Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46717 |
|
Authorization Flaw in github.com/nezhahq/nezha (CVE-2026-46717)
vulnerability in github.com/nezhahq/nezha (CVE-2026-46717). Confidential information can be exposed externally. Exploitable via `POST /api/v1/notification`. Mitigation: upgrade to `1.14.15-0.20260517022419-d06d539d34c1` or later.
|
| CVE-2026-41076 |
|
Authentication Bypass in CVE-2026-41076 (CVE-2026-41076)
authentication bypass in CVE-2026-41076 (CVE-2026-41076). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41074 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-41074)
vulnerability in csrf (CVE-2026-41074). Data can be tampered with by attackers.
|
| CVE-2026-41071 |
|
Out-of-Bounds Read in struktur (CVE-2026-41071)
vulnerability in struktur (CVE-2026-41071). Confidential information can be exposed externally.
|
| CVE-2026-41075 |
|
SQL Injection in sqli (CVE-2026-41075)
SQL injection in sqli (CVE-2026-41075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39968 |
|
Vulnerability in CVE-2026-39968 (CVE-2026-39968)
vulnerability in CVE-2026-39968 (CVE-2026-39968). Confidential information can be exposed externally.
|
| CVE-2026-9255 |
|
Vulnerability in Amazon aws (CVE-2026-9255)
vulnerability in Amazon aws (CVE-2026-9255). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9018 |
|
Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
|
| CVE-2026-4834 |
|
SQL Injection in wordpress (CVE-2026-4834)
SQL injection in wordpress (CVE-2026-4834). Confidential information can be exposed externally.
|
| CVE-2026-46597 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-46597)
vulnerability in golang.org/x/crypto (CVE-2026-46597). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39829 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39829)
vulnerability in golang.org/x/crypto (CVE-2026-39829). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-34911 |
|
Path Traversal in path-traversal (CVE-2026-34911)
path traversal in path-traversal (CVE-2026-34911). Confidential information can be exposed externally.
|
| CVE-2026-8415 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8414 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8414)
vulnerability in concrete5/concrete5 (CVE-2026-8414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8413 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8413)
vulnerability in concrete5/concrete5 (CVE-2026-8413). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8434 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8434)
vulnerability in concrete5/concrete5 (CVE-2026-8434). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8433 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8433)
vulnerability in concrete5/concrete5 (CVE-2026-8433). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8432 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8432)
vulnerability in concrete5/concrete5 (CVE-2026-8432). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8427 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8427)
vulnerability in concrete5/concrete5 (CVE-2026-8427). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8416 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8416)
vulnerability in concrete5/concrete5 (CVE-2026-8416). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8409 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8409)
vulnerability in concrete5/concrete5 (CVE-2026-8409). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8410 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8410)
vulnerability in concrete5/concrete5 (CVE-2026-8410). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8412 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8412)
vulnerability in concrete5/concrete5 (CVE-2026-8412). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8411 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8411)
vulnerability in concrete5/concrete5 (CVE-2026-8411). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-46680 |
|
Privilege Escalation in github.com/containerd/containerd (CVE-2026-46680)
vulnerability in github.com/containerd/containerd (CVE-2026-46680). Successful exploitation can lead to full system takeover. Exploitable via ``User``. Mitigation: upgrade to `1.7.32` or later.
|
| CVE-2026-46679 |
|
Vulnerability in @libp2p/gossipsub (CVE-2026-46679)
vulnerability in @libp2p/gossipsub (CVE-2026-46679). Risk of unauthorized operations or information disclosure. Exploitable via ``handleReceivedSubscription``. Mitigation: upgrade to `15.0.23` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47102 |
|
Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
|
| CVE-2026-8134 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47101 |
|
Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
|
| CVE-2026-46625 |
|
Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
|
| CVE-2026-46673 |
|
Vulnerability in russh-cryptovec (CVE-2026-46673)
vulnerability in russh-cryptovec (CVE-2026-46673). Risk of unauthorized operations or information disclosure. Exploitable via ``CryptoVec``. Mitigation: upgrade to `0.60.3` or later.
|
| CVE-2026-46519 |
|
Authorization Flaw in mcp-server-kubernetes (CVE-2026-46519)
vulnerability in mcp-server-kubernetes (CVE-2026-46519). Successful exploitation can lead to full system takeover. Exploitable via ``ALLOW_ONLY_READONLY_TOOLS``. Mitigation: upgrade to `3.6.0` or later.
|
| CVE-2026-47114 |
|
Vulnerability in CVE-2026-47114 (CVE-2026-47114)
vulnerability in CVE-2026-47114 (CVE-2026-47114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46612 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46612)
vulnerability in github.com/fission/fission (CVE-2026-46612). Successful exploitation can lead to full system takeover. Exploitable via ``storagesvc``. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-46545 |
|
Vulnerability in nimiq-primitives (CVE-2026-46545)
vulnerability in nimiq-primitives (CVE-2026-46545). Risk of unauthorized operations or information disclosure. Exploitable via ``RequestChunk``. Mitigation: upgrade to `1.5.0` or later.
|
| CVE-2026-46517 |
|
Code Injection in lmdeploy (CVE-2026-46517)
code injection in lmdeploy (CVE-2026-46517). Successful exploitation can lead to full system takeover. Exploitable via ``get_model_arch``.
|
| CVE-2026-46473 |
|
Vulnerability in CVE-2026-46473 (CVE-2026-46473)
vulnerability in CVE-2026-46473 (CVE-2026-46473). Confidential information can be exposed externally.
|
| CVE-2026-48242 |
|
Vulnerability in CVE-2026-48242 (CVE-2026-48242)
vulnerability in CVE-2026-48242 (CVE-2026-48242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48241 |
|
Vulnerability in CVE-2026-48241 (CVE-2026-48241)
vulnerability in CVE-2026-48241 (CVE-2026-48241). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48237 |
|
SQL Injection in sqli (CVE-2026-48237)
SQL injection in sqli (CVE-2026-48237). Confidential information can be exposed externally.
|
| CVE-2026-48236 |
|
SQL Injection in sqli (CVE-2026-48236)
SQL injection in sqli (CVE-2026-48236). Confidential information can be exposed externally.
|
| CVE-2026-48240 |
|
SQL Injection in sqli (CVE-2026-48240)
SQL injection in sqli (CVE-2026-48240). Confidential information can be exposed externally.
|
| CVE-2026-48239 |
|
SQL Injection in sqli (CVE-2026-48239)
SQL injection in sqli (CVE-2026-48239). Confidential information can be exposed externally.
|
| CVE-2026-48235 |
|
SQL Injection in sqli (CVE-2026-48235)
SQL injection in sqli (CVE-2026-48235). Confidential information can be exposed externally.
|