Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-28262 |
|
Vulnerability in CVE-2026-28262 (CVE-2026-28262)
vulnerability in CVE-2026-28262 (CVE-2026-28262). Data can be tampered with by attackers.
|
| CVE-2026-11322 |
|
Vulnerability in path-traversal (CVE-2026-11322)
vulnerability in path-traversal (CVE-2026-11322). Confidential information can be exposed externally.
|
| CVE-2026-42795 |
|
Vulnerability in CVE-2026-42795 (CVE-2026-42795)
vulnerability in CVE-2026-42795 (CVE-2026-42795). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49135 |
|
Vulnerability in CVE-2026-49135 (CVE-2026-49135)
vulnerability in CVE-2026-49135 (CVE-2026-49135). Confidential information can be exposed externally.
|
| CVE-2026-40861 |
|
Vulnerability in apache-airflow (CVE-2026-40861)
vulnerability in apache-airflow (CVE-2026-40861). Confidential information can be exposed externally. Exploitable via ``airflow.cfg``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-41236 |
|
Vulnerability in froxlor/froxlor (CVE-2026-41236)
vulnerability in froxlor/froxlor (CVE-2026-41236). Successful exploitation can lead to full system takeover. Exploitable via `POST /customer_ftp.php`. Mitigation: upgrade to `2.3.7` or later.
|
| CVE-2026-6892 |
|
Vulnerability in CVE-2026-6892 (CVE-2026-6892)
vulnerability in CVE-2026-6892 (CVE-2026-6892). Data can be tampered with by attackers.
|
| CVE-2026-6891 |
|
Vulnerability in jvn (CVE-2026-6891)
vulnerability in jvn (CVE-2026-6891). Data can be tampered with by attackers.
|
| CVE-2026-45403 |
|
Vulnerability in mintplexlabs (CVE-2026-45403)
vulnerability in mintplexlabs (CVE-2026-45403). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.13.0` or later.
|
| CVE-2026-9804 |
|
Vulnerability in kubevirt.io/kubevirt (CVE-2026-9804)
vulnerability in kubevirt.io/kubevirt (CVE-2026-9804). Confidential information can be exposed externally.
|
| CVE-2026-44711 |
|
Vulnerability in CVE-2026-44711 (CVE-2026-44711)
vulnerability in CVE-2026-44711 (CVE-2026-44711). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-48921 |
|
Vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921)
vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `798.v5cc688825312` or later.
|
| CVE-2026-48693 |
|
Vulnerability in cpp (CVE-2026-48693)
vulnerability in cpp (CVE-2026-48693). Data can be tampered with by attackers.
|
| CVE-2026-7374 |
|
Vulnerability in kubevirt.io/kubevirt (CVE-2026-7374)
vulnerability in kubevirt.io/kubevirt (CVE-2026-7374). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.6.6` or later.
|
| CVE-2026-42496 |
|
Vulnerability in archive (CVE-2026-42496)
vulnerability in archive (CVE-2026-42496). Confidential information can be exposed externally.
|
| CVE-2026-42497 |
|
Vulnerability in archive (CVE-2026-42497)
vulnerability in archive (CVE-2026-42497). Data can be tampered with by attackers.
|
| CVE-2026-40610 |
|
Vulnerability in bentoml (CVE-2026-40610)
vulnerability in bentoml (CVE-2026-40610). Confidential information can be exposed externally. Exploitable via ``src_file``. Mitigation: upgrade to `1.4.39` or later.
|
| CVE-2025-71212 |
|
Vulnerability in CVE-2025-71212 (CVE-2025-71212)
vulnerability in CVE-2025-71212 (CVE-2025-71212). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44051 |
|
Vulnerability in CVE-2026-44051 (CVE-2026-44051)
vulnerability in CVE-2026-44051 (CVE-2026-44051). Confidential information can be exposed externally.
|
| CVE-2026-42834 |
|
Vulnerability in microsoft (CVE-2026-42834)
vulnerability in microsoft (CVE-2026-42834). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41091 KEV |
|
[KEV] Vulnerability in Microsoft malware-protection-engine (CVE-2026-41091)
vulnerability in Microsoft malware-protection-engine (CVE-2026-41091). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-43619 |
|
Vulnerability in samba (CVE-2026-43619)
vulnerability in samba (CVE-2026-43619). Confidential information can be exposed externally.
|
| CVE-2026-34883 |
|
Vulnerability in c (CVE-2026-34883)
vulnerability in c (CVE-2026-34883). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8784 |
|
Vulnerability in c (CVE-2026-8784)
vulnerability in c (CVE-2026-8784). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45539 |
|
Information Disclosure in apm (CVE-2026-45539)
vulnerability in apm (CVE-2026-45539). Confidential information can be exposed externally. Exploitable via ``content_hash``. Mitigation: upgrade to `0.13.0` or later.
|
| CVE-2026-44881 |
|
Information Disclosure in github.com/portainer/portainer (CVE-2026-44881)
vulnerability in github.com/portainer/portainer (CVE-2026-44881). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/stacks/{id}/file`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44471 |
|
Vulnerability in gix-fs (CVE-2026-44471)
vulnerability in gix-fs (CVE-2026-44471). Successful exploitation can lead to full system takeover. Exploitable via ``payload``. Mitigation: upgrade to `0.21.1` or later.
|
| CVE-2025-27850 |
|
Vulnerability in garmin (CVE-2025-27850)
vulnerability in garmin (CVE-2025-27850). Confidential information can be exposed externally.
|
| CVE-2026-43998 |
|
Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44470 |
|
Vulnerability in privilege-escalation (CVE-2026-44470)
vulnerability in privilege-escalation (CVE-2026-44470). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.3834.0` or later.
|
| CVE-2026-6959 |
|
Vulnerability in github.com/hashicorp/nomad (CVE-2026-6959)
vulnerability in github.com/hashicorp/nomad (CVE-2026-6959). Data can be tampered with by attackers. Mitigation: upgrade to `1.11.0-rc.1.0.20260512123500-2a09fd62c238` or later.
|
| CVE-2026-8052 |
|
Vulnerability in github.com/hashicorp/nomad-driver-exec2 (CVE-2026-8052)
vulnerability in github.com/hashicorp/nomad-driver-exec2 (CVE-2026-8052). Data can be tampered with by attackers. Mitigation: upgrade to `0.1.2` or later.
|
| CVE-2026-44220 |
|
Vulnerability in ciguard (CVE-2026-44220)
vulnerability in ciguard (CVE-2026-44220). Risk of unauthorized operations or information disclosure. Exploitable via ``scan_repo``. Mitigation: upgrade to `0.8.2` or later.
|
| CVE-2026-41610 |
|
Vulnerability in microsoft (CVE-2026-41610)
vulnerability in microsoft (CVE-2026-41610). Confidential information can be exposed externally.
|
| CVE-2026-43989 |
|
Vulnerability in CVE-2026-43989 (CVE-2026-43989)
vulnerability in CVE-2026-43989 (CVE-2026-43989). Confidential information can be exposed externally. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-5061 |
|
Vulnerability in consul (CVE-2026-5061)
vulnerability in consul (CVE-2026-5061). Confidential information can be exposed externally. Mitigation: upgrade to `0.42.0` or later.
|
| CVE-2021-47949 |
|
Vulnerability in CVE-2021-47949 (CVE-2021-47949)
vulnerability in CVE-2021-47949 (CVE-2021-47949). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42574 |
|
Path Traversal in chainguard.dev/apko (CVE-2026-42574)
path traversal in chainguard.dev/apko (CVE-2026-42574). Data can be tampered with by attackers. Exploitable via ``TypeSymlink``. Mitigation: upgrade to `1.2.5` or later.
|
| CVE-2026-44340 |
|
Path Traversal in PraisonAI (CVE-2026-44340)
path traversal in PraisonAI (CVE-2026-44340). Data can be tampered with by attackers. Exploitable via ``_safe_extractall``. Mitigation: upgrade to `4.6.37` or later.
|
| CVE-2026-39819 |
|
Vulnerability in golang (CVE-2026-39819)
vulnerability in golang (CVE-2026-39819). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
|
| CVE-2026-5161 |
|
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
|
| CVE-2026-41433 |
|
Path Traversal in opentelemetry (CVE-2026-41433)
path traversal in opentelemetry (CVE-2026-41433). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2025-60710 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-60710)
vulnerability in Microsoft windows (CVE-2025-60710). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34078 |
|
Vulnerability in flatpak (CVE-2026-34078)
vulnerability in flatpak (CVE-2026-34078). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.16.4` or later.
|
| CVE-2026-33001 |
|
Vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001)
vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.555` or later.
|
| CVE-2026-25187 |
|
Vulnerability in microsoft (CVE-2026-25187)
vulnerability in microsoft (CVE-2026-25187). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29786 |
|
Path Traversal in c (CVE-2026-29786)
path traversal in c (CVE-2026-29786). Data can be tampered with by attackers.
|
| CVE-2026-24842 |
|
Path Traversal in path-traversal (CVE-2026-24842)
path traversal in path-traversal (CVE-2026-24842). Confidential information can be exposed externally.
|
| CVE-2026-24046 |
|
Path Traversal in path-traversal (CVE-2026-24046)
path traversal in path-traversal (CVE-2026-24046). Confidential information can be exposed externally.
|
| CVE-2025-7073 |
|
Vulnerability in c (CVE-2025-7073)
vulnerability in c (CVE-2025-7073). Successful exploitation can lead to full system takeover.
|