Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-30118 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-30118)
SSRF in ssrf (CVE-2026-30118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31070 |
|
Privilege Escalation in CVE-2026-31070 (CVE-2026-31070)
vulnerability in CVE-2026-31070 (CVE-2026-31070). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31071 |
|
Vulnerability in CVE-2026-31071 (CVE-2026-31071)
vulnerability in CVE-2026-31071 (CVE-2026-31071). Confidential information can be exposed externally.
|
| CVE-2026-31072 |
|
Unsafe Deserialization in apscheduler (CVE-2026-31072)
vulnerability in apscheduler (CVE-2026-31072). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30117 |
|
Code Injection in CVE-2026-30117 (CVE-2026-30117)
code injection in CVE-2026-30117 (CVE-2026-30117). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45758 |
|
Vulnerability in guardrails-ai (CVE-2026-45758)
vulnerability in guardrails-ai (CVE-2026-45758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44159 |
|
Vulnerability in CVE-2026-44159 (CVE-2026-44159)
vulnerability in CVE-2026-44159 (CVE-2026-44159). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2586 |
|
Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-2587 |
|
Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
|
| CVE-2026-45570 |
|
Vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570)
vulnerability in github.com/go-git/go-git/v5 (CVE-2026-45570). Successful exploitation can lead to full system takeover. Exploitable via ``sq_quote_buf``. Mitigation: upgrade to `5.19.1` or later.
|
| CVE-2026-45721 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-8959 |
|
Vulnerability in mozilla (CVE-2026-8959)
vulnerability in mozilla (CVE-2026-8959). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8948 |
|
Vulnerability in mozilla (CVE-2026-8948)
vulnerability in mozilla (CVE-2026-8948). Confidential information can be exposed externally.
|
| CVE-2026-8950 |
|
Vulnerability in mozilla (CVE-2026-8950)
vulnerability in mozilla (CVE-2026-8950). Confidential information can be exposed externally.
|
| CVE-2026-8953 |
|
Use-After-Free in mozilla (CVE-2026-8953)
vulnerability in mozilla (CVE-2026-8953). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8956 |
|
Vulnerability in mozilla (CVE-2026-8956)
vulnerability in mozilla (CVE-2026-8956). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47323 |
|
Vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323)
vulnerability in org.apache.camel:camel-cxf-rest (CVE-2026-47323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.18.2` or later.
|
| CVE-2026-43633 |
|
Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4883 |
|
Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43493 |
|
Vulnerability in linux (CVE-2026-43493)
vulnerability in linux (CVE-2026-43493). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45434 |
|
Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31986 |
|
Vulnerability in apache (CVE-2026-31986)
vulnerability in apache (CVE-2026-31986). Confidential information can be exposed externally.
|
| CVE-2026-41919 |
|
Vulnerability in apache (CVE-2026-41919)
vulnerability in apache (CVE-2026-41919). Confidential information can be exposed externally.
|
| CVE-2026-2611 |
|
Vulnerability in mlflow (CVE-2026-2611)
vulnerability in mlflow (CVE-2026-2611). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.10.0` or later.
|
| CVE-2026-4885 |
|
Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27130 |
|
OS Command Injection in CVE-2026-27130 (CVE-2026-27130)
OS command injection in CVE-2026-27130 (CVE-2026-27130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8838 |
|
Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
|
| CVE-2026-8836 |
|
Buffer Overflow in c (CVE-2026-8836)
vulnerability in c (CVE-2026-8836). Successful exploitation can lead to full system takeover.
|
| CVE-2023-24215 |
|
Vulnerability in CVE-2023-24215 (CVE-2023-24215)
vulnerability in CVE-2023-24215 (CVE-2023-24215). Confidential information can be exposed externally.
|
| CVE-2026-42822 |
|
Authentication Bypass in microsoft (CVE-2026-42822)
authentication bypass in microsoft (CVE-2026-42822). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45230 |
|
Path Traversal in path-traversal (CVE-2026-45230)
path traversal in path-traversal (CVE-2026-45230). Data can be tampered with by attackers. Exploitable via `POST /api/delete-file`.
|
| CVE-2026-45697 |
|
Vulnerability in verbb/formie (CVE-2026-45697)
vulnerability in verbb/formie (CVE-2026-45697). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.20` or later.
|
| CVE-2026-45829 |
|
Code Injection in chromadb (CVE-2026-45829)
code injection in chromadb (CVE-2026-45829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41947 |
|
Vulnerability in dify (CVE-2026-41947)
vulnerability in dify (CVE-2026-41947). Confidential information can be exposed externally.
|
| CVE-2026-41948 |
|
Vulnerability in path-traversal (CVE-2026-41948)
vulnerability in path-traversal (CVE-2026-41948). Confidential information can be exposed externally.
|
| CVE-2026-45625 |
|
Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625). Successful exploitation can lead to full system takeover. Exploitable via `PUT /customize/git-repositories/{id}`. Mitigation: upgrade to `1.19.0` or later.
|
| CVE-2026-7301 |
|
Unsafe Deserialization in sglang (CVE-2026-7301)
vulnerability in sglang (CVE-2026-7301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7304 |
|
Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7302 |
|
Vulnerability in sglang (CVE-2026-7302)
vulnerability in sglang (CVE-2026-7302). Data can be tampered with by attackers.
|
| CVE-2026-8721 |
|
Vulnerability in c (CVE-2026-8721)
vulnerability in c (CVE-2026-8721). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8507 |
|
Out-of-Bounds Write in CVE-2026-8507 (CVE-2026-8507)
out-of-bounds write in CVE-2026-8507 (CVE-2026-8507). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25335 |
|
Vulnerability in wordpress (CVE-2018-25335)
vulnerability in wordpress (CVE-2018-25335). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25332 |
|
Vulnerability in gitbucket (CVE-2018-25332)
vulnerability in gitbucket (CVE-2018-25332). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25320 |
|
Code Injection in CVE-2018-25320 (CVE-2018-25320)
code injection in CVE-2018-25320 (CVE-2018-25320). Successful exploitation can lead to full system takeover.
|
| CVE-2021-47952 |
|
Code Injection in deserialization (CVE-2021-47952)
code injection in deserialization (CVE-2021-47952). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37239 |
|
Vulnerability in CVE-2020-37239 (CVE-2020-37239)
vulnerability in CVE-2020-37239 (CVE-2020-37239). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37228 |
|
Vulnerability in CVE-2020-37228 (CVE-2020-37228)
vulnerability in CVE-2020-37228 (CVE-2020-37228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46695 |
|
Vulnerability in boxlite (CVE-2026-46695)
vulnerability in boxlite (CVE-2026-46695). Confidential information can be exposed externally. Exploitable via ``VolumeSpec``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-46703 |
|
Path Traversal in boxlite (CVE-2026-46703)
path traversal in boxlite (CVE-2026-46703). Successful exploitation can lead to full system takeover. Exploitable via ``apply_oci_layer``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-46364 |
|
SQL Injection in thorsten/phpmyfaq (CVE-2026-46364)
SQL injection in thorsten/phpmyfaq (CVE-2026-46364). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/captcha`. Mitigation: upgrade to `4.1.2` or later.
|