Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-27424 |
|
Vulnerability in CVE-2026-27424 (CVE-2026-27424)
vulnerability in CVE-2026-27424 (CVE-2026-27424). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44392 |
|
Vulnerability in jvn (CVE-2026-44392)
vulnerability in jvn (CVE-2026-44392). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5200 |
|
Vulnerability in wordpress (CVE-2026-5200)
vulnerability in wordpress (CVE-2026-5200). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15369 |
|
Vulnerability in wordpress (CVE-2025-15369)
vulnerability in wordpress (CVE-2025-15369). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8610 |
|
Vulnerability in wordpress (CVE-2026-8610)
vulnerability in wordpress (CVE-2026-8610). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34358 |
|
Vulnerability in privilege-escalation (CVE-2026-34358)
vulnerability in privilege-escalation (CVE-2026-34358). Confidential information can be exposed externally.
|
| CVE-2026-34233 |
|
Vulnerability in CVE-2026-34233 (CVE-2026-34233)
vulnerability in CVE-2026-34233 (CVE-2026-34233). Confidential information can be exposed externally.
|
| CVE-2026-8096 |
|
Vulnerability in wordpress (CVE-2026-8096)
vulnerability in wordpress (CVE-2026-8096). Confidential information can be exposed externally.
|
| CVE-2026-34154 |
|
Vulnerability in discourse (CVE-2026-34154)
vulnerability in discourse (CVE-2026-34154). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.1.4, 2026.3.1, 2026.4.1` or later.
|
| CVE-2026-47100 |
|
Vulnerability in CVE-2026-47100 (CVE-2026-47100)
vulnerability in CVE-2026-47100 (CVE-2026-47100). Data can be tampered with by attackers.
|
| CVE-2026-45442 |
|
Vulnerability in CVE-2026-45442 (CVE-2026-45442)
vulnerability in CVE-2026-45442 (CVE-2026-45442). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33514 |
|
Vulnerability in discourse (CVE-2026-33514)
vulnerability in discourse (CVE-2026-33514). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.1.4, 2026.3.1, 2026.4.1` or later.
|
| CVE-2026-32312 |
|
Vulnerability in glpi-project (CVE-2026-32312)
vulnerability in glpi-project (CVE-2026-32312). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30950 |
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
|
| CVE-2026-45244 |
|
Vulnerability in @steipete/summarize (CVE-2026-45244)
vulnerability in @steipete/summarize (CVE-2026-45244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-45242 |
|
Vulnerability in @steipete/summarize (CVE-2026-45242)
vulnerability in @steipete/summarize (CVE-2026-45242). Data can be tampered with by attackers. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-45243 |
|
Vulnerability in @steipete/summarize (CVE-2026-45243)
vulnerability in @steipete/summarize (CVE-2026-45243). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-45625 |
|
Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625). Successful exploitation can lead to full system takeover. Exploitable via `PUT /customize/git-repositories/{id}`. Mitigation: upgrade to `1.19.0` or later.
|
| CVE-2026-3117 |
|
Vulnerability in mattermost (CVE-2026-3117)
vulnerability in mattermost (CVE-2026-3117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5163 |
|
Vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-5163)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-5163). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.0-20260401090745-f4d1abe7e8f5` or later.
|
| CVE-2026-3637 |
|
Vulnerability in github.com/mattermost/mattermost/server/public (CVE-2026-3637)
vulnerability in github.com/mattermost/mattermost/server/public (CVE-2026-3637). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
|
| CVE-2026-1631 |
|
Vulnerability in wordpress (CVE-2026-1631)
vulnerability in wordpress (CVE-2026-1631). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-4202 |
|
Vulnerability in wordpress (CVE-2025-4202)
vulnerability in wordpress (CVE-2025-4202). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8681 |
|
Vulnerability in wordpress (CVE-2026-8681)
vulnerability in wordpress (CVE-2026-8681). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46365 |
|
Vulnerability in phpMyFAQ/phpMyFAQ (CVE-2026-46365)
vulnerability in phpMyFAQ/phpMyFAQ (CVE-2026-46365). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /admin/api/content/tags/{tagId}`. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-45007 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-45007)
vulnerability in thorsten/phpmyfaq (CVE-2026-45007). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationTabController.php``. Mitigation: upgrade to `4.1.2` or later.
|
| CVE-2026-44718 |
|
Vulnerability in CVE-2026-44718 (CVE-2026-44718)
vulnerability in CVE-2026-44718 (CVE-2026-44718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.10.0` or later.
|
| CVE-2026-44719 |
|
Vulnerability in CVE-2026-44719 (CVE-2026-44719)
vulnerability in CVE-2026-44719 (CVE-2026-44719). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.10.0` or later.
|
| CVE-2026-45717 |
|
Vulnerability in @budibase/server (CVE-2026-45717)
vulnerability in @budibase/server (CVE-2026-45717). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/datasources/`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-2031 |
|
Vulnerability in CVE-2026-2031 (CVE-2026-2031)
vulnerability in CVE-2026-2031 (CVE-2026-2031). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4683 |
|
Vulnerability in wordpress (CVE-2026-4683)
vulnerability in wordpress (CVE-2026-4683). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7563 |
|
Vulnerability in wordpress (CVE-2026-7563)
vulnerability in wordpress (CVE-2026-7563). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4094 |
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
| CVE-2026-8547 |
|
Vulnerability in privilege-escalation (CVE-2026-8547)
vulnerability in privilege-escalation (CVE-2026-8547). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45667 |
|
Vulnerability in open-webui (CVE-2026-45667)
vulnerability in open-webui (CVE-2026-45667). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-45399 |
|
Vulnerability in open-webui (CVE-2026-45399)
vulnerability in open-webui (CVE-2026-45399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/tasks`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45395 |
|
Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
|
| CVE-2026-45350 |
|
Vulnerability in open-webui (CVE-2026-45350)
vulnerability in open-webui (CVE-2026-45350). Confidential information can be exposed externally. Exploitable via ``tool_id``. Mitigation: upgrade to `0.8.6` or later.
|
| CVE-2026-44592 |
|
Vulnerability in CVE-2026-44592 (CVE-2026-44592)
vulnerability in CVE-2026-44592 (CVE-2026-44592). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.1` or later.
|
| CVE-2026-41315 |
|
OS Command Injection in midoks (CVE-2026-41315)
OS command injection in midoks (CVE-2026-41315). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44884 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44884)
vulnerability in github.com/portainer/portainer (CVE-2026-44884). Confidential information can be exposed externally. Exploitable via `GET /api/custom_templates/{id}/file`. Mitigation: upgrade to `2.39.1` or later.
|
| CVE-2026-44849 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44849)
vulnerability in github.com/portainer/portainer (CVE-2026-44849). Successful exploitation can lead to full system takeover. Exploitable via `POST /services/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44848 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44848)
vulnerability in github.com/portainer/portainer (CVE-2026-44848). Successful exploitation can lead to full system takeover. Exploitable via `POST /plugins/pull`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-46444 |
|
Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-6472 |
|
Vulnerability in postgresql (CVE-2026-6472)
vulnerability in postgresql (CVE-2026-6472). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.23.0, 15.18.0, 16.14.0, 17.10.0, 18.4.0` or later.
|
| CVE-2026-44482 |
|
Vulnerability in CVE-2026-44482 (CVE-2026-44482)
vulnerability in CVE-2026-44482 (CVE-2026-44482). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.8` or later.
|
| CVE-2026-4029 |
|
Vulnerability in wordpress (CVE-2026-4029)
vulnerability in wordpress (CVE-2026-4029). Confidential information can be exposed externally.
|
| CVE-2026-4030 |
|
Vulnerability in wordpress (CVE-2026-4030)
vulnerability in wordpress (CVE-2026-4030). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4031 |
|
Vulnerability in wordpress (CVE-2026-4031)
vulnerability in wordpress (CVE-2026-4031). Confidential information can be exposed externally.
|
| CVE-2026-6512 |
|
Vulnerability in wordpress (CVE-2026-6512)
vulnerability in wordpress (CVE-2026-6512). Confidential information can be exposed externally.
|