Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2018-25342 |
|
SQL Injection in sqli (CVE-2018-25342)
SQL injection in sqli (CVE-2018-25342). Confidential information can be exposed externally.
|
| CVE-2018-25340 |
|
SQL Injection in sqli (CVE-2018-25340)
SQL injection in sqli (CVE-2018-25340). Confidential information can be exposed externally.
|
| CVE-2018-25341 |
|
SQL Injection in sqli (CVE-2018-25341)
SQL injection in sqli (CVE-2018-25341). Confidential information can be exposed externally.
|
| CVE-2026-43503 |
|
Vulnerability in c (CVE-2026-43503)
vulnerability in c (CVE-2026-43503). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9295 |
|
Buffer Overflow in CVE-2026-9295 (CVE-2026-9295)
vulnerability in CVE-2026-9295 (CVE-2026-9295). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9294 |
|
Buffer Overflow in CVE-2026-9294 (CVE-2026-9294)
vulnerability in CVE-2026-9294 (CVE-2026-9294). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45659 KEV |
|
[KEV] Unsafe Deserialization in Microsoft deserialization (CVE-2026-45659)
vulnerability in Microsoft deserialization (CVE-2026-45659). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6895 |
|
Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6419 |
|
Privilege Escalation in wordpress (CVE-2026-6419)
vulnerability in wordpress (CVE-2026-6419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9284 |
|
Vulnerability in wordpress (CVE-2026-9284)
vulnerability in wordpress (CVE-2026-9284). Confidential information can be exposed externally.
|
| CVE-2026-6898 |
|
Privilege Escalation in wordpress (CVE-2026-6898)
vulnerability in wordpress (CVE-2026-6898). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6897 |
|
Privilege Escalation in wordpress (CVE-2026-6897)
vulnerability in wordpress (CVE-2026-6897). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5843 |
|
Vulnerability in docker (CVE-2026-5843)
vulnerability in docker (CVE-2026-5843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23663 |
|
Privilege Escalation in microsoft (CVE-2026-23663)
vulnerability in microsoft (CVE-2026-23663). Confidential information can be exposed externally.
|
| CVE-2026-5817 |
|
Vulnerability in docker (CVE-2026-5817)
vulnerability in docker (CVE-2026-5817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3294 |
|
Vulnerability in tp-link (CVE-2026-3294)
vulnerability in tp-link (CVE-2026-3294). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26147 |
|
Vulnerability in microsoft (CVE-2026-26147)
vulnerability in microsoft (CVE-2026-26147). Confidential information can be exposed externally.
|
| CVE-2026-35430 |
|
Vulnerability in microsoft (CVE-2026-35430)
vulnerability in microsoft (CVE-2026-35430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46727 |
|
Vulnerability in ruby (CVE-2026-46727)
vulnerability in ruby (CVE-2026-46727). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-6406 |
|
Authorization Flaw in docker (CVE-2026-6406)
vulnerability in docker (CVE-2026-6406). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36228 |
|
Vulnerability in CVE-2026-36228 (CVE-2026-36228)
vulnerability in CVE-2026-36228 (CVE-2026-36228). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37470 |
|
Vulnerability in CVE-2026-37470 (CVE-2026-37470)
vulnerability in CVE-2026-37470 (CVE-2026-37470). Confidential information can be exposed externally.
|
| CVE-2025-45145 |
|
Path Traversal in path-traversal (CVE-2025-45145)
path traversal in path-traversal (CVE-2025-45145). Confidential information can be exposed externally.
|
| CVE-2026-9256 |
|
Vulnerability in nginx (CVE-2026-9256)
vulnerability in nginx (CVE-2026-9256). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.0, 1.30.2, 1.31.1` or later.
|
| CVE-2026-8671 |
|
Vulnerability in avantra (CVE-2026-8671)
vulnerability in avantra (CVE-2026-8671). Data can be tampered with by attackers.
|
| CVE-2026-44417 |
|
Vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417)
vulnerability in org.apache.cxf:cxf-rt-transports-jms (CVE-2026-44417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.6.11` or later.
|
| CVE-2026-47073 |
|
Vulnerability in hackney (CVE-2026-47073)
vulnerability in hackney (CVE-2026-47073). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47067 |
|
Vulnerability in hackney (CVE-2026-47067)
vulnerability in hackney (CVE-2026-47067). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47072 |
|
Vulnerability in hackney (CVE-2026-47072)
vulnerability in hackney (CVE-2026-47072). Data can be tampered with by attackers. Exploitable via `Host header`. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47075 |
|
Vulnerability in hackney (CVE-2026-47075)
vulnerability in hackney (CVE-2026-47075). Data can be tampered with by attackers. Exploitable via ``Authorization``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47071 |
|
Vulnerability in hackney (CVE-2026-47071)
vulnerability in hackney (CVE-2026-47071). Risk of unauthorized operations or information disclosure. Exploitable via ``infinity``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47066 |
|
Vulnerability in hackney (CVE-2026-47066)
vulnerability in hackney (CVE-2026-47066). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_entry``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47125 |
|
Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-47125)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-47125). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/environments/{id}/templates/variables`. Mitigation: upgrade to `1.19.2` or later.
|
| CVE-2026-47120 |
|
Vulnerability in github.com/nezhahq/nezha (CVE-2026-47120)
vulnerability in github.com/nezhahq/nezha (CVE-2026-47120). Data can be tampered with by attackers. Exploitable via `POST /api/v1/alert-rule`. Mitigation: upgrade to `1.14.15-0.20260517022419-d7526351cf97` or later.
|
| CVE-2026-46717 |
|
Authorization Flaw in github.com/nezhahq/nezha (CVE-2026-46717)
vulnerability in github.com/nezhahq/nezha (CVE-2026-46717). Confidential information can be exposed externally. Exploitable via `POST /api/v1/notification`. Mitigation: upgrade to `1.14.15-0.20260517022419-d06d539d34c1` or later.
|
| CVE-2026-41076 |
|
Authentication Bypass in CVE-2026-41076 (CVE-2026-41076)
authentication bypass in CVE-2026-41076 (CVE-2026-41076). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41071 |
|
Out-of-Bounds Read in struktur (CVE-2026-41071)
vulnerability in struktur (CVE-2026-41071). Confidential information can be exposed externally.
|
| CVE-2026-41074 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-41074)
vulnerability in csrf (CVE-2026-41074). Data can be tampered with by attackers.
|
| CVE-2026-41075 |
|
SQL Injection in sqli (CVE-2026-41075)
SQL injection in sqli (CVE-2026-41075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39968 |
|
Vulnerability in CVE-2026-39968 (CVE-2026-39968)
vulnerability in CVE-2026-39968 (CVE-2026-39968). Confidential information can be exposed externally.
|
| CVE-2026-9255 |
|
Vulnerability in Amazon aws (CVE-2026-9255)
vulnerability in Amazon aws (CVE-2026-9255). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-4834 |
|
SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
|
| CVE-2026-46597 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-46597)
vulnerability in golang.org/x/crypto (CVE-2026-46597). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39829 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39829)
vulnerability in golang.org/x/crypto (CVE-2026-39829). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-34911 |
|
Path Traversal in path-traversal (CVE-2026-34911)
path traversal in path-traversal (CVE-2026-34911). Confidential information can be exposed externally.
|
| CVE-2026-8413 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8413)
vulnerability in concrete5/concrete5 (CVE-2026-8413). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8415 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8414 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8414)
vulnerability in concrete5/concrete5 (CVE-2026-8414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8427 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8427)
vulnerability in concrete5/concrete5 (CVE-2026-8427). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|