Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-1188 Clear
ID Title
CVE-2026-14474 Vulnerability in CVE-2026-14474 (CVE-2026-14474)
vulnerability in CVE-2026-14474 (CVE-2026-14474). Successful exploitation can lead to full system takeover.
CVE-2026-56285 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
CVE-2026-46386 Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
CVE-2026-55454 Vulnerability in ssrf (CVE-2026-55454)
vulnerability in ssrf (CVE-2026-55454). Successful exploitation can lead to full system takeover. Exploitable via `POST /load`. Mitigation: upgrade to `2.1` or later.
CVE-2026-54158 Cross-Site Scripting (XSS) in CVE-2026-54158 (CVE-2026-54158)
cross-site scripting in CVE-2026-54158 (CVE-2026-54158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-54067 Cross-Site Scripting (XSS) in CVE-2026-54067 (CVE-2026-54067)
cross-site scripting in CVE-2026-54067 (CVE-2026-54067). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-54066 Path Traversal in path-traversal (CVE-2026-54066)
path traversal in path-traversal (CVE-2026-54066). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-48509 Vulnerability in MessagePack (CVE-2026-48509)
vulnerability in MessagePack (CVE-2026-48509). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializerOptions.Standard``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48502 Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-50519 Vulnerability in microsoft (CVE-2026-50519)
vulnerability in microsoft (CVE-2026-50519). Confidential information can be exposed externally.
CVE-2026-20265 Vulnerability in splunk (CVE-2026-20265)
vulnerability in splunk (CVE-2026-20265). Risk of unauthorized operations or information disclosure.
CVE-2026-0134 Vulnerability in cpp (CVE-2026-0134)
vulnerability in cpp (CVE-2026-0134). Risk of unauthorized operations or information disclosure.
CVE-2026-9262 Vulnerability in canon (CVE-2026-9262)
vulnerability in canon (CVE-2026-9262). Confidential information can be exposed externally.
CVE-2026-54359 Cross-Site Request Forgery (CSRF) in CVE-2026-54359 (CVE-2026-54359)
vulnerability in CVE-2026-54359 (CVE-2026-54359). Risk of unauthorized operations or information disclosure.
CVE-2026-40994 Vulnerability in CVE-2026-40994 (CVE-2026-40994)
vulnerability in CVE-2026-40994 (CVE-2026-40994). Data can be tampered with by attackers.
CVE-2026-44892 Vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892). Risk of unauthorized operations or information disclosure. Exploitable via ``Http3ConnectionHandler``. Mitigation: upgrade to `4.2.15.Final` or later.
CVE-2026-36612 Vulnerability in CVE-2026-36612 (CVE-2026-36612)
vulnerability in CVE-2026-36612 (CVE-2026-36612). Confidential information can be exposed externally.
CVE-2026-36616 Vulnerability in CVE-2026-36616 (CVE-2026-36616)
vulnerability in CVE-2026-36616 (CVE-2026-36616). Confidential information can be exposed externally.
CVE-2026-44825 Vulnerability in solr (CVE-2026-44825)
vulnerability in solr (CVE-2026-44825). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.0.0` or later.
CVE-2026-9039 Vulnerability in CVE-2026-9039 (CVE-2026-9039)
vulnerability in CVE-2026-9039 (CVE-2026-9039). Risk of unauthorized operations or information disclosure.
CVE-2026-24197 Vulnerability in dos (CVE-2026-24197)
vulnerability in dos (CVE-2026-24197). Risk of unauthorized operations or information disclosure.
CVE-2026-46517 Code Injection in lmdeploy (CVE-2026-46517)
code injection in lmdeploy (CVE-2026-46517). Successful exploitation can lead to full system takeover. Exploitable via ``get_model_arch``.
CVE-2026-35672 Vulnerability in thorsten/phpmyfaq (CVE-2026-35672)
vulnerability in thorsten/phpmyfaq (CVE-2026-35672). Data can be tampered with by attackers. Exploitable via `POST /api/v4.0/faq/create`. Mitigation: upgrade to `4.1.3` or later.
CVE-2026-46430 Vulnerability in github.com/xyproto/algernon (CVE-2026-46430)
vulnerability in github.com/xyproto/algernon (CVE-2026-46430). Risk of unauthorized operations or information disclosure. Exploitable via ``http.Server.Addr``. Mitigation: upgrade to `1.17.7` or later.
CVE-2026-45728 Vulnerability in github.com/xyproto/algernon (CVE-2026-45728)
vulnerability in github.com/xyproto/algernon (CVE-2026-45728). Confidential information can be exposed externally. Exploitable via ``singleFileMode``. Mitigation: upgrade to `1.17.7` or later.
CVE-2026-33376 Vulnerability in grafana (CVE-2026-33376)
vulnerability in grafana (CVE-2026-33376). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
CVE-2026-43892 Cross-Site Scripting (XSS) in CVE-2026-43892 (CVE-2026-43892)
cross-site scripting in CVE-2026-43892 (CVE-2026-43892). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.16` or later.
CVE-2026-30805 Vulnerability in artica (CVE-2026-30805)
vulnerability in artica (CVE-2026-30805). Confidential information can be exposed externally.
CVE-2026-6866 Vulnerability in schneider-electric (CVE-2026-6866)
vulnerability in schneider-electric (CVE-2026-6866). Confidential information can be exposed externally.
CVE-2026-27662 Vulnerability in CVE-2026-27662 (CVE-2026-27662)
vulnerability in CVE-2026-27662 (CVE-2026-27662). Data can be tampered with by attackers.
CVE-2026-41432 Vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432)
vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432). Data can be tampered with by attackers. Exploitable via `POST /api/user/pay`. Mitigation: upgrade to `0.12.10` or later.
CVE-2026-44588 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588). Risk of unauthorized operations or information disclosure. Exploitable via ``getAttribute``.
CVE-2026-44670 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670). Risk of unauthorized operations or information disclosure. Exploitable via ``outerHTML``. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
CVE-2026-44338 Vulnerability in PraisonAI (CVE-2026-44338)
vulnerability in PraisonAI (CVE-2026-44338). Risk of unauthorized operations or information disclosure. Exploitable via `POST /chat`. Mitigation: upgrade to `4.6.34` or later.
CVE-2025-31974 Vulnerability in hcltech (CVE-2025-31974)
vulnerability in hcltech (CVE-2025-31974). Risk of unauthorized operations or information disclosure.
CVE-2026-34780 Vulnerability in electronjs (CVE-2026-34780)
vulnerability in electronjs (CVE-2026-34780). Successful exploitation can lead to full system takeover.
CVE-2026-34742 Vulnerability in lfprojects (CVE-2026-34742)
vulnerability in lfprojects (CVE-2026-34742). Confidential information can be exposed externally.
CVE-2026-32305 Authentication Bypass in traefik (CVE-2026-32305)
authentication bypass in traefik (CVE-2026-32305). Risk of unauthorized operations or information disclosure.
CVE-2025-44647 Vulnerability in trendnet (CVE-2025-44647)
vulnerability in trendnet (CVE-2025-44647). Risk of unauthorized operations or information disclosure.
CVE-2025-48927 KEV [KEV] Vulnerability in Telemessage tm-sgnl (CVE-2025-48927)
vulnerability in Telemessage tm-sgnl (CVE-2025-48927). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-27809 Vulnerability in arm (CVE-2025-27809)
vulnerability in arm (CVE-2025-27809). Risk of unauthorized operations or information disclosure.
CVE-2023-27524 KEV [KEV] Vulnerability in Apache superset (CVE-2023-27524)
vulnerability in Apache superset (CVE-2023-27524). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-6448 KEV [KEV] Vulnerability in Unitronics vision-plc-and-hmi (CVE-2023-6448)
vulnerability in Unitronics vision-plc-and-hmi (CVE-2023-6448). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-24706 KEV [KEV] Vulnerability in Apache couchdb (CVE-2022-24706)
vulnerability in Apache couchdb (CVE-2022-24706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-13927 KEV [KEV] Vulnerability in Apache airflows-experimental-api (CVE-2020-13927)
vulnerability in Apache airflows-experimental-api (CVE-2020-13927). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-34203 Vulnerability in dlink (CVE-2021-34203)
vulnerability in dlink (CVE-2021-34203). Confidential information can be exposed externally.
CVE-2017-12736 Vulnerability in siemens (CVE-2017-12736)
vulnerability in siemens (CVE-2017-12736). Successful exploitation can lead to full system takeover.
CVE-2017-8039 Vulnerability in pivotal (CVE-2017-8039)
vulnerability in pivotal (CVE-2017-8039). Data can be tampered with by attackers.
CVE-2017-12739 Vulnerability in siemens (CVE-2017-12739)
vulnerability in siemens (CVE-2017-12739). Successful exploitation can lead to full system takeover.
CVE-2017-8021 Vulnerability in dell (CVE-2017-8021)
vulnerability in dell (CVE-2017-8021). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →