Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-59895 |
|
Cross-Site Scripting (XSS) in CVE-2026-59895 (CVE-2026-59895)
cross-site scripting in CVE-2026-59895 (CVE-2026-59895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54893 |
|
Vulnerability in CVE-2026-54893 (CVE-2026-54893)
vulnerability in CVE-2026-54893 (CVE-2026-54893). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49091 |
|
Vulnerability in elastic (CVE-2026-49091)
vulnerability in elastic (CVE-2026-49091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47206 |
|
Vulnerability in CVE-2026-47206 (CVE-2026-47206)
vulnerability in CVE-2026-47206 (CVE-2026-47206). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.39.9` or later.
|
| CVE-2026-40011 |
|
Vulnerability in CVE-2026-40011 (CVE-2026-40011)
vulnerability in CVE-2026-40011 (CVE-2026-40011). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55570 |
|
Cross-Site Scripting (XSS) in CVE-2026-55570 (CVE-2026-55570)
cross-site scripting in CVE-2026-55570 (CVE-2026-55570). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54699 |
|
OS Command Injection in CVE-2026-54699 (CVE-2026-54699)
OS command injection in CVE-2026-54699 (CVE-2026-54699). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.2026.05.06.15.42.stable` or later.
|
| CVE-2026-56379 |
|
Vulnerability in imagemagick (CVE-2026-56379)
vulnerability in imagemagick (CVE-2026-56379). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44913 |
|
Vulnerability in apache (CVE-2026-44913)
vulnerability in apache (CVE-2026-44913). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12047 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-12047)
cross-site scripting in react (CVE-2026-12047). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12048 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-12048)
cross-site scripting in react (CVE-2026-12048). Confidential information can be exposed externally.
|
| CVE-2026-12044 |
|
SQL Injection in sqli (CVE-2026-12044)
SQL injection in sqli (CVE-2026-12044). Successful exploitation can lead to full system takeover. Exploitable via ``qtLiteral``.
|
| CVE-2026-54013 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-54013)
cross-site scripting in open-webui (CVE-2026-54013). Confidential information can be exposed externally. Exploitable via `GET /api/v1/models/model/profile/image`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-52846 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846). Risk of unauthorized operations or information disclosure. Exploitable via ``stripHTML``. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-54287 |
|
Vulnerability in hono (CVE-2026-54287)
vulnerability in hono (CVE-2026-54287). Risk of unauthorized operations or information disclosure. Exploitable via ``Expires``. Mitigation: upgrade to `4.12.25` or later.
|
| CVE-2026-44311 |
|
Cross-Site Scripting (XSS) in fabric (CVE-2026-44311)
cross-site scripting in fabric (CVE-2026-44311). Risk of unauthorized operations or information disclosure. Exploitable via ``color``. Mitigation: upgrade to `7.4.0` or later.
|
| CVE-2026-54133 |
|
Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
|
| CVE-2026-28898 |
|
Vulnerability in github.com/apple/swift-nio-http2 (CVE-2026-28898)
vulnerability in github.com/apple/swift-nio-http2 (CVE-2026-28898). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTP2FramePayloadToHTTP1ServerCodec``. Mitigation: upgrade to `1.44.1` or later.
|
| CVE-2026-48485 |
|
Vulnerability in CVE-2026-48485 (CVE-2026-48485)
vulnerability in CVE-2026-48485 (CVE-2026-48485). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47188 |
|
Vulnerability in CVE-2026-47188 (CVE-2026-47188)
vulnerability in CVE-2026-47188 (CVE-2026-47188). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47171 |
|
Vulnerability in CVE-2026-47171 (CVE-2026-47171)
vulnerability in CVE-2026-47171 (CVE-2026-47171). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47173 |
|
Vulnerability in CVE-2026-47173 (CVE-2026-47173)
vulnerability in CVE-2026-47173 (CVE-2026-47173). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47175 |
|
Vulnerability in CVE-2026-47175 (CVE-2026-47175)
vulnerability in CVE-2026-47175 (CVE-2026-47175). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42558 |
|
Cross-Site Scripting (XSS) in CVE-2026-42558 (CVE-2026-42558)
cross-site scripting in CVE-2026-42558 (CVE-2026-42558). Confidential information can be exposed externally.
|
| CVE-2026-53693 |
|
Cross-Site Scripting (XSS) in CVE-2026-53693 (CVE-2026-53693)
cross-site scripting in CVE-2026-53693 (CVE-2026-53693). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49472 |
|
Vulnerability in c (CVE-2026-49472)
vulnerability in c (CVE-2026-49472). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8795 |
|
Vulnerability in CVE-2026-8795 (CVE-2026-8795)
vulnerability in CVE-2026-8795 (CVE-2026-8795). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20245 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-42321 |
|
Cross-Site Scripting (XSS) in CVE-2026-42321 (CVE-2026-42321)
cross-site scripting in CVE-2026-42321 (CVE-2026-42321). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48598 |
|
Vulnerability in tesla (CVE-2026-48598)
vulnerability in tesla (CVE-2026-48598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.18.3` or later.
|
| CVE-2026-48209 |
|
Cross-Site Scripting (XSS) in c (CVE-2026-48209)
cross-site scripting in c (CVE-2026-48209). Data can be tampered with by attackers.
|
| CVE-2026-44713 |
|
OS Command Injection in c (CVE-2026-44713)
OS command injection in c (CVE-2026-44713). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-9354 |
|
Vulnerability in CVE-2026-9354 (CVE-2026-9354)
vulnerability in CVE-2026-9354 (CVE-2026-9354). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26028 |
|
Vulnerability in cryptpad (CVE-2026-26028)
vulnerability in cryptpad (CVE-2026-26028). Risk of unauthorized operations or information disclosure. Exploitable via ``jscolor.js``.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45570 |
|
Vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570)
vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570). Successful exploitation can lead to full system takeover. Exploitable via ``sq_quote_buf``. Mitigation: upgrade to `5.19.1` or later.
|
| CVE-2026-46496 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-45011 |
|
Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
|
| CVE-2026-45375 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45375)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-45375). Successful exploitation can lead to full system takeover. Exploitable via ``name``.
|
| CVE-2026-43939 |
|
Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-43938 |
|
Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-28907 |
|
Vulnerability in apple (CVE-2026-28907)
vulnerability in apple (CVE-2026-28907). Confidential information can be exposed externally.
|
| CVE-2026-44972 |
|
Vulnerability in guarddog (CVE-2026-44972)
vulnerability in guarddog (CVE-2026-44972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20136 |
|
Vulnerability in Cisco identity-services-engine (CVE-2026-20136)
vulnerability in Cisco identity-services-engine (CVE-2026-20136). Confidential information can be exposed externally.
|
| CVE-2026-44458 |
|
Vulnerability in hono (CVE-2026-44458)
vulnerability in hono (CVE-2026-44458). Risk of unauthorized operations or information disclosure. Exploitable via ``style``. Mitigation: upgrade to `4.12.18` or later.
|
| CVE-2026-44588 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588). Risk of unauthorized operations or information disclosure. Exploitable via ``getAttribute``.
|
| CVE-2026-44429 |
|
Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/github-at`. Mitigation: upgrade to `1.7.7` or later.
|
| CVE-2026-39826 |
|
Vulnerability in golang (CVE-2026-39826)
vulnerability in golang (CVE-2026-39826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-42810 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810). Successful exploitation can lead to full system takeover. Exploitable via ``TABLE_CREATE``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-6019 |
|
Vulnerability in libpython (CVE-2026-6019)
vulnerability in libpython (CVE-2026-6019). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.5` or later.
|