Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46113 |
|
Use-After-Free in linux (CVE-2026-46113)
vulnerability in linux (CVE-2026-46113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46112 |
|
Vulnerability in linux (CVE-2026-46112)
vulnerability in linux (CVE-2026-46112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46111 |
|
Use-After-Free in linux (CVE-2026-46111)
vulnerability in linux (CVE-2026-46111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46110 |
|
Vulnerability in linux (CVE-2026-46110)
vulnerability in linux (CVE-2026-46110). Risk of unauthorized operations or information disclosure. Exploitable via ``cur_rx``.
|
| CVE-2026-46107 |
|
Vulnerability in linux (CVE-2026-46107)
vulnerability in linux (CVE-2026-46107). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46105 |
|
Vulnerability in linux (CVE-2026-46105)
vulnerability in linux (CVE-2026-46105). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9804 |
|
Vulnerability in kubevirt.io/kubevirt (CVE-2026-9804)
vulnerability in kubevirt.io/kubevirt (CVE-2026-9804). Confidential information can be exposed externally.
|
| CVE-2026-6226 |
|
Privilege Escalation in wordpress (CVE-2026-6226)
vulnerability in wordpress (CVE-2026-6226). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9227 |
|
Unrestricted File Upload in wordpress (CVE-2026-9227)
vulnerability in wordpress (CVE-2026-9227). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7862 |
|
Vulnerability in wordpress (CVE-2026-7862)
vulnerability in wordpress (CVE-2026-7862). Data can be tampered with by attackers.
|
| CVE-2026-7797 |
|
SQL Injection in wordpress (CVE-2026-7797)
SQL injection in wordpress (CVE-2026-7797). Confidential information can be exposed externally.
|
| CVE-2026-7634 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7634)
cross-site scripting in wordpress (CVE-2026-7634). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7052 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-7052)
cross-site scripting in wordpress (CVE-2026-7052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6455 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
|
| CVE-2026-44604 |
|
OS Command Injection in CVE-2026-44604 (CVE-2026-44604)
OS command injection in CVE-2026-44604 (CVE-2026-44604). Successful exploitation can lead to full system takeover. Exploitable via ``rpmuncompress``.
|
| CVE-2026-9009 |
|
Unrestricted File Upload in wordpress (CVE-2026-9009)
vulnerability in wordpress (CVE-2026-9009). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9795 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9795)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9795). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.4` or later.
|
| CVE-2026-7802 |
|
Vulnerability in wordpress (CVE-2026-7802)
vulnerability in wordpress (CVE-2026-7802). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32995 |
|
Vulnerability in CVE-2026-32995 (CVE-2026-32995)
vulnerability in CVE-2026-32995 (CVE-2026-32995). Confidential information can be exposed externally.
|
| CVE-2026-2374 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2374)
cross-site scripting in wordpress (CVE-2026-2374). Risk of unauthorized operations or information disclosure. Exploitable via ``login_nocaptcha_error``.
|
| CVE-2026-8915 |
|
Out-of-Bounds Write in samsung (CVE-2026-8915)
out-of-bounds write in samsung (CVE-2026-8915). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46414 |
|
Vulnerability in CVE-2026-46414 (CVE-2026-46414)
vulnerability in CVE-2026-46414 (CVE-2026-46414). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46402 |
|
Path Traversal in path-traversal (CVE-2026-46402)
path traversal in path-traversal (CVE-2026-46402). Data can be tampered with by attackers.
|
| CVE-2026-45322 |
|
OS Command Injection in CVE-2026-45322 (CVE-2026-45322)
OS command injection in CVE-2026-45322 (CVE-2026-45322). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9208 |
|
Tanium addressed an unauthorized code execution vulnerability in Connect.
Tanium addressed an unauthorized code execution vulnerability in Connect.
|
| CVE-2026-45332 |
|
Information Disclosure in automad/automad (CVE-2026-45332)
vulnerability in automad/automad (CVE-2026-45332). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.0-beta.28` or later.
|
| CVE-2026-8361 |
|
Vulnerability in path-traversal (CVE-2026-8361)
vulnerability in path-traversal (CVE-2026-8361). Confidential information can be exposed externally.
|
| CVE-2026-8359 |
|
Vulnerability in CVE-2026-8359 (CVE-2026-8359)
vulnerability in CVE-2026-8359 (CVE-2026-8359). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8360 |
|
Vulnerability in CVE-2026-8360 (CVE-2026-8360)
vulnerability in CVE-2026-8360 (CVE-2026-8360). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47269 |
|
Vulnerability in CVE-2026-47269 (CVE-2026-47269)
vulnerability in CVE-2026-47269 (CVE-2026-47269). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-44713 |
|
OS Command Injection in c (CVE-2026-44713)
OS command injection in c (CVE-2026-44713). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-44712 |
|
OS Command Injection in CVE-2026-44712 (CVE-2026-44712)
OS command injection in CVE-2026-44712 (CVE-2026-44712). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-44711 |
|
Vulnerability in CVE-2026-44711 (CVE-2026-44711)
vulnerability in CVE-2026-44711 (CVE-2026-44711). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-44709 |
|
OS Command Injection in CVE-2026-44709 (CVE-2026-44709)
OS command injection in CVE-2026-44709 (CVE-2026-44709). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-48064 |
|
Authorization Flaw in CVE-2026-48064 (CVE-2026-48064)
vulnerability in CVE-2026-48064 (CVE-2026-48064). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.9.1` or later.
|
| CVE-2026-47272 |
|
Authentication Bypass in c (CVE-2026-47272)
authentication bypass in c (CVE-2026-47272). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45108 |
|
Authorization Flaw in CVE-2026-45108 (CVE-2026-45108)
vulnerability in CVE-2026-45108 (CVE-2026-45108). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.5` or later.
|
| CVE-2026-45104 |
|
Vulnerability in osgeo (CVE-2026-45104)
vulnerability in osgeo (CVE-2026-45104). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.6.3` or later.
|
| CVE-2026-42197 |
|
Cross-Site Scripting (XSS) in django (CVE-2026-42197)
cross-site scripting in django (CVE-2026-42197). Confidential information can be exposed externally. Exploitable via ``ParticipationAdmin``.
|
| CVE-2026-44726 |
|
Vulnerability in deno (CVE-2026-44726)
vulnerability in deno (CVE-2026-44726). Confidential information can be exposed externally. Exploitable via `POST /v1/charge`. Mitigation: upgrade to `2.7.8` or later.
|
| CVE-2026-4868 |
|
Vulnerability in gitlab (CVE-2026-4868)
vulnerability in gitlab (CVE-2026-4868). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.7, 18.11.4, 19.0.2` or later.
|
| CVE-2026-5509 |
|
Vulnerability in tp-link (CVE-2026-5509)
vulnerability in tp-link (CVE-2026-5509). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69600 |
|
Command Injection in CVE-2025-69600 (CVE-2025-69600)
command injection in CVE-2025-69600 (CVE-2025-69600). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38807 |
|
Vulnerability in CVE-2026-38807 (CVE-2026-38807)
vulnerability in CVE-2026-38807 (CVE-2026-38807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48151 |
|
Vulnerability in @budibase/server (CVE-2026-48151)
vulnerability in @budibase/server (CVE-2026-48151). Data can be tampered with by attackers. Exploitable via `POST /api/webhooks/schema/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-48149 |
|
Cross-Site Scripting (XSS) in CVE-2026-48149 (CVE-2026-48149)
cross-site scripting in CVE-2026-48149 (CVE-2026-48149). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-48152 |
|
Authorization Flaw in @budibase/server (CVE-2026-48152)
vulnerability in @budibase/server (CVE-2026-48152). Confidential information can be exposed externally. Exploitable via `GET /api/datasources/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-48153 |
|
SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48153)
SSRF in @budibase/server (CVE-2026-48153). Confidential information can be exposed externally. Exploitable via ``fetchToken``. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-48146 |
|
SSRF (Server-Side Request Forgery) in @budibase/server (CVE-2026-48146)
SSRF in @budibase/server (CVE-2026-48146). Confidential information can be exposed externally. Exploitable via ``fetchWithBlacklist``. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-46427 |
|
Information Disclosure in CVE-2026-46427 (CVE-2026-46427)
vulnerability in CVE-2026-46427 (CVE-2026-46427). Confidential information can be exposed externally. Exploitable via `GET /api/datasources/`. Mitigation: upgrade to `3.38.3` or later.
|