Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-3110 |
|
Vulnerability in CVE-2025-3110 (CVE-2025-3110)
vulnerability in CVE-2025-3110 (CVE-2025-3110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38969 |
|
Vulnerability in CVE-2026-38969 (CVE-2026-38969)
vulnerability in CVE-2026-38969 (CVE-2026-38969). Data can be tampered with by attackers.
|
| CVE-2026-11541 |
|
Vulnerability in ibm (CVE-2026-11541)
vulnerability in ibm (CVE-2026-11541). Confidential information can be exposed externally.
|
| CVE-2026-11806 |
|
Vulnerability in ibm (CVE-2026-11806)
vulnerability in ibm (CVE-2026-11806). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13762 |
|
Vulnerability in Amazon aws (CVE-2026-13762)
vulnerability in Amazon aws (CVE-2026-13762). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13763 |
|
Vulnerability in amazon (CVE-2026-13763)
vulnerability in amazon (CVE-2026-13763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58055 |
|
Vulnerability in c (CVE-2026-58055)
vulnerability in c (CVE-2026-58055). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48743 |
|
Vulnerability in envoyproxy (CVE-2026-48743)
vulnerability in envoyproxy (CVE-2026-48743). Data can be tampered with by attackers. Exploitable via `GET /pwn`. Mitigation: upgrade to `1.35.11` or later.
|
| CVE-2026-8646 |
|
Vulnerability in ibm (CVE-2026-8646)
vulnerability in ibm (CVE-2026-8646). Confidential information can be exposed externally.
|
| CVE-2026-54388 |
|
Vulnerability in CVE-2026-54388 (CVE-2026-54388)
vulnerability in CVE-2026-54388 (CVE-2026-54388). Confidential information can be exposed externally.
|
| CVE-2026-54387 |
|
Vulnerability in CVE-2026-54387 (CVE-2026-54387)
vulnerability in CVE-2026-54387 (CVE-2026-54387). Confidential information can be exposed externally.
|
| CVE-2026-48979 |
|
Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
|
| CVE-2026-52845 |
|
Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-48746 |
|
Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-53538 |
|
Vulnerability in python-multipart (CVE-2026-53538)
vulnerability in python-multipart (CVE-2026-53538). Risk of unauthorized operations or information disclosure. Exploitable via ``QuerystringParser``. Mitigation: upgrade to `0.0.30` or later.
|
| CVE-2026-50020 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-50020)
vulnerability in io.netty:netty-codec-http (CVE-2026-50020). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpObjectDecoder``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-6338 |
|
Vulnerability in CVE-2026-6338 (CVE-2026-6338)
vulnerability in CVE-2026-6338 (CVE-2026-6338). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41853 |
|
Vulnerability in spring (CVE-2026-41853)
vulnerability in spring (CVE-2026-41853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44546 |
|
Vulnerability in djangoproject (CVE-2026-44546)
vulnerability in djangoproject (CVE-2026-44546). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50052 |
|
Vulnerability in CVE-2026-50052 (CVE-2026-50052)
vulnerability in CVE-2026-50052 (CVE-2026-50052). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49753 |
|
Vulnerability in mint (CVE-2026-49753)
vulnerability in mint (CVE-2026-49753). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-45372 |
|
Vulnerability in c (CVE-2026-45372)
vulnerability in c (CVE-2026-45372). Data can be tampered with by attackers. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-6324 |
|
Vulnerability in CVE-2026-6324 (CVE-2026-6324)
vulnerability in CVE-2026-6324 (CVE-2026-6324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47676 |
|
Vulnerability in hono (CVE-2026-47676)
vulnerability in hono (CVE-2026-47676). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.21` or later.
|
| CVE-2026-48710 |
|
Vulnerability in starlette (CVE-2026-48710)
vulnerability in starlette (CVE-2026-48710). Risk of unauthorized operations or information disclosure. Exploitable via `GET /foo`. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-8620 |
|
Vulnerability in ibm (CVE-2026-8620)
vulnerability in ibm (CVE-2026-8620). Confidential information can be exposed externally.
|
| CVE-2026-9170 |
|
Code Injection in dos (CVE-2026-9170)
code injection in dos (CVE-2026-9170). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46342 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-46342)
cross-site scripting in nuxt (CVE-2026-46342). Risk of unauthorized operations or information disclosure. Exploitable via ``props``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-42584 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42584)
vulnerability in io.netty:netty-codec-http (CVE-2026-42584). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42585 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42585)
vulnerability in io.netty:netty-codec-http (CVE-2026-42585). Risk of unauthorized operations or information disclosure. Exploitable via `GET /smuggled`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42580 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42580)
vulnerability in io.netty:netty-codec-http (CVE-2026-42580). Risk of unauthorized operations or information disclosure. Exploitable via `GET /smuggled`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-42581 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-42581)
vulnerability in io.netty:netty-codec-http (CVE-2026-42581). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api`. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-40562 |
|
Vulnerability in kazeburo (CVE-2026-40562)
vulnerability in kazeburo (CVE-2026-40562). Data can be tampered with by attackers.
|
| CVE-2026-41417 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-41417)
vulnerability in io.netty:netty-codec-http (CVE-2026-41417). Risk of unauthorized operations or information disclosure. Exploitable via `POST /s2`. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-33805 |
|
Vulnerability in @fastify/reply-from (CVE-2026-33805)
vulnerability in @fastify/reply-from (CVE-2026-33805). Data can be tampered with by attackers. Exploitable via ``Connection``. Mitigation: upgrade to `12.6.2` or later.
|
| CVE-2026-2332 |
|
Vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332)
vulnerability in org.eclipse.jetty:jetty-http (CVE-2026-2332). Confidential information can be exposed externally. Exploitable via `GET /smuggled`.
|
| CVE-2026-40175 |
|
Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-33870 |
|
Vulnerability in netty (CVE-2026-33870)
vulnerability in netty (CVE-2026-33870). Data can be tampered with by attackers.
|
| CVE-2026-28369 |
|
Vulnerability in io.undertow:undertow-parent (CVE-2026-28369)
vulnerability in io.undertow:undertow-parent (CVE-2026-28369). Confidential information can be exposed externally.
|
| CVE-2026-28368 |
|
Vulnerability in io.undertow:undertow-parent (CVE-2026-28368)
vulnerability in io.undertow:undertow-parent (CVE-2026-28368). Confidential information can be exposed externally.
|
| CVE-2026-28367 |
|
Vulnerability in io.undertow:undertow-parent (CVE-2026-28367)
vulnerability in io.undertow:undertow-parent (CVE-2026-28367). Confidential information can be exposed externally.
|
| CVE-2026-4700 |
|
Vulnerability in mozilla (CVE-2026-4700)
vulnerability in mozilla (CVE-2026-4700). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23941 |
|
Vulnerability in nginx (CVE-2026-23941)
vulnerability in nginx (CVE-2026-23941). Confidential information can be exposed externally.
|
| CVE-2026-20069 |
|
Vulnerability in cisco (CVE-2026-20069)
vulnerability in cisco (CVE-2026-20069). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55018 |
|
Vulnerability in fortinet (CVE-2025-55018)
vulnerability in fortinet (CVE-2025-55018). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14523 |
|
Vulnerability in CVE-2025-14523 (CVE-2025-14523)
vulnerability in CVE-2025-14523 (CVE-2025-14523). Data can be tampered with by attackers. Exploitable via `Host header`.
|
| CVE-2023-48365 KEV |
|
[KEV] Vulnerability in Qlik sense (CVE-2023-48365)
vulnerability in Qlik sense (CVE-2023-48365). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41265 KEV |
|
[KEV] Vulnerability in Qlik sense (CVE-2023-41265)
vulnerability in Qlik sense (CVE-2023-41265). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22536 KEV |
|
[KEV] Vulnerability in Sap multiple-products (CVE-2022-22536)
vulnerability in Sap multiple-products (CVE-2022-22536). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-41442 |
|
Vulnerability in dos (CVE-2021-41442)
vulnerability in dos (CVE-2021-41442). Risk of unauthorized operations or information disclosure.
|