Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56669 |
|
Vulnerability in CVE-2026-56669 (CVE-2026-56669)
vulnerability in CVE-2026-56669 (CVE-2026-56669). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59882 |
|
Vulnerability in CVE-2026-59882 (CVE-2026-59882)
vulnerability in CVE-2026-59882 (CVE-2026-59882). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-14198 |
|
Vulnerability in fastify (CVE-2026-14198)
vulnerability in fastify (CVE-2026-14198). Confidential information can be exposed externally.
|
| CVE-2026-13676 |
|
Vulnerability in openjsf (CVE-2026-13676)
vulnerability in openjsf (CVE-2026-13676). Data can be tampered with by attackers.
|
| CVE-2026-48788 |
|
Cross-Site Scripting (XSS) in github.com/umputun/remark42 (CVE-2026-48788)
cross-site scripting in github.com/umputun/remark42 (CVE-2026-48788). Confidential information can be exposed externally. Exploitable via ``http.DetectContentType``. Mitigation: upgrade to `1.16.0` or later.
|
| CVE-2026-53538 |
|
Vulnerability in python-multipart (CVE-2026-53538)
vulnerability in python-multipart (CVE-2026-53538). Risk of unauthorized operations or information disclosure. Exploitable via ``QuerystringParser``. Mitigation: upgrade to `0.0.30` or later.
|
| CVE-2026-53537 |
|
Vulnerability in python-multipart (CVE-2026-53537)
vulnerability in python-multipart (CVE-2026-53537). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_options_header``. Mitigation: upgrade to `0.0.30` or later.
|
| CVE-2026-53655 |
|
Vulnerability in tar (CVE-2026-53655)
vulnerability in tar (CVE-2026-53655). Data can be tampered with by attackers. Exploitable via ``tar``. Mitigation: upgrade to `7.5.16` or later.
|
| CVE-2026-47344 |
|
Cross-Site Scripting (XSS) in typo3/html-sanitizer (CVE-2026-47344)
cross-site scripting in typo3/html-sanitizer (CVE-2026-47344). Risk of unauthorized operations or information disclosure. Exploitable via ``ALLOW_INSECURE_RAW_TEXT``. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-40930 |
|
Vulnerability in CVE-2026-40930 (CVE-2026-40930)
vulnerability in CVE-2026-40930 (CVE-2026-40930). Risk of unauthorized operations or information disclosure. Exploitable via ``png_process_data``.
|
| CVE-2026-42462 |
|
Vulnerability in @fedify/fedify (CVE-2026-42462)
vulnerability in @fedify/fedify (CVE-2026-42462). Data can be tampered with by attackers. Exploitable via ``Activity``. Mitigation: upgrade to `1.9.11` or later.
|
| CVE-2026-47076 |
|
Vulnerability in hackney (CVE-2026-47076)
vulnerability in hackney (CVE-2026-47076). Confidential information can be exposed externally. Exploitable via ``localhost``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-40165 |
|
Vulnerability in authentik (CVE-2026-40165)
vulnerability in authentik (CVE-2026-40165). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|
| CVE-2026-42551 |
|
Vulnerability in flightphp/core (CVE-2026-42551)
vulnerability in flightphp/core (CVE-2026-42551). Data can be tampered with by attackers. Exploitable via `GET /item/42`. Mitigation: upgrade to `3.18.1` or later.
|
| CVE-2026-42177 |
|
Vulnerability in CVE-2026-42177 (CVE-2026-42177)
vulnerability in CVE-2026-42177 (CVE-2026-42177). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.1` or later.
|
| CVE-2026-44576 |
|
Vulnerability in next (CVE-2026-44576)
vulnerability in next (CVE-2026-44576). Risk of unauthorized operations or information disclosure. Exploitable via ``RSC``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-6322 |
|
Vulnerability in fast-uri (CVE-2026-6322)
vulnerability in fast-uri (CVE-2026-6322). Data can be tampered with by attackers. Exploitable via ``evil.com``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-42274 |
|
Vulnerability in github.com/dadrus/heimdall (CVE-2026-42274)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42274). Risk of unauthorized operations or information disclosure. Exploitable via ``allow_encoded_slashes``. Mitigation: upgrade to `0.17.14` or later.
|
| CVE-2026-42273 |
|
Vulnerability in github.com/dadrus/heimdall (CVE-2026-42273)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42273). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``. Mitigation: upgrade to `0.17.14` or later.
|
| CVE-2026-42272 |
|
Vulnerability in github.com/dadrus/heimdall (CVE-2026-42272)
vulnerability in github.com/dadrus/heimdall (CVE-2026-42272). Risk of unauthorized operations or information disclosure. Exploitable via ``allow_encoded_slashes``. Mitigation: upgrade to `0.17.14` or later.
|
| CVE-2026-8034 |
|
Vulnerability in ssrf (CVE-2026-8034)
vulnerability in ssrf (CVE-2026-8034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30246 |
|
Vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-30246)
vulnerability in github.com/gofiber/fiber/v3 (CVE-2026-30246). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-33804 |
|
Vulnerability in fastify (CVE-2026-33804)
vulnerability in fastify (CVE-2026-33804). Confidential information can be exposed externally.
|
| CVE-2026-6270 |
|
Vulnerability in fastify (CVE-2026-6270)
vulnerability in fastify (CVE-2026-6270). Confidential information can be exposed externally.
|
| CVE-2026-33808 |
|
Vulnerability in @fastify/express (CVE-2026-33808)
vulnerability in @fastify/express (CVE-2026-33808). Confidential information can be exposed externally. Exploitable via `GET //admin/dashboard`. Mitigation: upgrade to `4.0.3` or later.
|
| CVE-2026-33807 |
|
Vulnerability in express (CVE-2026-33807)
vulnerability in express (CVE-2026-33807). Confidential information can be exposed externally.
|
| CVE-2026-27896 |
|
Vulnerability in lfprojects (CVE-2026-27896)
vulnerability in lfprojects (CVE-2026-27896). Data can be tampered with by attackers.
|
| CVE-2026-25223 |
|
Vulnerability in fastify (CVE-2026-25223)
vulnerability in fastify (CVE-2026-25223). Data can be tampered with by attackers.
|
| CVE-2025-48384 KEV |
|
[KEV] Vulnerability in git (CVE-2025-48384)
vulnerability in git (CVE-2025-48384). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|