Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-55794 |
|
Code Injection in craftcms/cms (CVE-2026-55794)
code injection in craftcms/cms (CVE-2026-55794). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.10.0` or later.
|
| CVE-2026-28496 |
|
Vulnerability in CVE-2026-28496 (CVE-2026-28496)
vulnerability in CVE-2026-28496 (CVE-2026-28496). Risk of unauthorized operations or information disclosure. Exploitable via ``string_render``.
|
| CVE-2026-52796 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52796)
vulnerability in gogs.io/gogs (CVE-2026-52796). Risk of unauthorized operations or information disclosure. Exploitable via ``com.Expand``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-54390 |
|
Vulnerability in CVE-2026-54390 (CVE-2026-54390)
vulnerability in CVE-2026-54390 (CVE-2026-54390). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41065 |
|
Vulnerability in CVE-2026-41065 (CVE-2026-41065)
vulnerability in CVE-2026-41065 (CVE-2026-41065). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34906 |
|
Vulnerability in CVE-2026-34906 (CVE-2026-34906)
vulnerability in CVE-2026-34906 (CVE-2026-34906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42252 |
|
Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-49382 |
|
Vulnerability in jetbrains (CVE-2026-49382)
vulnerability in jetbrains (CVE-2026-49382). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45312 |
|
Vulnerability in CVE-2026-45312 (CVE-2026-45312)
vulnerability in CVE-2026-45312 (CVE-2026-45312). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9558 |
|
Vulnerability in mautic/core (CVE-2026-9558)
vulnerability in mautic/core (CVE-2026-9558). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-44723 |
|
OS Command Injection in vowpalwabbit (CVE-2026-44723)
OS command injection in vowpalwabbit (CVE-2026-44723). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9498 |
|
Vulnerability in CVE-2026-9498 (CVE-2026-9498)
vulnerability in CVE-2026-9498 (CVE-2026-9498). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40900 |
|
Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29207 |
|
Vulnerability in apache (CVE-2026-29207)
vulnerability in apache (CVE-2026-29207). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45697 |
|
Vulnerability in verbb/formie (CVE-2026-45697)
vulnerability in verbb/formie (CVE-2026-45697). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.20` or later.
|
| CVE-2026-8740 |
|
Vulnerability in CVE-2026-8740 (CVE-2026-8740)
vulnerability in CVE-2026-8740 (CVE-2026-8740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45714 |
|
Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44377 |
|
Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-41901 |
|
Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
|
| CVE-2026-41713 |
|
Vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713)
vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.6` or later.
|
| CVE-2026-44209 |
|
Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
|
| CVE-2026-44129 |
|
Vulnerability in CVE-2026-44129 (CVE-2026-44129)
vulnerability in CVE-2026-44129 (CVE-2026-44129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44916 |
|
Vulnerability in CVE-2026-44916 (CVE-2026-44916)
vulnerability in CVE-2026-44916 (CVE-2026-44916). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42203 |
|
Vulnerability in litellm (CVE-2026-42203)
vulnerability in litellm (CVE-2026-42203). Successful exploitation can lead to full system takeover. Exploitable via `POST /prompts/test`. Mitigation: upgrade to `1.83.7` or later.
|
| CVE-2026-40477 |
|
Vulnerability in thymeleaf (CVE-2026-40477)
vulnerability in thymeleaf (CVE-2026-40477). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40478 |
|
Vulnerability in thymeleaf (CVE-2026-40478)
vulnerability in thymeleaf (CVE-2026-40478). Successful exploitation can lead to full system takeover.
|
| CVE-2024-23692 KEV |
|
[KEV] Vulnerability in Rejetto http-file-server (CVE-2024-23692)
vulnerability in Rejetto http-file-server (CVE-2024-23692). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-4040 KEV |
|
[KEV] Vulnerability in crushftp (CVE-2024-4040)
vulnerability in crushftp (CVE-2024-4040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|