Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-178 Clear
ID Title
CVE-2026-54763 Vulnerability in traefik (CVE-2026-54763)
vulnerability in traefik (CVE-2026-54763). Confidential information can be exposed externally.
CVE-2026-14617 Vulnerability in CVE-2026-14617 (CVE-2026-14617)
vulnerability in CVE-2026-14617 (CVE-2026-14617). Risk of unauthorized operations or information disclosure.
CVE-2026-58057 Vulnerability in flowiseai (CVE-2026-58057)
vulnerability in flowiseai (CVE-2026-58057). Risk of unauthorized operations or information disclosure.
CVE-2026-57234 Vulnerability in ssrf (CVE-2026-57234)
vulnerability in ssrf (CVE-2026-57234). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-48794 Vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794)
vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794). Risk of unauthorized operations or information disclosure. Exploitable via ``a.b.example.com``. Mitigation: upgrade to `4.39.20` or later.
CVE-2026-49336 Vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336)
vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.0.0-preview.102` or later.
CVE-2026-53721 Vulnerability in nuxt (CVE-2026-53721)
vulnerability in nuxt (CVE-2026-53721). Confidential information can be exposed externally. Exploitable via ``routeRules``. Mitigation: upgrade to `3.21.7` or later.
CVE-2026-47346 Vulnerability in typo3/cms-core (CVE-2026-47346)
vulnerability in typo3/cms-core (CVE-2026-47346). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.3.3` or later.
CVE-2026-46392 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
CVE-2026-8404 Vulnerability in django (CVE-2026-8404)
vulnerability in django (CVE-2026-8404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.2.15, 6.0.6` or later.
CVE-2026-48595 Vulnerability in tesla (CVE-2026-48595)
vulnerability in tesla (CVE-2026-48595). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.18.3` or later.
CVE-2026-44367 Vulnerability in apache (CVE-2026-44367)
vulnerability in apache (CVE-2026-44367). Risk of unauthorized operations or information disclosure.
CVE-2026-47203 Vulnerability in github.com/authelia/authelia/v4 (CVE-2026-47203)
vulnerability in github.com/authelia/authelia/v4 (CVE-2026-47203). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``. Mitigation: upgrade to `4.39.20` or later.
CVE-2026-47323 Vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323)
vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.18.2` or later.
CVE-2026-45135 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
CVE-2026-45062 Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
CVE-2026-43513 Vulnerability in tomcat (CVE-2026-43513)
vulnerability in tomcat (CVE-2026-43513). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-42272 Vulnerability in github.com/dadrus/heimdall (CVE-2026-42272)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42272). Risk of unauthorized operations or information disclosure. Exploitable via ``allow_encoded_slashes``. Mitigation: upgrade to `0.17.14` or later.
CVE-2026-42273 Vulnerability in github.com/dadrus/heimdall (CVE-2026-42273)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42273). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``. Mitigation: upgrade to `0.17.14` or later.
CVE-2026-3833 Vulnerability in gnu (CVE-2026-3833)
vulnerability in gnu (CVE-2026-3833). Risk of unauthorized operations or information disclosure. Exploitable via ``nameConstraints``.
CVE-2026-40453 Vulnerability in org.apache.camel:camel-coap (CVE-2026-40453)
vulnerability in org.apache.camel:camel-coap (CVE-2026-40453). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.20.0` or later.
CVE-2026-22665 Vulnerability in fka (CVE-2026-22665)
vulnerability in fka (CVE-2026-22665). Confidential information can be exposed externally.
CVE-2026-28292 OS Command Injection in simple-git-project (CVE-2026-28292)
OS command injection in simple-git-project (CVE-2026-28292). Successful exploitation can lead to full system takeover.
CVE-2026-29054 Vulnerability in traefik (CVE-2026-29054)
vulnerability in traefik (CVE-2026-29054). Data can be tampered with by attackers.
CVE-2026-27896 Vulnerability in lfprojects (CVE-2026-27896)
vulnerability in lfprojects (CVE-2026-27896). Data can be tampered with by attackers.
CVE-2025-50864 Vulnerability in csharp (CVE-2025-50864)
vulnerability in csharp (CVE-2025-50864). Data can be tampered with by attackers.
CVE-2025-4035 Vulnerability in CVE-2025-4035 (CVE-2025-4035)
vulnerability in CVE-2025-4035 (CVE-2025-4035). Risk of unauthorized operations or information disclosure.
CVE-2023-46218 Vulnerability in haxx (CVE-2023-46218)
vulnerability in haxx (CVE-2023-46218). Risk of unauthorized operations or information disclosure. Exploitable via ``curl.co.uk``.
CVE-2020-12812 KEV [KEV] Vulnerability in Fortinet fortios (CVE-2020-12812)
vulnerability in Fortinet fortios (CVE-2020-12812). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-8493 Vulnerability in microsoft (CVE-2017-8493)
vulnerability in microsoft (CVE-2017-8493). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →