Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54477 |
|
Vulnerability in CVE-2026-54477 (CVE-2026-54477)
vulnerability in CVE-2026-54477 (CVE-2026-54477). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-51454 |
|
Vulnerability in ibm (CVE-2024-51454)
vulnerability in ibm (CVE-2024-51454). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2026-55791 |
|
Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
cross-site scripting in craftcms/cms (CVE-2026-55791). Risk of unauthorized operations or information disclosure. Exploitable via ``trustedHosts``. Mitigation: upgrade to `4.18` or later.
|
| CVE-2026-10836 |
|
Vulnerability in CVE-2026-10836 (CVE-2026-10836)
vulnerability in CVE-2026-10836 (CVE-2026-10836). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2026-4096 |
|
Vulnerability in ibm (CVE-2026-4096)
vulnerability in ibm (CVE-2026-4096). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2026-48126 |
|
Path Traversal in github.com/xyproto/algernon (CVE-2026-48126)
path traversal in github.com/xyproto/algernon (CVE-2026-48126). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `1.17.8` or later.
|
| CVE-2026-33805 |
|
Vulnerability in @fastify/reply-from (CVE-2026-33805)
vulnerability in @fastify/reply-from (CVE-2026-33805). Data can be tampered with by attackers. Exploitable via ``Connection``. Mitigation: upgrade to `12.6.2` or later.
|
| CVE-2017-6031 |
|
Vulnerability in certec-edv-gmbh (CVE-2017-6031)
vulnerability in certec-edv-gmbh (CVE-2017-6031). Successful exploitation can lead to full system takeover.
|