Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-59 Clear
ID Title
CVE-2026-28262 Vulnerability in CVE-2026-28262 (CVE-2026-28262)
vulnerability in CVE-2026-28262 (CVE-2026-28262). Data can be tampered with by attackers.
CVE-2026-11322 Vulnerability in path-traversal (CVE-2026-11322)
vulnerability in path-traversal (CVE-2026-11322). Confidential information can be exposed externally.
CVE-2026-42795 Vulnerability in CVE-2026-42795 (CVE-2026-42795)
vulnerability in CVE-2026-42795 (CVE-2026-42795). Risk of unauthorized operations or information disclosure.
CVE-2026-49135 Vulnerability in CVE-2026-49135 (CVE-2026-49135)
vulnerability in CVE-2026-49135 (CVE-2026-49135). Confidential information can be exposed externally.
CVE-2026-40861 Vulnerability in apache-airflow (CVE-2026-40861)
vulnerability in apache-airflow (CVE-2026-40861). Confidential information can be exposed externally. Exploitable via ``airflow.cfg``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-41236 Vulnerability in froxlor/froxlor (CVE-2026-41236)
vulnerability in froxlor/froxlor (CVE-2026-41236). Successful exploitation can lead to full system takeover. Exploitable via `POST /customer_ftp.php`. Mitigation: upgrade to `2.3.7` or later.
CVE-2026-6892 Vulnerability in CVE-2026-6892 (CVE-2026-6892)
vulnerability in CVE-2026-6892 (CVE-2026-6892). Data can be tampered with by attackers.
CVE-2026-6891 Vulnerability in jvn (CVE-2026-6891)
vulnerability in jvn (CVE-2026-6891). Data can be tampered with by attackers.
CVE-2026-45403 Vulnerability in mintplexlabs (CVE-2026-45403)
vulnerability in mintplexlabs (CVE-2026-45403). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.13.0` or later.
CVE-2026-9804 Vulnerability in kubevirt.io/kubevirt (CVE-2026-9804)
vulnerability in kubevirt.io/kubevirt (CVE-2026-9804). Confidential information can be exposed externally.
CVE-2026-44711 Vulnerability in CVE-2026-44711 (CVE-2026-44711)
vulnerability in CVE-2026-44711 (CVE-2026-44711). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-48921 Vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921)
vulnerability in io.jenkins.plugins:pipeline-groovy-lib (CVE-2026-48921). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `798.v5cc688825312` or later.
CVE-2026-48693 Vulnerability in cpp (CVE-2026-48693)
vulnerability in cpp (CVE-2026-48693). Data can be tampered with by attackers.
CVE-2026-7374 Vulnerability in kubevirt.io/kubevirt (CVE-2026-7374)
vulnerability in kubevirt.io/kubevirt (CVE-2026-7374). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.6.6` or later.
CVE-2026-42496 Vulnerability in archive (CVE-2026-42496)
vulnerability in archive (CVE-2026-42496). Confidential information can be exposed externally.
CVE-2026-42497 Vulnerability in archive (CVE-2026-42497)
vulnerability in archive (CVE-2026-42497). Data can be tampered with by attackers.
CVE-2026-40610 Vulnerability in bentoml (CVE-2026-40610)
vulnerability in bentoml (CVE-2026-40610). Confidential information can be exposed externally. Exploitable via ``src_file``. Mitigation: upgrade to `1.4.39` or later.
CVE-2025-71212 Vulnerability in CVE-2025-71212 (CVE-2025-71212)
vulnerability in CVE-2025-71212 (CVE-2025-71212). Successful exploitation can lead to full system takeover.
CVE-2026-44051 Vulnerability in CVE-2026-44051 (CVE-2026-44051)
vulnerability in CVE-2026-44051 (CVE-2026-44051). Confidential information can be exposed externally.
CVE-2026-42834 Vulnerability in microsoft (CVE-2026-42834)
vulnerability in microsoft (CVE-2026-42834). Successful exploitation can lead to full system takeover.
CVE-2026-41091 KEV [KEV] Vulnerability in Microsoft malware-protection-engine (CVE-2026-41091)
vulnerability in Microsoft malware-protection-engine (CVE-2026-41091). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-43619 Vulnerability in samba (CVE-2026-43619)
vulnerability in samba (CVE-2026-43619). Confidential information can be exposed externally.
CVE-2026-34883 Vulnerability in c (CVE-2026-34883)
vulnerability in c (CVE-2026-34883). Risk of unauthorized operations or information disclosure.
CVE-2026-8784 Vulnerability in c (CVE-2026-8784)
vulnerability in c (CVE-2026-8784). Risk of unauthorized operations or information disclosure.
CVE-2026-45539 Information Disclosure in apm (CVE-2026-45539)
vulnerability in apm (CVE-2026-45539). Confidential information can be exposed externally. Exploitable via ``content_hash``. Mitigation: upgrade to `0.13.0` or later.
CVE-2026-44881 Information Disclosure in github.com/portainer/portainer (CVE-2026-44881)
vulnerability in github.com/portainer/portainer (CVE-2026-44881). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/stacks/{id}/file`. Mitigation: upgrade to `2.41.0` or later.
CVE-2026-44471 Vulnerability in gix-fs (CVE-2026-44471)
vulnerability in gix-fs (CVE-2026-44471). Successful exploitation can lead to full system takeover. Exploitable via ``payload``. Mitigation: upgrade to `0.21.1` or later.
CVE-2025-27850 Vulnerability in garmin (CVE-2025-27850)
vulnerability in garmin (CVE-2025-27850). Confidential information can be exposed externally.
CVE-2026-43998 Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44470 Vulnerability in privilege-escalation (CVE-2026-44470)
vulnerability in privilege-escalation (CVE-2026-44470). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.3834.0` or later.
CVE-2026-6959 Vulnerability in github.com/hashicorp/nomad (CVE-2026-6959)
vulnerability in github.com/hashicorp/nomad (CVE-2026-6959). Data can be tampered with by attackers. Mitigation: upgrade to `1.11.0-rc.1.0.20260512123500-2a09fd62c238` or later.
CVE-2026-8052 Vulnerability in github.com/hashicorp/nomad-driver-exec2 (CVE-2026-8052)
vulnerability in github.com/hashicorp/nomad-driver-exec2 (CVE-2026-8052). Data can be tampered with by attackers. Mitigation: upgrade to `0.1.2` or later.
CVE-2026-44220 Vulnerability in ciguard (CVE-2026-44220)
vulnerability in ciguard (CVE-2026-44220). Risk of unauthorized operations or information disclosure. Exploitable via ``scan_repo``. Mitigation: upgrade to `0.8.2` or later.
CVE-2026-41610 Vulnerability in microsoft (CVE-2026-41610)
vulnerability in microsoft (CVE-2026-41610). Confidential information can be exposed externally.
CVE-2026-43989 Vulnerability in CVE-2026-43989 (CVE-2026-43989)
vulnerability in CVE-2026-43989 (CVE-2026-43989). Confidential information can be exposed externally. Mitigation: upgrade to `0.x.y-security-1` or later.
CVE-2026-5061 Vulnerability in consul (CVE-2026-5061)
vulnerability in consul (CVE-2026-5061). Confidential information can be exposed externally. Mitigation: upgrade to `0.42.0` or later.
CVE-2021-47949 Vulnerability in CVE-2021-47949 (CVE-2021-47949)
vulnerability in CVE-2021-47949 (CVE-2021-47949). Successful exploitation can lead to full system takeover.
CVE-2026-42574 Path Traversal in chainguard.dev/apko (CVE-2026-42574)
path traversal in chainguard.dev/apko (CVE-2026-42574). Data can be tampered with by attackers. Exploitable via ``TypeSymlink``. Mitigation: upgrade to `1.2.5` or later.
CVE-2026-44340 Path Traversal in PraisonAI (CVE-2026-44340)
path traversal in PraisonAI (CVE-2026-44340). Data can be tampered with by attackers. Exploitable via ``_safe_extractall``. Mitigation: upgrade to `4.6.37` or later.
CVE-2026-39819 Vulnerability in golang (CVE-2026-39819)
vulnerability in golang (CVE-2026-39819). Data can be tampered with by attackers. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-5161 Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM...
CVE-2026-41433 Path Traversal in opentelemetry (CVE-2026-41433)
path traversal in opentelemetry (CVE-2026-41433). Data can be tampered with by attackers. Mitigation: upgrade to `0.8.0` or later.
CVE-2025-60710 KEV [KEV] Vulnerability in Microsoft windows (CVE-2025-60710)
vulnerability in Microsoft windows (CVE-2025-60710). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-34078 Vulnerability in flatpak (CVE-2026-34078)
vulnerability in flatpak (CVE-2026-34078). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.16.4` or later.
CVE-2026-33001 Vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001)
vulnerability in org.jenkins-ci.main:jenkins-core (CVE-2026-33001). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.555` or later.
CVE-2026-25187 Vulnerability in microsoft (CVE-2026-25187)
vulnerability in microsoft (CVE-2026-25187). Successful exploitation can lead to full system takeover.
CVE-2026-29786 Path Traversal in c (CVE-2026-29786)
path traversal in c (CVE-2026-29786). Data can be tampered with by attackers.
CVE-2026-24842 Path Traversal in path-traversal (CVE-2026-24842)
path traversal in path-traversal (CVE-2026-24842). Confidential information can be exposed externally.
CVE-2026-24046 Path Traversal in path-traversal (CVE-2026-24046)
path traversal in path-traversal (CVE-2026-24046). Confidential information can be exposed externally.
CVE-2025-7073 Vulnerability in c (CVE-2025-7073)
vulnerability in c (CVE-2025-7073). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →