Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-32253 |
|
Authentication Bypass in cpp (CVE-2026-32253)
authentication bypass in cpp (CVE-2026-32253). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46595 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-46595)
vulnerability in golang.org/x/crypto (CVE-2026-46595). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-42508 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-42508)
vulnerability in golang.org/x/crypto (CVE-2026-42508). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39834 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39834)
vulnerability in golang.org/x/crypto (CVE-2026-39834). Data can be tampered with by attackers. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39833 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39833)
vulnerability in golang.org/x/crypto (CVE-2026-39833). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39830 |
|
Buffer Overflow in golang.org/x/crypto (CVE-2026-39830)
vulnerability in golang.org/x/crypto (CVE-2026-39830). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39831 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39831)
vulnerability in golang.org/x/crypto (CVE-2026-39831). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39832 |
|
Vulnerability in golang.org/x/crypto (CVE-2026-39832)
vulnerability in golang.org/x/crypto (CVE-2026-39832). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
|
| CVE-2026-39821 |
|
Vulnerability in golang.org/x/net (CVE-2026-39821)
vulnerability in golang.org/x/net (CVE-2026-39821). Confidential information can be exposed externally. Mitigation: upgrade to `0.55.0` or later.
|
| CVE-2026-34908 KEV |
|
[KEV] Vulnerability in Ubiquiti ui (CVE-2026-34908)
vulnerability in Ubiquiti ui (CVE-2026-34908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34909 KEV |
|
[KEV] Path Traversal in Ubiquiti path-traversal (CVE-2026-34909)
path traversal in Ubiquiti path-traversal (CVE-2026-34909). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34910 KEV |
|
[KEV] Vulnerability in Ubiquiti ui (CVE-2026-34910)
vulnerability in Ubiquiti ui (CVE-2026-34910). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33000 |
|
Vulnerability in ui (CVE-2026-33000)
vulnerability in ui (CVE-2026-33000). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6960 |
|
Unrestricted File Upload in wordpress (CVE-2026-6960)
vulnerability in wordpress (CVE-2026-6960). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46614 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46614)
vulnerability in github.com/fission/fission (CVE-2026-46614). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v2/foo`. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-48207 |
|
Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
|
| CVE-2026-39531 |
|
SQL Injection in sqli (CVE-2026-39531)
SQL injection in sqli (CVE-2026-39531). Confidential information can be exposed externally.
|
| CVE-2025-71210 |
|
Path Traversal in CVE-2025-71210 (CVE-2025-71210)
path traversal in CVE-2025-71210 (CVE-2025-71210). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71211 |
|
Path Traversal in CVE-2025-71211 (CVE-2025-71211)
path traversal in CVE-2025-71211 (CVE-2025-71211). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5118 |
|
Privilege Escalation in wordpress (CVE-2026-5118)
vulnerability in wordpress (CVE-2026-5118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43501 |
|
Out-of-Bounds Write in linux (CVE-2026-43501)
out-of-bounds write in linux (CVE-2026-43501). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5433 |
|
Vulnerability in CVE-2026-5433 (CVE-2026-5433)
vulnerability in CVE-2026-5433 (CVE-2026-5433). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44050 |
|
Vulnerability in dos (CVE-2026-44050)
vulnerability in dos (CVE-2026-44050). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6279 |
|
Vulnerability in wordpress (CVE-2026-6279)
vulnerability in wordpress (CVE-2026-6279). Successful exploitation can lead to full system takeover. Exploitable via ``wp_conditional_tags``.
|
| CVE-2026-48172 KEV |
|
[KEV] Vulnerability in Litespeed privilege-escalation (CVE-2026-48172)
vulnerability in Litespeed privilege-escalation (CVE-2026-48172). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-47372 |
|
Vulnerability in CVE-2026-47372 (CVE-2026-47372)
vulnerability in CVE-2026-47372 (CVE-2026-47372). Confidential information can be exposed externally.
|
| CVE-2026-8631 |
|
Vulnerability in hp (CVE-2026-8631)
vulnerability in hp (CVE-2026-8631). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9139 |
|
Vulnerability in CVE-2026-9139 (CVE-2026-9139)
vulnerability in CVE-2026-9139 (CVE-2026-9139). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9141 |
|
Vulnerability in CVE-2026-9141 (CVE-2026-9141)
vulnerability in CVE-2026-9141 (CVE-2026-9141). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45444 |
|
Unrestricted File Upload in CVE-2026-45444 (CVE-2026-45444)
vulnerability in CVE-2026-45444 (CVE-2026-45444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20223 |
|
Vulnerability in Cisco secure-workload (CVE-2026-20223)
vulnerability in Cisco secure-workload (CVE-2026-20223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45388 |
|
Vulnerability in tls (CVE-2026-45388)
vulnerability in tls (CVE-2026-45388). Confidential information can be exposed externally. Mitigation: upgrade to `2.1.0, 6a12247b3fbd747972ad2d35b74d9a89f6404952` or later.
|
| CVE-2026-22314 |
|
Code Injection in CVE-2026-22314 (CVE-2026-22314)
code injection in CVE-2026-22314 (CVE-2026-22314). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42960 |
|
Vulnerability in nlnetlabs (CVE-2026-42960)
vulnerability in nlnetlabs (CVE-2026-42960). Data can be tampered with by attackers.
|
| CVE-2026-33278 |
|
Use-After-Free in dos (CVE-2026-33278)
vulnerability in dos (CVE-2026-33278). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24207 |
|
Vulnerability in dos (CVE-2026-24207)
vulnerability in dos (CVE-2026-24207). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7284 |
|
Privilege Escalation in wordpress (CVE-2026-7284)
vulnerability in wordpress (CVE-2026-7284). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6555 |
|
Unrestricted File Upload in wordpress (CVE-2026-6555)
vulnerability in wordpress (CVE-2026-6555). Successful exploitation can lead to full system takeover.
|
| CVE-2008-4250 KEV |
|
[KEV] Code Injection in Microsoft windows-2000 (CVE-2008-4250)
code injection in Microsoft windows-2000 (CVE-2008-4250). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34234 |
|
OS Command Injection in CVE-2026-34234 (CVE-2026-34234)
OS command injection in CVE-2026-34234 (CVE-2026-34234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46354 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-46354)
vulnerability in github.com/coder/coder/v2 (CVE-2026-46354). Confidential information can be exposed externally. Exploitable via `POST /api/v2/workspaceagents/azure-instance-identity`. Mitigation: upgrade to `2.24.5` or later.
|
| CVE-2026-33642 |
|
Out-of-Bounds Read in c (CVE-2026-33642)
vulnerability in c (CVE-2026-33642). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8605 |
|
Vulnerability in scadabr (CVE-2026-8605)
vulnerability in scadabr (CVE-2026-8605). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8603 |
|
OS Command Injection in scadabr (CVE-2026-8603)
OS command injection in scadabr (CVE-2026-8603). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36829 |
|
Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8598 |
|
Vulnerability in cisa (CVE-2026-8598)
vulnerability in cisa (CVE-2026-8598). Confidential information can be exposed externally.
|
| CVE-2026-8602 |
|
Vulnerability in cisa (CVE-2026-8602)
vulnerability in cisa (CVE-2026-8602). Data can be tampered with by attackers.
|
| CVE-2026-56348 |
|
SSRF (Server-Side Request Forgery) in n8n (CVE-2026-56348)
SSRF in n8n (CVE-2026-56348). Confidential information can be exposed externally. Exploitable via `POST /rest/dynamic-node-parameters/options`. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-37281 |
|
OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
|