Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56139 |
|
Vulnerability in apache (CVE-2026-56139)
vulnerability in apache (CVE-2026-56139). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49365 |
|
Vulnerability in apache (CVE-2026-49365)
vulnerability in apache (CVE-2026-49365). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53906 |
|
Path Traversal in path-traversal (CVE-2026-53906)
path traversal in path-traversal (CVE-2026-53906). Data can be tampered with by attackers.
|
| CVE-2026-56331 |
|
Vulnerability in CVE-2026-56331 (CVE-2026-56331)
vulnerability in CVE-2026-56331 (CVE-2026-56331). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36328 |
|
Vulnerability in ibm (CVE-2025-36328)
vulnerability in ibm (CVE-2025-36328). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47775 |
|
Vulnerability in envoyproxy (CVE-2026-47775)
vulnerability in envoyproxy (CVE-2026-47775). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-49979 |
|
Vulnerability in appsmith (CVE-2026-49979)
vulnerability in appsmith (CVE-2026-49979). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/admin/send-test-email`. Mitigation: upgrade to `1.99` or later.
|
| CVE-2025-59872 |
|
Vulnerability in hcltech (CVE-2025-59872)
vulnerability in hcltech (CVE-2025-59872). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40997 |
|
Vulnerability in CVE-2026-40997 (CVE-2026-40997)
vulnerability in CVE-2026-40997 (CVE-2026-40997). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41730 |
|
Vulnerability in vmware (CVE-2026-41730)
vulnerability in vmware (CVE-2026-41730). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52611 |
|
Vulnerability in hcltech (CVE-2025-52611)
vulnerability in hcltech (CVE-2025-52611). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52606 |
|
Vulnerability in hcltech (CVE-2025-52606)
vulnerability in hcltech (CVE-2025-52606). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47248 |
|
Vulnerability in parse-server (CVE-2026-47248)
vulnerability in parse-server (CVE-2026-47248). Risk of unauthorized operations or information disclosure. Exploitable via ``IntrospectionControlPlugin``. Mitigation: upgrade to `8.6.78` or later.
|
| CVE-2026-9794 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9794)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9794). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-42459 |
|
Vulnerability in github.com/free5gc/udm (CVE-2026-42459)
vulnerability in github.com/free5gc/udm (CVE-2026-42459). Confidential information can be exposed externally. Exploitable via ``supi``.
|
| CVE-2024-28765 |
|
Vulnerability in ibm (CVE-2024-28765)
vulnerability in ibm (CVE-2024-28765). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1248 |
|
Vulnerability in ibm (CVE-2026-1248)
vulnerability in ibm (CVE-2026-1248). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9583 |
|
Information Disclosure in CVE-2026-9583 (CVE-2026-9583)
vulnerability in CVE-2026-9583 (CVE-2026-9583). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5511 |
|
Vulnerability in tp-link (CVE-2026-5511)
vulnerability in tp-link (CVE-2026-5511). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45728 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45728)
vulnerability in github.com/xyproto/algernon (CVE-2026-45728). Confidential information can be exposed externally. Exploitable via ``singleFileMode``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-7860 |
|
Vulnerability in com.vaadin:flow-plugins (CVE-2026-7860)
vulnerability in com.vaadin:flow-plugins (CVE-2026-7860). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `25.1.5` or later.
|
| CVE-2026-41935 |
|
Vulnerability in dos (CVE-2026-41935)
vulnerability in dos (CVE-2026-41935). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42552 |
|
Vulnerability in flightphp/core (CVE-2026-42552)
vulnerability in flightphp/core (CVE-2026-42552). Confidential information can be exposed externally. Exploitable via ``flight.debug``. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-44002 |
|
Vulnerability in vm2 (CVE-2026-44002)
vulnerability in vm2 (CVE-2026-44002). Risk of unauthorized operations or information disclosure. Exploitable via ``CallSite``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43873 |
|
Vulnerability in wwbn/avideo (CVE-2026-43873)
vulnerability in wwbn/avideo (CVE-2026-43873). Confidential information can be exposed externally. Exploitable via ``cloneSiteURL``.
|
| CVE-2026-44226 |
|
Vulnerability in pyload-ng (CVE-2026-44226)
vulnerability in pyload-ng (CVE-2026-44226). Risk of unauthorized operations or information disclosure. Exploitable via ``filename``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-41644 |
|
Vulnerability in github.com/monetr/monetr (CVE-2026-41644)
vulnerability in github.com/monetr/monetr (CVE-2026-41644). Confidential information can be exposed externally. Exploitable via `POST /api/lunch_flow/link`. Mitigation: upgrade to `1.12.5` or later.
|
| CVE-2026-29146 |
|
Vulnerability in apache (CVE-2026-29146)
vulnerability in apache (CVE-2026-29146). Confidential information can be exposed externally.
|
| CVE-2026-34045 |
|
Vulnerability in linuxfoundation (CVE-2026-34045)
vulnerability in linuxfoundation (CVE-2026-34045). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2025-47813 KEV |
|
[KEV] Vulnerability in Wing ftp server wing-ftp-server (CVE-2025-47813)
vulnerability in Wing ftp server wing-ftp-server (CVE-2025-47813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-2752 |
|
Vulnerability in csharp (CVE-2026-2752)
vulnerability in csharp (CVE-2026-2752). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22778 |
|
Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2025-1395 |
|
Vulnerability in CVE-2025-1395 (CVE-2025-1395)
vulnerability in CVE-2025-1395 (CVE-2025-1395). Confidential information can be exposed externally.
|
| CVE-2025-11065 |
|
Vulnerability in CVE-2025-11065 (CVE-2025-11065)
vulnerability in CVE-2025-11065 (CVE-2025-11065). Confidential information can be exposed externally.
|
| CVE-2025-52023 |
|
Vulnerability in aptsys (CVE-2025-52023)
vulnerability in aptsys (CVE-2025-52023). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52022 |
|
Vulnerability in aptsys (CVE-2025-52022)
vulnerability in aptsys (CVE-2025-52022). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-29059 KEV |
|
[KEV] Vulnerability in Microsoft net-framework (CVE-2024-29059)
vulnerability in Microsoft net-framework (CVE-2024-29059). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-35935 |
|
Vulnerability in linux (CVE-2024-35935)
vulnerability in linux (CVE-2024-35935). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-0833 |
|
Vulnerability in squareup (CVE-2023-0833)
vulnerability in squareup (CVE-2023-0833). Confidential information can be exposed externally.
|
| CVE-2023-37306 |
|
Vulnerability in misp-project (CVE-2023-37306)
vulnerability in misp-project (CVE-2023-37306). Confidential information can be exposed externally.
|
| CVE-2021-29040 |
|
Vulnerability in liferay (CVE-2021-29040)
vulnerability in liferay (CVE-2021-29040). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7551 |
|
Vulnerability in fedoraproject (CVE-2017-7551)
vulnerability in fedoraproject (CVE-2017-7551). Successful exploitation can lead to full system takeover.
|
| CVE-2017-1370 |
|
Vulnerability in ibm (CVE-2017-1370)
vulnerability in ibm (CVE-2017-1370). Confidential information can be exposed externally.
|
| CVE-2017-7945 |
|
Vulnerability in paloaltonetworks (CVE-2017-7945)
vulnerability in paloaltonetworks (CVE-2017-7945). Successful exploitation can lead to full system takeover.
|
| CVE-2017-0885 |
|
Vulnerability in nextcloud (CVE-2017-0885)
vulnerability in nextcloud (CVE-2017-0885). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-9459 |
|
Vulnerability in nextcloud (CVE-2016-9459)
vulnerability in nextcloud (CVE-2016-9459). Risk of unauthorized operations or information disclosure.
|