Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-34592 Vulnerability in CVE-2026-34592 (CVE-2026-34592)
vulnerability in CVE-2026-34592 (CVE-2026-34592). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.0-beta.471` or later.
CVE-2026-55957 Vulnerability in apache (CVE-2026-55957)
vulnerability in apache (CVE-2026-55957). Risk of unauthorized operations or information disclosure.
CVE-2026-53404 Vulnerability in apache (CVE-2026-53404)
vulnerability in apache (CVE-2026-53404). Risk of unauthorized operations or information disclosure.
CVE-2026-41896 Authentication Bypass in CVE-2026-41896 (CVE-2026-41896)
authentication bypass in CVE-2026-41896 (CVE-2026-41896). Data can be tampered with by attackers. Mitigation: upgrade to `4.0.0-beta.474` or later.
CVE-2026-34597 OS Command Injection in CVE-2026-34597 (CVE-2026-34597)
OS command injection in CVE-2026-34597 (CVE-2026-34597). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.470` or later.
CVE-2026-34594 OS Command Injection in CVE-2026-34594 (CVE-2026-34594)
OS command injection in CVE-2026-34594 (CVE-2026-34594). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.0-beta.471` or later.
CVE-2026-57919 Vulnerability in privilege-escalation (CVE-2026-57919)
vulnerability in privilege-escalation (CVE-2026-57919). Successful exploitation can lead to full system takeover.
CVE-2026-56018 Vulnerability in dos (CVE-2026-56018)
vulnerability in dos (CVE-2026-56018). Risk of unauthorized operations or information disclosure.
CVE-2026-56017 Out-of-Bounds Read in dos (CVE-2026-56017)
vulnerability in dos (CVE-2026-56017). Risk of unauthorized operations or information disclosure.
CVE-2026-43735 Cross-Site Request Forgery (CSRF) in apple (CVE-2026-43735)
vulnerability in apple (CVE-2026-43735). Confidential information can be exposed externally.
CVE-2026-43731 Use-After-Free in apple (CVE-2026-43731)
vulnerability in apple (CVE-2026-43731). Successful exploitation can lead to full system takeover.
CVE-2026-43725 Vulnerability in apple (CVE-2026-43725)
vulnerability in apple (CVE-2026-43725). Risk of unauthorized operations or information disclosure.
CVE-2026-43724 Vulnerability in apple (CVE-2026-43724)
vulnerability in apple (CVE-2026-43724). Successful exploitation can lead to full system takeover.
CVE-2026-43715 Use-After-Free in apple (CVE-2026-43715)
vulnerability in apple (CVE-2026-43715). Successful exploitation can lead to full system takeover.
CVE-2026-43705 Vulnerability in apple (CVE-2026-43705)
vulnerability in apple (CVE-2026-43705). Successful exploitation can lead to full system takeover.
CVE-2026-43701 Vulnerability in apple (CVE-2026-43701)
vulnerability in apple (CVE-2026-43701). Risk of unauthorized operations or information disclosure.
CVE-2026-58000 OS Command Injection in CVE-2026-58000 (CVE-2026-58000)
OS command injection in CVE-2026-58000 (CVE-2026-58000). Successful exploitation can lead to full system takeover.
CVE-2026-57999 OS Command Injection in CVE-2026-57999 (CVE-2026-57999)
OS command injection in CVE-2026-57999 (CVE-2026-57999). Successful exploitation can lead to full system takeover.
CVE-2026-57950 ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook...
CVE-2026-57955 SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
CVE-2026-56285 Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
CVE-2026-56780 Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
Modoboa before 2.9.0 contains an insecure direct object reference vulnerability in the PUT /api...
CVE-2026-13592 Buffer Overflow in CVE-2026-13592 (CVE-2026-13592)
vulnerability in CVE-2026-13592 (CVE-2026-13592). Risk of unauthorized operations or information disclosure.
CVE-2026-36848 Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
CVE-2026-12912 Vulnerability in dos (CVE-2026-12912)
vulnerability in dos (CVE-2026-12912). Successful exploitation can lead to full system takeover.
CVE-2026-41052 Vulnerability in github.com/rancher/rancher (CVE-2026-41052)
vulnerability in github.com/rancher/rancher (CVE-2026-41052). Successful exploitation can lead to full system takeover. Exploitable via ``privileged``. Mitigation: upgrade to `0.0.0-20260513182521-2800aaac25b5` or later.
CVE-2026-13749 Code Injection in snowflake (CVE-2026-13749)
code injection in snowflake (CVE-2026-13749). Successful exploitation can lead to full system takeover.
CVE-2026-13744 SQL Injection in snowflake (CVE-2026-13744)
SQL injection in snowflake (CVE-2026-13744). Successful exploitation can lead to full system takeover.
CVE-2026-13583 Buffer Overflow in CVE-2026-13583 (CVE-2026-13583)
vulnerability in CVE-2026-13583 (CVE-2026-13583). Successful exploitation can lead to full system takeover.
CVE-2026-13582 Buffer Overflow in CVE-2026-13582 (CVE-2026-13582)
vulnerability in CVE-2026-13582 (CVE-2026-13582). Successful exploitation can lead to full system takeover.
CVE-2026-13580 Buffer Overflow in CVE-2026-13580 (CVE-2026-13580)
vulnerability in CVE-2026-13580 (CVE-2026-13580). Successful exploitation can lead to full system takeover.
CVE-2026-57338 Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions.
CVE-2026-57336 Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions.
CVE-2026-57337 Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
CVE-2026-57333 Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions.
CVE-2026-57332 Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
CVE-2026-57320 Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
CVE-2026-56124 Vulnerability in CVE-2026-56124 (CVE-2026-56124)
vulnerability in CVE-2026-56124 (CVE-2026-56124). Confidential information can be exposed externally.
CVE-2026-49049 Vulnerability in ollyo (CVE-2026-49049)
vulnerability in ollyo (CVE-2026-49049). Data can be tampered with by attackers.
CVE-2026-55844 Vulnerability in CVE-2026-55844 (CVE-2026-55844)
vulnerability in CVE-2026-55844 (CVE-2026-55844). Confidential information can be exposed externally. Mitigation: upgrade to `2025.5.0` or later.
CVE-2026-55607 Path Traversal in anthropic (CVE-2026-55607)
path traversal in anthropic (CVE-2026-55607). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.163` or later.
CVE-2026-54371 Vulnerability in privilege-escalation (CVE-2026-54371)
vulnerability in privilege-escalation (CVE-2026-54371). Confidential information can be exposed externally.
CVE-2026-54369 Vulnerability in privilege-escalation (CVE-2026-54369)
vulnerability in privilege-escalation (CVE-2026-54369). Confidential information can be exposed externally.
CVE-2026-40524 SQL Injection in sqli (CVE-2026-40524)
SQL injection in sqli (CVE-2026-40524). Confidential information can be exposed externally.
CVE-2026-40523 SQL Injection in sqli (CVE-2026-40523)
SQL injection in sqli (CVE-2026-40523). Confidential information can be exposed externally.
CVE-2026-40522 SQL Injection in sqli (CVE-2026-40522)
SQL injection in sqli (CVE-2026-40522). Confidential information can be exposed externally.
CVE-2026-40521 Path Traversal in path-traversal (CVE-2026-40521)
path traversal in path-traversal (CVE-2026-40521). Successful exploitation can lead to full system takeover.
CVE-2026-13676 Vulnerability in openjsf (CVE-2026-13676)
vulnerability in openjsf (CVE-2026-13676). Data can be tampered with by attackers.
CVE-2026-13568 Vulnerability in CVE-2026-13568 (CVE-2026-13568)
vulnerability in CVE-2026-13568 (CVE-2026-13568). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →