Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-55660 |
|
Cross-Site Scripting (XSS) in tinacms (CVE-2026-55660)
cross-site scripting in tinacms (CVE-2026-55660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-54106 |
|
Vulnerability in CVE-2026-54106 (CVE-2026-54106)
vulnerability in CVE-2026-54106 (CVE-2026-54106). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6734 |
|
Vulnerability in undici (CVE-2026-6734)
vulnerability in undici (CVE-2026-6734). Successful exploitation can lead to full system takeover. Exploitable via ``Socks5ProxyAgent``. Mitigation: upgrade to `8.2.0` or later.
|
| CVE-2026-48745 |
|
Vulnerability in CVE-2026-48745 (CVE-2026-48745)
vulnerability in CVE-2026-48745 (CVE-2026-48745). Confidential information can be exposed externally.
|
| CVE-2026-44894 |
|
Vulnerability in io.netty:netty-codec-classes-quic (CVE-2026-44894)
vulnerability in io.netty:netty-codec-classes-quic (CVE-2026-44894). Data can be tampered with by attackers. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-44698 |
|
Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
|
| CVE-2026-2611 |
|
Vulnerability in mlflow (CVE-2026-2611)
vulnerability in mlflow (CVE-2026-2611). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.10.0` or later.
|
| CVE-2026-45245 |
|
SSRF (Server-Side Request Forgery) in @steipete/summarize (CVE-2026-45245)
SSRF in @steipete/summarize (CVE-2026-45245). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.1` or later.
|
| CVE-2026-45353 |
|
Code Injection in electerm (CVE-2026-45353)
code injection in electerm (CVE-2026-45353). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.0` or later.
|
| CVE-2026-43880 |
|
Vulnerability in wwbn/avideo (CVE-2026-43880)
vulnerability in wwbn/avideo (CVE-2026-43880). Risk of unauthorized operations or information disclosure. Exploitable via `POST /objects/sendEmail.json.php`.
|
| CVE-2026-23866 |
|
Vulnerability in whatsapp (CVE-2026-23866)
vulnerability in whatsapp (CVE-2026-23866). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62439 |
|
Vulnerability in CVE-2025-62439 (CVE-2025-62439)
vulnerability in CVE-2025-62439 (CVE-2025-62439). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61932 KEV |
|
[KEV] Vulnerability in Motex lanscope-endpoint-manager (CVE-2025-61932)
vulnerability in Motex lanscope-endpoint-manager (CVE-2025-61932). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-38886 |
|
Vulnerability in horizoncloud (CVE-2024-38886)
vulnerability in horizoncloud (CVE-2024-38886). Successful exploitation can lead to full system takeover.
|
| CVE-2022-0028 KEV |
|
[KEV] Vulnerability in Palo alto networks palo-alto-networks (CVE-2022-0028)
vulnerability in Palo alto networks palo-alto-networks (CVE-2022-0028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|