Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8163 |
|
Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7842 |
|
Vulnerability in wordpress (CVE-2026-7842)
vulnerability in wordpress (CVE-2026-7842). Confidential information can be exposed externally.
|
| CVE-2026-12866 |
|
Code Injection in CVE-2026-12866 (CVE-2026-12866)
code injection in CVE-2026-12866 (CVE-2026-12866). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55655 |
|
Vulnerability in openbsd (CVE-2026-55655)
vulnerability in openbsd (CVE-2026-55655). Confidential information can be exposed externally.
|
| CVE-2026-55654 |
|
Out-of-Bounds Read in dos (CVE-2026-55654)
vulnerability in dos (CVE-2026-55654). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55653 |
|
Vulnerability in dos (CVE-2026-55653)
vulnerability in dos (CVE-2026-55653). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11833 |
|
Vulnerability in jvn (CVE-2026-11833)
vulnerability in jvn (CVE-2026-11833). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10658 |
|
Out-of-Bounds Read in c (CVE-2026-10658)
vulnerability in c (CVE-2026-10658). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10651 |
|
Vulnerability in c (CVE-2026-10651)
vulnerability in c (CVE-2026-10651). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10645 |
|
Out-of-Bounds Read in c (CVE-2026-10645)
vulnerability in c (CVE-2026-10645). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52801 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52801)
vulnerability in gogs.io/gogs (CVE-2026-52801). Confidential information can be exposed externally. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52800 |
|
Cross-Site Request Forgery (CSRF) in gogs.io/gogs (CVE-2026-52800)
vulnerability in gogs.io/gogs (CVE-2026-52800). Successful exploitation can lead to full system takeover. Exploitable via ``TeamsAction``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2025-67038 KEV |
|
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
|
| CVE-2026-52799 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52799)
vulnerability in gogs.io/gogs (CVE-2026-52799). Confidential information can be exposed externally. Exploitable via `GET /attachments/`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52798 |
|
Cross-Site Scripting (XSS) in gogs.io/gogs (CVE-2026-52798)
cross-site scripting in gogs.io/gogs (CVE-2026-52798). Confidential information can be exposed externally. Exploitable via ``poc``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-52796 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52796)
vulnerability in gogs.io/gogs (CVE-2026-52796). Risk of unauthorized operations or information disclosure. Exploitable via ``com.Expand``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-50179 |
|
Vulnerability in @actual-app/web (CVE-2026-50179)
vulnerability in @actual-app/web (CVE-2026-50179). Risk of unauthorized operations or information disclosure. Exploitable via ``exportToCSV``. Mitigation: upgrade to `26.6.0` or later.
|
| CVE-2026-54353 |
|
Vulnerability in @budibase/backend-core (CVE-2026-54353)
vulnerability in @budibase/backend-core (CVE-2026-54353). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-54352 |
|
Path Traversal in @budibase/server (CVE-2026-54352)
path traversal in @budibase/server (CVE-2026-54352). Confidential information can be exposed externally. Exploitable via `POST /api/pwa/process-zip`. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-54351 |
|
Vulnerability in @budibase/server (CVE-2026-54351)
vulnerability in @budibase/server (CVE-2026-54351). Confidential information can be exposed externally. Exploitable via `POST /api/webhooks/trigger/`. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-49229 |
|
Vulnerability in @actual-app/sync-server (CVE-2026-49229)
vulnerability in @actual-app/sync-server (CVE-2026-49229). Confidential information can be exposed externally. Exploitable via `PATCH /admin/users`. Mitigation: upgrade to `26.6.0` or later.
|
| CVE-2026-50137 |
|
Vulnerability in @budibase/server (CVE-2026-50137)
vulnerability in @budibase/server (CVE-2026-50137). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-54232 |
|
Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
|
| CVE-2026-50136 |
|
Vulnerability in @budibase/server (CVE-2026-50136)
vulnerability in @budibase/server (CVE-2026-50136). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.2` or later.
|
| CVE-2026-50132 |
|
Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-48487 |
|
Vulnerability in zeroconf (CVE-2026-48487)
vulnerability in zeroconf (CVE-2026-48487). Risk of unauthorized operations or information disclosure. Exploitable via ``_read_character_string``. Mitigation: upgrade to `0.149.16` or later.
|
| GHSA-hvqh-jw65-wcpq |
|
Cross-Site Scripting (XSS) in devbridge-autocomplete (GHSA-hvqh-jw65-wcpq)
cross-site scripting in devbridge-autocomplete (GHSA-hvqh-jw65-wcpq). Risk of unauthorized operations or information disclosure. Exploitable via ``formatGroup``. Mitigation: upgrade to `2.0.1` or later.
|
| CVE-2026-48170 |
|
Vulnerability in scim-patch (CVE-2026-48170)
vulnerability in scim-patch (CVE-2026-48170). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /Users/`. Mitigation: upgrade to `0.9.1` or later.
|
| GHSA-ghmh-jhmj-wcmf |
|
Vulnerability in github.com/juev/nebula-mesh (GHSA-ghmh-jhmj-wcmf)
vulnerability in github.com/juev/nebula-mesh (GHSA-ghmh-jhmj-wcmf). Risk of unauthorized operations or information disclosure. Exploitable via ``enrollment_tokens.token``. Mitigation: upgrade to `0.3.2` or later.
|
| GHSA-74p7-6h78-gw8p |
|
Path Traversal in skillctl (GHSA-74p7-6h78-gw8p)
path traversal in skillctl (GHSA-74p7-6h78-gw8p). Risk of unauthorized operations or information disclosure. Exploitable via ``source_sha``. Mitigation: upgrade to `0.1.3` or later.
|
| CVE-2026-47267 |
|
SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-47267)
SSRF in gogs.io/gogs (CVE-2026-47267). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56698 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-56698)
cross-site scripting in nuxt (CVE-2026-56698). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56697 |
|
Open Redirect in nuxt (CVE-2026-56697)
vulnerability in nuxt (CVE-2026-56697). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56324 |
|
Vulnerability in CVE-2026-56324 (CVE-2026-56324)
vulnerability in CVE-2026-56324 (CVE-2026-56324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56323 |
|
Information Disclosure in CVE-2026-56323 (CVE-2026-56323)
vulnerability in CVE-2026-56323 (CVE-2026-56323). Confidential information can be exposed externally.
|
| CVE-2026-56321 |
|
Vulnerability in CVE-2026-56321 (CVE-2026-56321)
vulnerability in CVE-2026-56321 (CVE-2026-56321). Risk of unauthorized operations or information disclosure. Exploitable via `GET /private/role_bindings/`.
|
| CVE-2026-56314 |
|
Vulnerability in CVE-2026-56314 (CVE-2026-56314)
vulnerability in CVE-2026-56314 (CVE-2026-56314). Data can be tampered with by attackers.
|
| CVE-2026-56311 |
|
Vulnerability in CVE-2026-56311 (CVE-2026-56311)
vulnerability in CVE-2026-56311 (CVE-2026-56311). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56306 |
|
Vulnerability in CVE-2026-56306 (CVE-2026-56306)
vulnerability in CVE-2026-56306 (CVE-2026-56306). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56280 |
|
Vulnerability in CVE-2026-56280 (CVE-2026-56280)
vulnerability in CVE-2026-56280 (CVE-2026-56280). Risk of unauthorized operations or information disclosure. Exploitable via `GET /build/logs/`.
|
| CVE-2026-56255 |
|
Vulnerability in dos (CVE-2026-56255)
vulnerability in dos (CVE-2026-56255). Risk of unauthorized operations or information disclosure. Exploitable via `POST /app/demo`.
|
| CVE-2026-56221 |
|
SQL Injection in sqli (CVE-2026-56221)
SQL injection in sqli (CVE-2026-56221). Confidential information can be exposed externally.
|
| CVE-2026-48517 |
|
Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48516 |
|
Vulnerability in MessagePack (CVE-2026-48516)
vulnerability in MessagePack (CVE-2026-48516). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48515 |
|
Vulnerability in MessagePack (CVE-2026-48515)
vulnerability in MessagePack (CVE-2026-48515). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48514 |
|
Vulnerability in MessagePack (CVE-2026-48514)
vulnerability in MessagePack (CVE-2026-48514). Risk of unauthorized operations or information disclosure. Exploitable via ``byteLength``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48513 |
|
Vulnerability in MessagePack (CVE-2026-48513)
vulnerability in MessagePack (CVE-2026-48513). Risk of unauthorized operations or information disclosure. Exploitable via ``DynamicUnionResolver``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48512 |
|
Vulnerability in MessagePack (CVE-2026-48512)
vulnerability in MessagePack (CVE-2026-48512). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSerializer.ConvertFromJson``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48511 |
|
Vulnerability in MessagePack (CVE-2026-48511)
vulnerability in MessagePack (CVE-2026-48511). Risk of unauthorized operations or information disclosure. Exploitable via ``ExpandoObjectFormatter.Deserialize``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48510 |
|
Vulnerability in MessagePack (CVE-2026-48510)
vulnerability in MessagePack (CVE-2026-48510). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
|