Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12127 |
|
Vulnerability in wordpress (CVE-2026-12127)
vulnerability in wordpress (CVE-2026-12127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57281 |
|
Vulnerability in jenkins (CVE-2026-57281)
vulnerability in jenkins (CVE-2026-57281). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11373 |
|
Vulnerability in CVE-2026-11373 (CVE-2026-11373)
vulnerability in CVE-2026-11373 (CVE-2026-11373). Confidential information can be exposed externally.
|
| CVE-2026-55766 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-55766)
vulnerability in guzzlehttp/psr7 (CVE-2026-55766). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `2.12.1` or later.
|
| CVE-2026-55603 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55603)
vulnerability in http-proxy-middleware (CVE-2026-55603). Data can be tampered with by attackers. Exploitable via ``req.body``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-9679 |
|
Vulnerability in undici (CVE-2026-9679)
vulnerability in undici (CVE-2026-9679). Data can be tampered with by attackers. Exploitable via ``parseSetCookie``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-50269 |
|
Vulnerability in aiohttp (CVE-2026-50269)
vulnerability in aiohttp (CVE-2026-50269). Risk of unauthorized operations or information disclosure. Exploitable via ``Payload.headers``. Mitigation: upgrade to `3.14.0` or later.
|
| CVE-2026-12143 |
|
Vulnerability in form-data (CVE-2026-12143)
vulnerability in form-data (CVE-2026-12143). Data can be tampered with by attackers. Exploitable via ``field``. Mitigation: upgrade to `4.0.6` or later.
|
| CVE-2026-50629 |
|
Vulnerability in apache (CVE-2026-50629)
vulnerability in apache (CVE-2026-50629). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49214 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-49214)
vulnerability in guzzlehttp/psr7 (CVE-2026-49214). Risk of unauthorized operations or information disclosure. Exploitable via ``Uri``. Mitigation: upgrade to `2.10.2` or later.
|
| CVE-2026-50637 |
|
Vulnerability in pevans (CVE-2026-50637)
vulnerability in pevans (CVE-2026-50637). Data can be tampered with by attackers.
|
| CVE-2026-50638 |
|
Vulnerability in pevans (CVE-2026-50638)
vulnerability in pevans (CVE-2026-50638). Confidential information can be exposed externally.
|
| CVE-2026-50639 |
|
Vulnerability in pevans (CVE-2026-50639)
vulnerability in pevans (CVE-2026-50639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47242 |
|
Command Injection in net-imap (CVE-2026-47242)
command injection in net-imap (CVE-2026-47242). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.5.15` or later.
|
| CVE-2026-47240 |
|
Command Injection in net-imap (CVE-2026-47240)
command injection in net-imap (CVE-2026-47240). Risk of unauthorized operations or information disclosure. Exploitable via ``IMAP4rev2``. Mitigation: upgrade to `0.5.15` or later.
|
| CVE-2026-49756 |
|
Vulnerability in req (CVE-2026-49756)
vulnerability in req (CVE-2026-49756). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.0` or later.
|
| CVE-2026-11362 |
|
Vulnerability in binary (CVE-2026-11362)
vulnerability in binary (CVE-2026-11362). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9270 |
|
Vulnerability in binary (CVE-2026-9270)
vulnerability in binary (CVE-2026-9270). Confidential information can be exposed externally.
|
| CVE-2026-50292 |
|
Vulnerability in freedesktop (CVE-2026-50292)
vulnerability in freedesktop (CVE-2026-50292). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46741 |
|
Vulnerability in sanbeg (CVE-2026-46741)
vulnerability in sanbeg (CVE-2026-46741). Data can be tampered with by attackers.
|
| CVE-2026-46739 |
|
Vulnerability in cosimo (CVE-2026-46739)
vulnerability in cosimo (CVE-2026-46739). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8722 |
|
Vulnerability in team (CVE-2026-8722)
vulnerability in team (CVE-2026-8722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48861 |
|
Vulnerability in mint (CVE-2026-48861)
vulnerability in mint (CVE-2026-48861). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-45372 |
|
Vulnerability in c (CVE-2026-45372)
vulnerability in c (CVE-2026-45372). Data can be tampered with by attackers. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-49130 |
|
Vulnerability in CVE-2026-49130 (CVE-2026-49130)
vulnerability in CVE-2026-49130 (CVE-2026-49130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46740 |
|
Vulnerability in CVE-2026-46740 (CVE-2026-46740)
vulnerability in CVE-2026-46740 (CVE-2026-46740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47072 |
|
Vulnerability in hackney (CVE-2026-47072)
vulnerability in hackney (CVE-2026-47072). Data can be tampered with by attackers. Exploitable via `Host header`. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47075 |
|
Vulnerability in hackney (CVE-2026-47075)
vulnerability in hackney (CVE-2026-47075). Data can be tampered with by attackers. Exploitable via ``Authorization``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-47069 |
|
Vulnerability in hackney (CVE-2026-47069)
vulnerability in hackney (CVE-2026-47069). Risk of unauthorized operations or information disclosure. Exploitable via ``Name``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-8788 |
|
Vulnerability in CVE-2026-8788 (CVE-2026-8788)
vulnerability in CVE-2026-8788 (CVE-2026-8788). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46720 |
|
Vulnerability in CVE-2026-46720 (CVE-2026-46720)
vulnerability in CVE-2026-46720 (CVE-2026-46720). Data can be tampered with by attackers.
|
| CVE-2026-46719 |
|
Vulnerability in CVE-2026-46719 (CVE-2026-46719)
vulnerability in CVE-2026-46719 (CVE-2026-46719). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32993 |
|
Vulnerability in CVE-2026-32993 (CVE-2026-32993)
vulnerability in CVE-2026-32993 (CVE-2026-32993). Risk of unauthorized operations or information disclosure. Exploitable via ``status``.
|
| CVE-2026-42578 |
|
Vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578)
vulnerability in io.netty:netty-handler-proxy (CVE-2026-42578). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.proxy.HttpProxyHandler``. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-35504 |
|
Vulnerability in CVE-2026-35504 (CVE-2026-35504)
vulnerability in CVE-2026-35504 (CVE-2026-35504). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44217 |
|
Vulnerability in sse-channel (CVE-2026-44217)
vulnerability in sse-channel (CVE-2026-44217). Risk of unauthorized operations or information disclosure. Exploitable via ``event``. Mitigation: upgrade to `4.0.1` or later.
|
| CVE-2026-43968 |
|
Vulnerability in cowlib (CVE-2026-43968)
vulnerability in cowlib (CVE-2026-43968). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.16.1` or later.
|
| CVE-2026-43969 |
|
Vulnerability in cowlib (CVE-2026-43969)
vulnerability in cowlib (CVE-2026-43969). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42257 |
|
Command Injection in net-imap (CVE-2026-42257)
command injection in net-imap (CVE-2026-42257). Successful exploitation can lead to full system takeover. Exploitable via ``CRLF``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-42258 |
|
Command Injection in net-imap (CVE-2026-42258)
command injection in net-imap (CVE-2026-42258). Data can be tampered with by attackers. Exploitable via ``flag``. Mitigation: upgrade to `0.4.24` or later.
|
| CVE-2026-44214 |
|
Vulnerability in eventsource-encoder (CVE-2026-44214)
vulnerability in eventsource-encoder (CVE-2026-44214). Risk of unauthorized operations or information disclosure. Exploitable via ``event``. Mitigation: upgrade to `1.0.2` or later.
|
| CVE-2026-41570 |
|
Vulnerability in phpunit/phpunit (CVE-2026-41570)
vulnerability in phpunit/phpunit (CVE-2026-41570). Successful exploitation can lead to full system takeover. Exploitable via ``auto_prepend_file``. Mitigation: upgrade to `13.1.6` or later.
|
| CVE-2026-42586 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-42586)
vulnerability in io.netty:netty-codec-redis (CVE-2026-42586). Data can be tampered with by attackers. Exploitable via ``io.netty.handler.codec.redis.RedisEncoder``. Mitigation: upgrade to `4.1.133.Final` or later.
|
| CVE-2026-43882 |
|
Vulnerability in wwbn/avideo (CVE-2026-43882)
vulnerability in wwbn/avideo (CVE-2026-43882). Risk of unauthorized operations or information disclosure. Exploitable via ``title``.
|
| CVE-2026-39849 |
|
Vulnerability in pi-hole (CVE-2026-39849)
vulnerability in pi-hole (CVE-2026-39849). Successful exploitation can lead to full system takeover. Exploitable via ``dns.interface``.
|
| CVE-2026-41417 |
|
Vulnerability in io.netty:netty-codec-http (CVE-2026-41417)
vulnerability in io.netty:netty-codec-http (CVE-2026-41417). Risk of unauthorized operations or information disclosure. Exploitable via `POST /s2`. Mitigation: upgrade to `4.2.13.Final` or later.
|
| CVE-2026-5140 |
|
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM...
|
| CVE-2026-6351 |
|
Vulnerability in CVE-2026-6351 (CVE-2026-6351)
vulnerability in CVE-2026-6351 (CVE-2026-6351). Confidential information can be exposed externally.
|
| CVE-2026-1502 |
|
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
|
| CVE-2026-39983 |
|
Vulnerability in patrickjuchli (CVE-2026-39983)
vulnerability in patrickjuchli (CVE-2026-39983). Data can be tampered with by attackers. Mitigation: upgrade to `5.2.1` or later.
|