55615). Risk of unauthorized operations or information disclosure. Exploitable via ``Neo4jChatAgent``. Mitigation: upgrade to `0.65.5` or later.
|
| GHSA-vjc7-jrh9-9j86 |
|
Information Disclosure in 9router (GHSA-vjc7-jrh9-9j86)
vulnerability in 9router (GHSA-vjc7-jrh9-9j86). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57573 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
SSRF in ssrf (CVE-2026-57573). Confidential information can be exposed externally. Exploitable via `POST /crawl/stream`.
|
| CVE-2026-57572 |
|
Vulnerability in kidocode (CVE-2026-57572)
vulnerability in kidocode (CVE-2026-57572). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57571 |
|
Path Traversal in kidocode (CVE-2026-57571)
path traversal in kidocode (CVE-2026-57571). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55574 |
|
Vulnerability in vllm (CVE-2026-55574)
vulnerability in vllm (CVE-2026-55574). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55514 |
|
Vulnerability in vllm (CVE-2026-55514)
vulnerability in vllm (CVE-2026-55514). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54765 |
|
Vulnerability in traefik (CVE-2026-54765)
vulnerability in traefik (CVE-2026-54765). Data can be tampered with by attackers.
|
| CVE-2026-54764 |
|
Vulnerability in traefik (CVE-2026-54764)
vulnerability in traefik (CVE-2026-54764). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54763 |
|
Vulnerability in traefik (CVE-2026-54763)
vulnerability in traefik (CVE-2026-54763). Confidential information can be exposed externally.
|
| CVE-2026-54709 |
|
Vulnerability in CVE-2026-54709 (CVE-2026-54709)
vulnerability in CVE-2026-54709 (CVE-2026-54709). Risk of unauthorized operations or information disclosure.
|