Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-8163 Vulnerability in wordpress (CVE-2026-8163)
vulnerability in wordpress (CVE-2026-8163). Successful exploitation can lead to full system takeover.
CVE-2026-7842 Vulnerability in wordpress (CVE-2026-7842)
vulnerability in wordpress (CVE-2026-7842). Confidential information can be exposed externally.
CVE-2026-12866 Code Injection in CVE-2026-12866 (CVE-2026-12866)
code injection in CVE-2026-12866 (CVE-2026-12866). Successful exploitation can lead to full system takeover.
CVE-2026-55655 Vulnerability in openbsd (CVE-2026-55655)
vulnerability in openbsd (CVE-2026-55655). Confidential information can be exposed externally.
CVE-2026-55654 Out-of-Bounds Read in dos (CVE-2026-55654)
vulnerability in dos (CVE-2026-55654). Risk of unauthorized operations or information disclosure.
CVE-2026-55653 Vulnerability in dos (CVE-2026-55653)
vulnerability in dos (CVE-2026-55653). Risk of unauthorized operations or information disclosure.
CVE-2026-11833 Vulnerability in jvn (CVE-2026-11833)
vulnerability in jvn (CVE-2026-11833). Risk of unauthorized operations or information disclosure.
CVE-2026-10658 Out-of-Bounds Read in c (CVE-2026-10658)
vulnerability in c (CVE-2026-10658). Risk of unauthorized operations or information disclosure.
CVE-2026-10651 Vulnerability in c (CVE-2026-10651)
vulnerability in c (CVE-2026-10651). Risk of unauthorized operations or information disclosure.
CVE-2026-10645 Out-of-Bounds Read in c (CVE-2026-10645)
vulnerability in c (CVE-2026-10645). Risk of unauthorized operations or information disclosure.
CVE-2026-52801 Vulnerability in gogs.io/gogs (CVE-2026-52801)
vulnerability in gogs.io/gogs (CVE-2026-52801). Confidential information can be exposed externally. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52800 Cross-Site Request Forgery (CSRF) in gogs.io/gogs (CVE-2026-52800)
vulnerability in gogs.io/gogs (CVE-2026-52800). Successful exploitation can lead to full system takeover. Exploitable via ``TeamsAction``. Mitigation: upgrade to `0.14.3` or later.
CVE-2025-67038 KEV An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
CVE-2026-52799 Vulnerability in gogs.io/gogs (CVE-2026-52799)
vulnerability in gogs.io/gogs (CVE-2026-52799). Confidential information can be exposed externally. Exploitable via `GET /attachments/`. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52798 Cross-Site Scripting (XSS) in gogs.io/gogs (CVE-2026-52798)
cross-site scripting in gogs.io/gogs (CVE-2026-52798). Confidential information can be exposed externally. Exploitable via ``poc``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-52796 Vulnerability in gogs.io/gogs (CVE-2026-52796)
vulnerability in gogs.io/gogs (CVE-2026-52796). Risk of unauthorized operations or information disclosure. Exploitable via ``com.Expand``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-50179 Vulnerability in @actual-app/web (CVE-2026-50179)
vulnerability in @actual-app/web (CVE-2026-50179). Risk of unauthorized operations or information disclosure. Exploitable via ``exportToCSV``. Mitigation: upgrade to `26.6.0` or later.
CVE-2026-54353 Vulnerability in @budibase/backend-core (CVE-2026-54353)
vulnerability in @budibase/backend-core (CVE-2026-54353). Confidential information can be exposed externally. Mitigation: upgrade to `3.39.9` or later.
CVE-2026-54352 Path Traversal in @budibase/server (CVE-2026-54352)
path traversal in @budibase/server (CVE-2026-54352). Confidential information can be exposed externally. Exploitable via `POST /api/pwa/process-zip`. Mitigation: upgrade to `3.39.9` or later.
CVE-2026-54351 Vulnerability in @budibase/server (CVE-2026-54351)
vulnerability in @budibase/server (CVE-2026-54351). Confidential information can be exposed externally. Exploitable via `POST /api/webhooks/trigger/`. Mitigation: upgrade to `3.39.9` or later.
CVE-2026-49229 Vulnerability in @actual-app/sync-server (CVE-2026-49229)
vulnerability in @actual-app/sync-server (CVE-2026-49229). Confidential information can be exposed externally. Exploitable via `PATCH /admin/users`. Mitigation: upgrade to `26.6.0` or later.
CVE-2026-50137 Vulnerability in @budibase/server (CVE-2026-50137)
vulnerability in @budibase/server (CVE-2026-50137). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-54232 Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
CVE-2026-50136 Vulnerability in @budibase/server (CVE-2026-50136)
vulnerability in @budibase/server (CVE-2026-50136). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.2` or later.
CVE-2026-50132 Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-48487 Vulnerability in zeroconf (CVE-2026-48487)
vulnerability in zeroconf (CVE-2026-48487). Risk of unauthorized operations or information disclosure. Exploitable via ``_read_character_string``. Mitigation: upgrade to `0.149.16` or later.
GHSA-hvqh-jw65-wcpq Cross-Site Scripting (XSS) in devbridge-autocomplete (GHSA-hvqh-jw65-wcpq)
cross-site scripting in devbridge-autocomplete (GHSA-hvqh-jw65-wcpq). Risk of unauthorized operations or information disclosure. Exploitable via ``formatGroup``. Mitigation: upgrade to `2.0.1` or later.
CVE-2026-48170 Vulnerability in scim-patch (CVE-2026-48170)
vulnerability in scim-patch (CVE-2026-48170). Risk of unauthorized operations or information disclosure. Exploitable via `PATCH /Users/`. Mitigation: upgrade to `0.9.1` or later.
GHSA-ghmh-jhmj-wcmf Vulnerability in github.com/juev/nebula-mesh (GHSA-ghmh-jhmj-wcmf)
vulnerability in github.com/juev/nebula-mesh (GHSA-ghmh-jhmj-wcmf). Risk of unauthorized operations or information disclosure. Exploitable via ``enrollment_tokens.token``. Mitigation: upgrade to `0.3.2` or later.
GHSA-74p7-6h78-gw8p Path Traversal in skillctl (GHSA-74p7-6h78-gw8p)
path traversal in skillctl (GHSA-74p7-6h78-gw8p). Risk of unauthorized operations or information disclosure. Exploitable via ``source_sha``. Mitigation: upgrade to `0.1.3` or later.
CVE-2026-47267 SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-47267)
SSRF in gogs.io/gogs (CVE-2026-47267). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-56698 Cross-Site Scripting (XSS) in nuxt (CVE-2026-56698)
cross-site scripting in nuxt (CVE-2026-56698). Risk of unauthorized operations or information disclosure.
CVE-2026-56697 Open Redirect in nuxt (CVE-2026-56697)
vulnerability in nuxt (CVE-2026-56697). Risk of unauthorized operations or information disclosure.
CVE-2026-56324 Vulnerability in CVE-2026-56324 (CVE-2026-56324)
vulnerability in CVE-2026-56324 (CVE-2026-56324). Risk of unauthorized operations or information disclosure.
CVE-2026-56323 Information Disclosure in CVE-2026-56323 (CVE-2026-56323)
vulnerability in CVE-2026-56323 (CVE-2026-56323). Confidential information can be exposed externally.
CVE-2026-56321 Vulnerability in CVE-2026-56321 (CVE-2026-56321)
vulnerability in CVE-2026-56321 (CVE-2026-56321). Risk of unauthorized operations or information disclosure. Exploitable via `GET /private/role_bindings/`.
CVE-2026-56314 Vulnerability in CVE-2026-56314 (CVE-2026-56314)
vulnerability in CVE-2026-56314 (CVE-2026-56314). Data can be tampered with by attackers.
CVE-2026-56311 Vulnerability in CVE-2026-56311 (CVE-2026-56311)
vulnerability in CVE-2026-56311 (CVE-2026-56311). Risk of unauthorized operations or information disclosure.
CVE-2026-56306 Vulnerability in CVE-2026-56306 (CVE-2026-56306)
vulnerability in CVE-2026-56306 (CVE-2026-56306). Risk of unauthorized operations or information disclosure.
CVE-2026-56280 Vulnerability in CVE-2026-56280 (CVE-2026-56280)
vulnerability in CVE-2026-56280 (CVE-2026-56280). Risk of unauthorized operations or information disclosure. Exploitable via `GET /build/logs/`.
CVE-2026-56255 Vulnerability in dos (CVE-2026-56255)
vulnerability in dos (CVE-2026-56255). Risk of unauthorized operations or information disclosure. Exploitable via `POST /app/demo`.
CVE-2026-56221 SQL Injection in sqli (CVE-2026-56221)
SQL injection in sqli (CVE-2026-56221). Confidential information can be exposed externally.
CVE-2026-48517 Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48516 Vulnerability in MessagePack (CVE-2026-48516)
vulnerability in MessagePack (CVE-2026-48516). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48515 Vulnerability in MessagePack (CVE-2026-48515)
vulnerability in MessagePack (CVE-2026-48515). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48514 Vulnerability in MessagePack (CVE-2026-48514)
vulnerability in MessagePack (CVE-2026-48514). Risk of unauthorized operations or information disclosure. Exploitable via ``byteLength``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48513 Vulnerability in MessagePack (CVE-2026-48513)
vulnerability in MessagePack (CVE-2026-48513). Risk of unauthorized operations or information disclosure. Exploitable via ``DynamicUnionResolver``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48512 Vulnerability in MessagePack (CVE-2026-48512)
vulnerability in MessagePack (CVE-2026-48512). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSerializer.ConvertFromJson``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48511 Vulnerability in MessagePack (CVE-2026-48511)
vulnerability in MessagePack (CVE-2026-48511). Risk of unauthorized operations or information disclosure. Exploitable via ``ExpandoObjectFormatter.Deserialize``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48510 Vulnerability in MessagePack (CVE-2026-48510)
vulnerability in MessagePack (CVE-2026-48510). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →