Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13373 |
|
Cross-Site Scripting (XSS) in CVE-2026-13373 (CVE-2026-13373)
cross-site scripting in CVE-2026-13373 (CVE-2026-13373). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13371 |
|
Unsafe Deserialization in deserialization (CVE-2026-13371)
vulnerability in deserialization (CVE-2026-13371). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13368 |
|
Use-After-Free in CVE-2026-13368 (CVE-2026-13368)
vulnerability in CVE-2026-13368 (CVE-2026-13368). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13722 |
|
Vulnerability in CVE-2026-13722 (CVE-2026-13722)
vulnerability in CVE-2026-13722 (CVE-2026-13722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13376 |
|
Cross-Site Scripting (XSS) in CVE-2026-13376 (CVE-2026-13376)
cross-site scripting in CVE-2026-13376 (CVE-2026-13376). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13375 |
|
Cross-Site Scripting (XSS) in CVE-2026-13375 (CVE-2026-13375)
cross-site scripting in CVE-2026-13375 (CVE-2026-13375). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13053 |
|
Out-of-Bounds Write in CVE-2026-13053 (CVE-2026-13053)
out-of-bounds write in CVE-2026-13053 (CVE-2026-13053). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13054 |
|
Path Traversal in path-traversal (CVE-2026-13054)
path traversal in path-traversal (CVE-2026-13054). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13050 |
|
Out-of-Bounds Write in CVE-2026-13050 (CVE-2026-13050)
out-of-bounds write in CVE-2026-13050 (CVE-2026-13050). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13079 |
|
Vulnerability in privilege-escalation (CVE-2026-13079)
vulnerability in privilege-escalation (CVE-2026-13079). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13084 |
|
Vulnerability in dos (CVE-2026-13084)
vulnerability in dos (CVE-2026-13084). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57100 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57100)
SSRF in ssrf (CVE-2026-57100). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54998 |
|
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
|
| CVE-2026-45499 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45499)
SSRF in ssrf (CVE-2026-45499). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41106 |
|
Open Redirect in microsoft (CVE-2026-41106)
vulnerability in microsoft (CVE-2026-41106). Confidential information can be exposed externally.
|
| CVE-2026-26145 |
|
Vulnerability in microsoft (CVE-2026-26145)
vulnerability in microsoft (CVE-2026-26145). Confidential information can be exposed externally.
|
| CVE-2026-50722 |
|
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly...
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly...
|
| CVE-2026-50721 |
|
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify...
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify...
|
| CVE-2026-12413 |
|
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart....
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart....
|
| CVE-2026-52192 |
|
Vulnerability in dos (CVE-2026-52192)
vulnerability in dos (CVE-2026-52192). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52189 |
|
Vulnerability in dos (CVE-2026-52189)
vulnerability in dos (CVE-2026-52189). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38972 |
|
Vulnerability in c (CVE-2026-38972)
vulnerability in c (CVE-2026-38972). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38970 |
|
Vulnerability in CVE-2026-38970 (CVE-2026-38970)
vulnerability in CVE-2026-38970 (CVE-2026-38970). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52188 |
|
Buffer Overflow in dos (CVE-2026-52188)
vulnerability in dos (CVE-2026-52188). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38971 |
|
Out-of-Bounds Read in cpp (CVE-2026-38971)
vulnerability in cpp (CVE-2026-38971). Confidential information can be exposed externally.
|
| CVE-2026-58460 |
|
Path Traversal in react (CVE-2026-58460)
path traversal in react (CVE-2026-58460). Data can be tampered with by attackers.
|
| CVE-2026-52191 |
|
Vulnerability in dos (CVE-2026-52191)
vulnerability in dos (CVE-2026-52191). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59102 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-59102)
cross-site scripting in vue (CVE-2026-59102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38968 |
|
Vulnerability in cpp (CVE-2026-38968)
vulnerability in cpp (CVE-2026-38968). Successful exploitation can lead to full system takeover.
|
| CVE-2026-59100 |
|
Vulnerability in CVE-2026-59100 (CVE-2026-59100)
vulnerability in CVE-2026-59100 (CVE-2026-59100). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38969 |
|
Vulnerability in CVE-2026-38969 (CVE-2026-38969)
vulnerability in CVE-2026-38969 (CVE-2026-38969). Data can be tampered with by attackers.
|
| CVE-2026-59101 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59101)
SSRF in ssrf (CVE-2026-59101). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/setup/test-downloader`.
|
| CVE-2026-59095 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-59095)
SSRF in ssrf (CVE-2026-59095). Confidential information can be exposed externally.
|
| CVE-2026-59099 |
|
Vulnerability in CVE-2026-59099 (CVE-2026-59099)
vulnerability in CVE-2026-59099 (CVE-2026-59099). Confidential information can be exposed externally.
|
| CVE-2026-59097 |
|
Vulnerability in CVE-2026-59097 (CVE-2026-59097)
vulnerability in CVE-2026-59097 (CVE-2026-59097). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59098 |
|
Vulnerability in CVE-2026-59098 (CVE-2026-59098)
vulnerability in CVE-2026-59098 (CVE-2026-59098). Confidential information can be exposed externally.
|
| CVE-2026-59096 |
|
Vulnerability in CVE-2026-59096 (CVE-2026-59096)
vulnerability in CVE-2026-59096 (CVE-2026-59096). Data can be tampered with by attackers. Exploitable via `Host header`.
|
| CVE-2026-58578 |
|
Vulnerability in dos (CVE-2026-58578)
vulnerability in dos (CVE-2026-58578). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58579 |
|
Cross-Site Scripting (XSS) in CVE-2026-58579 (CVE-2026-58579)
cross-site scripting in CVE-2026-58579 (CVE-2026-58579). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59093 |
|
Vulnerability in weaviate (CVE-2026-59093)
vulnerability in weaviate (CVE-2026-59093). Successful exploitation can lead to full system takeover. Exploitable via `POST /authz/users/{id}/assign`.
|
| CVE-2026-59094 |
|
Vulnerability in CVE-2026-59094 (CVE-2026-59094)
vulnerability in CVE-2026-59094 (CVE-2026-59094). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58580 |
|
Vulnerability in CVE-2026-58580 (CVE-2026-58580)
vulnerability in CVE-2026-58580 (CVE-2026-58580). Data can be tampered with by attackers.
|
| CVE-2026-59092 |
|
Vulnerability in dos (CVE-2026-59092)
vulnerability in dos (CVE-2026-59092). Confidential information can be exposed externally.
|
| CVE-2026-58381 |
|
Vulnerability in dos (CVE-2026-58381)
vulnerability in dos (CVE-2026-58381). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58467 |
|
Path Traversal in nginx (CVE-2026-58467)
path traversal in nginx (CVE-2026-58467). Confidential information can be exposed externally.
|
| CVE-2026-58466 |
|
Vulnerability in CVE-2026-58466 (CVE-2026-58466)
vulnerability in CVE-2026-58466 (CVE-2026-58466). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71385 |
|
Cross-Site Scripting (XSS) in netdata (CVE-2025-71385)
cross-site scripting in netdata (CVE-2025-71385). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52187 |
|
Vulnerability in dos (CVE-2026-52187)
vulnerability in dos (CVE-2026-52187). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49360 |
|
Vulnerability in recce (CVE-2026-49360)
vulnerability in recce (CVE-2026-49360). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.50.0` or later.
|
| CVE-2026-49353 |
|
Vulnerability in 9router (CVE-2026-49353)
vulnerability in 9router (CVE-2026-49353). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/mcp/`.
|