Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-48509 Vulnerability in MessagePack (CVE-2026-48509)
vulnerability in MessagePack (CVE-2026-48509). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializerOptions.Standard``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48506 Vulnerability in MessagePack (CVE-2026-48506)
vulnerability in MessagePack (CVE-2026-48506). Risk of unauthorized operations or information disclosure. Exploitable via ``StackOverflowException``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48505 Vulnerability in filament/filament (CVE-2026-48505)
vulnerability in filament/filament (CVE-2026-48505). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-48502 Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48500 Vulnerability in filament/filament (CVE-2026-48500)
vulnerability in filament/filament (CVE-2026-48500). Risk of unauthorized operations or information disclosure. Exploitable via ``WithFileUploads``. Mitigation: upgrade to `3.3.52` or later.
CVE-2026-48167 Cross-Site Scripting (XSS) in filament/infolists (CVE-2026-48167)
cross-site scripting in filament/infolists (CVE-2026-48167). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageColumn``. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-48166 Vulnerability in filament/filament (CVE-2026-48166)
vulnerability in filament/filament (CVE-2026-48166). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-46700 Vulnerability in @actual-app/sync-server (CVE-2026-46700)
vulnerability in @actual-app/sync-server (CVE-2026-46700). Risk of unauthorized operations or information disclosure. Exploitable via `GET /secret/`. Mitigation: upgrade to `26.6.0` or later.
CVE-2026-46672 Vulnerability in @actual-app/cli (CVE-2026-46672)
vulnerability in @actual-app/cli (CVE-2026-46672). Risk of unauthorized operations or information disclosure. Exploitable via ``escapeCsv``. Mitigation: upgrade to `26.6.0` or later.
CVE-2026-46611 Vulnerability in glances (CVE-2026-46611)
vulnerability in glances (CVE-2026-46611). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `4.5.2` or later.
CVE-2026-44271 SQL Injection in sqli (CVE-2026-44271)
SQL injection in sqli (CVE-2026-44271). Confidential information can be exposed externally.
CVE-2026-44272 SQL Injection in sqli (CVE-2026-44272)
SQL injection in sqli (CVE-2026-44272). Successful exploitation can lead to full system takeover.
CVE-2026-44274 Vulnerability in dell (CVE-2026-44274)
vulnerability in dell (CVE-2026-44274). Successful exploitation can lead to full system takeover.
CVE-2026-53779 Path Traversal in path-traversal (CVE-2026-53779)
path traversal in path-traversal (CVE-2026-53779). Confidential information can be exposed externally.
CVE-2026-10852 Vulnerability in dos (CVE-2026-10852)
vulnerability in dos (CVE-2026-10852). Risk of unauthorized operations or information disclosure.
CVE-2026-48931 Vulnerability in nodejs (CVE-2026-48931)
vulnerability in nodejs (CVE-2026-48931). Risk of unauthorized operations or information disclosure.
CVE-2026-44273 Vulnerability in dell (CVE-2026-44273)
vulnerability in dell (CVE-2026-44273). Confidential information can be exposed externally.
CVE-2026-39904 Vulnerability in dos (CVE-2026-39904)
vulnerability in dos (CVE-2026-39904). Risk of unauthorized operations or information disclosure.
CVE-2026-53778 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-11834 OS Command Injection in CVE-2026-11834 (CVE-2026-11834)
OS command injection in CVE-2026-11834 (CVE-2026-11834). Risk of unauthorized operations or information disclosure.
CVE-2026-46608 Vulnerability in glances (CVE-2026-46608)
vulnerability in glances (CVE-2026-46608). Confidential information can be exposed externally. Exploitable via ``cors_origins``. Mitigation: upgrade to `4.5.5` or later.
CVE-2026-46607 Unsafe Deserialization in glances (CVE-2026-46607)
vulnerability in glances (CVE-2026-46607). Successful exploitation can lead to full system takeover. Exploitable via ``self.cache_file``. Mitigation: upgrade to `4.5.5` or later.
CVE-2026-55599 SSRF (Server-Side Request Forgery) in phpseclib/phpseclib (CVE-2026-55599)
SSRF in phpseclib/phpseclib (CVE-2026-55599). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ssrf`. Mitigation: upgrade to `3.0.54` or later.
CVE-2026-54651 Vulnerability in pypdf (CVE-2026-54651)
vulnerability in pypdf (CVE-2026-54651). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.13.1` or later.
CVE-2026-46606 OS Command Injection in glances (CVE-2026-46606)
OS command injection in glances (CVE-2026-46606). Successful exploitation can lead to full system takeover. Exploitable via ``domain``. Mitigation: upgrade to `4.5.5` or later.
CVE-2026-46495 Unsafe Deserialization in org.openidentityplatform.opendj:opendj-server-legacy (CVE-2026-46495)
vulnerability in org.openidentityplatform.opendj:opendj-server-legacy (CVE-2026-46495). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.1.1` or later.
CVE-2026-46488 Vulnerability in motioneye (CVE-2026-46488)
vulnerability in motioneye (CVE-2026-46488). Risk of unauthorized operations or information disclosure. Exploitable via ``meye_password_hash``. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-44795 Vulnerability in io.spinnaker.rosco:rosco-core (CVE-2026-44795)
vulnerability in io.spinnaker.rosco:rosco-core (CVE-2026-44795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2025.3.3` or later.
CVE-2026-44793 Cross-Site Scripting (XSS) in org.openidentityplatform.openam:openam-federation-library (CVE-2026-44793)
cross-site scripting in org.openidentityplatform.openam:openam-federation-library (CVE-2026-44793). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.1.1` or later.
CVE-2026-44778 Vulnerability in github.com/inspektor-gadget/inspektor-gadget (CVE-2026-44778)
vulnerability in github.com/inspektor-gadget/inspektor-gadget (CVE-2026-44778). Risk of unauthorized operations or information disclosure. Exploitable via ``DescSize``. Mitigation: upgrade to `0.53.1` or later.
CVE-2026-44585 Vulnerability in paymenter/paymenter (CVE-2026-44585)
vulnerability in paymenter/paymenter (CVE-2026-44585). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.5.0` or later.
CVE-2026-44584 Authentication Bypass in paymenter/paymenter (CVE-2026-44584)
authentication bypass in paymenter/paymenter (CVE-2026-44584). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.5.0` or later.
CVE-2026-44583 SSRF (Server-Side Request Forgery) in paymenter/paymenter (CVE-2026-44583)
SSRF in paymenter/paymenter (CVE-2026-44583). Risk of unauthorized operations or information disclosure. Exploitable via ``file_get_contents``. Mitigation: upgrade to `1.5.0` or later.
CVE-2026-44517 Path Traversal in github.com/containers/buildah (CVE-2026-44517)
path traversal in github.com/containers/buildah (CVE-2026-44517). Risk of unauthorized operations or information disclosure. Exploitable via ``add``. Mitigation: upgrade to `1.43.2` or later.
CVE-2026-44203 Cross-Site Scripting (XSS) in org.openidentityplatform.openam:openam-oauth2 (CVE-2026-44203)
cross-site scripting in org.openidentityplatform.openam:openam-oauth2 (CVE-2026-44203). Risk of unauthorized operations or information disclosure. Exploitable via ``form_post``. Mitigation: upgrade to `16.1.1` or later.
CVE-2026-44202 SSRF (Server-Side Request Forgery) in org.openidentityplatform.openam:openam-core (CVE-2026-44202)
SSRF in org.openidentityplatform.openam:openam-core (CVE-2026-44202). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.1.1` or later.
CVE-2026-44179 Vulnerability in com.xwiki.pro:xwiki-pro-macros (CVE-2026-44179)
vulnerability in com.xwiki.pro:xwiki-pro-macros (CVE-2026-44179). Risk of unauthorized operations or information disclosure. Exploitable via ``Exploit``. Mitigation: upgrade to `1.14.5` or later.
CVE-2026-41579 Vulnerability in github.com/opencontainers/runc (CVE-2026-41579)
vulnerability in github.com/opencontainers/runc (CVE-2026-41579). Risk of unauthorized operations or information disclosure. Exploitable via ``setupPtmx``. Mitigation: upgrade to `1.5.0-rc.3` or later.
CVE-2026-41573 Vulnerability in org.openidentityplatform.openam:openam-core-rest (CVE-2026-41573)
vulnerability in org.openidentityplatform.openam:openam-core-rest (CVE-2026-41573). Risk of unauthorized operations or information disclosure. Exploitable via `GET /openam/json/{realm}/users`. Mitigation: upgrade to `16.1.1` or later.
CVE-2026-33731 Vulnerability in wwbn/avideo (CVE-2026-33731)
vulnerability in wwbn/avideo (CVE-2026-33731). Risk of unauthorized operations or information disclosure. Exploitable via ``users_id``. Mitigation: upgrade to `29.0` or later.
CVE-2025-67303 Vulnerability in comfyui-manager (CVE-2025-67303)
vulnerability in comfyui-manager (CVE-2025-67303). Risk of unauthorized operations or information disclosure. Exploitable via ``aaed1dc``. Mitigation: upgrade to `3.38` or later.
CVE-2026-33692 Vulnerability in wwbn/avideo (CVE-2026-33692)
vulnerability in wwbn/avideo (CVE-2026-33692). Risk of unauthorized operations or information disclosure. Exploitable via `GET /.env`. Mitigation: upgrade to `29.0` or later.
CVE-2026-55443 Path Traversal in langchain (CVE-2026-55443)
path traversal in langchain (CVE-2026-55443). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.9` or later.
CVE-2026-56109 Vulnerability in c (CVE-2026-56109)
vulnerability in c (CVE-2026-56109). Risk of unauthorized operations or information disclosure.
CVE-2026-11994 Cross-Site Scripting (XSS) in CVE-2026-11994 (CVE-2026-11994)
cross-site scripting in CVE-2026-11994 (CVE-2026-11994). Risk of unauthorized operations or information disclosure.
CVE-2026-12249 Vulnerability in CVE-2026-12249 (CVE-2026-12249)
vulnerability in CVE-2026-12249 (CVE-2026-12249). Successful exploitation can lead to full system takeover.
CVE-2026-42127 Vulnerability in dos (CVE-2026-42127)
vulnerability in dos (CVE-2026-42127). Risk of unauthorized operations or information disclosure.
CVE-2026-10789 Code Injection in autodesk (CVE-2026-10789)
code injection in autodesk (CVE-2026-10789). Successful exploitation can lead to full system takeover.
CVE-2026-11825 Vulnerability in CVE-2026-11825 (CVE-2026-11825)
vulnerability in CVE-2026-11825 (CVE-2026-11825). Risk of unauthorized operations or information disclosure.
CVE-2026-33684 Vulnerability in wwbn/avideo (CVE-2026-33684)
vulnerability in wwbn/avideo (CVE-2026-33684). Risk of unauthorized operations or information disclosure. Exploitable via ``set_api_signUp``. Mitigation: upgrade to `29.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →