Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44503 |
|
Open Redirect in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503)
vulnerability in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-44501 |
|
Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
|
| CVE-2026-46419 |
|
Vulnerability in CVE-2026-46419 (CVE-2026-46419)
vulnerability in CVE-2026-46419 (CVE-2026-46419). Successful exploitation can lead to full system takeover.
|
| CVE-2025-27852 |
|
Cross-Site Scripting (XSS) in garmin (CVE-2025-27852)
cross-site scripting in garmin (CVE-2025-27852). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-37430 |
|
Unrestricted File Upload in CVE-2026-37430 (CVE-2026-37430)
vulnerability in CVE-2026-37430 (CVE-2026-37430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41901 |
|
Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
|
| CVE-2026-44241 |
|
Vulnerability in io.micronaut:micronaut-context (CVE-2026-44241)
vulnerability in io.micronaut:micronaut-context (CVE-2026-44241). Risk of unauthorized operations or information disclosure. Exploitable via ``TimeConverterRegistrar``. Mitigation: upgrade to `4.10.22` or later.
|
| CVE-2026-44242 |
|
Vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242)
vulnerability in io.micronaut:micronaut-inject (CVE-2026-44242). Risk of unauthorized operations or information disclosure. Exploitable via ``ResourceBundleMessageSource``. Mitigation: upgrade to `3.8.14` or later.
|
| CVE-2026-45091 |
|
Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
|
| CVE-2026-42188 |
|
SSRF (Server-Side Request Forgery) in org.geysermc.geyser:core (CVE-2026-42188)
SSRF in org.geysermc.geyser:core (CVE-2026-42188). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.9.3` or later.
|
| CVE-2026-8320 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-8320 (CVE-2026-8320)
SSRF in CVE-2026-8320 (CVE-2026-8320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8216 |
|
Authentication Bypass in CVE-2026-8216 (CVE-2026-8216)
authentication bypass in CVE-2026-8216 (CVE-2026-8216). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8211 |
|
Vulnerability in CVE-2026-8211 (CVE-2026-8211)
vulnerability in CVE-2026-8211 (CVE-2026-8211). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8196 |
|
Vulnerability in CVE-2026-8196 (CVE-2026-8196)
vulnerability in CVE-2026-8196 (CVE-2026-8196). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8195 |
|
Cross-Site Scripting (XSS) in CVE-2026-8195 (CVE-2026-8195)
cross-site scripting in CVE-2026-8195 (CVE-2026-8195). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44900 |
|
Vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900)
vulnerability in com.oviva.telematik:epa4all-client (CVE-2026-44900). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
|
| CVE-2026-44714 |
|
Vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714)
vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714). Data can be tampered with by attackers. Exploitable via ``P2PKH``. Mitigation: upgrade to `0.17.1` or later.
|
| CVE-2026-8127 |
|
Vulnerability in CVE-2026-8127 (CVE-2026-8127)
vulnerability in CVE-2026-8127 (CVE-2026-8127). Risk of unauthorized operations or information disclosure.
|
| SUSE-SU-2026:1732-1 |
|
Vulnerability in dos (SUSE-SU-2026:1732-1)
vulnerability in dos (SUSE-SU-2026:1732-1). Risk of unauthorized operations or information disclosure. Exploitable via ``tt_var_load_item_variation_store``.
|
| SUSE-SU-2026:1731-1 |
|
Vulnerability in dos (SUSE-SU-2026:1731-1)
vulnerability in dos (SUSE-SU-2026:1731-1). Risk of unauthorized operations or information disclosure. Exploitable via ``tt_var_load_item_variation_store``.
|
| CVE-2026-34282 |
|
Vulnerability in java (CVE-2026-34282)
vulnerability in java (CVE-2026-34282). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-34268 |
|
Vulnerability in java (CVE-2026-34268)
vulnerability in java (CVE-2026-34268). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-23865 |
|
Vulnerability in java (CVE-2026-23865)
vulnerability in java (CVE-2026-23865). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-22021 |
|
Vulnerability in java (CVE-2026-22021)
vulnerability in java (CVE-2026-22021). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-22013 |
|
Vulnerability in java (CVE-2026-22013)
vulnerability in java (CVE-2026-22013). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-22008 |
|
Vulnerability in java (CVE-2026-22008)
vulnerability in java (CVE-2026-22008). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `25.0.2` or later.
|
| CVE-2026-22007 |
|
Vulnerability in java (CVE-2026-22007)
vulnerability in java (CVE-2026-22007). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491, 11.0.31, 17.0.19, 21.0.11, 25.0.3, 26.0.1` or later.
|
| CVE-2026-22003 |
|
Vulnerability in java (CVE-2026-22003)
vulnerability in java (CVE-2026-22003). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-21947 |
|
Cross-Site Scripting (XSS) in java (CVE-2026-21947)
cross-site scripting in java (CVE-2026-21947). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2026-21945 |
|
Vulnerability in java (CVE-2026-21945)
vulnerability in java (CVE-2026-21945). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
|
| CVE-2026-21933 |
|
Vulnerability in java (CVE-2026-21933)
vulnerability in java (CVE-2026-21933). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
|
| CVE-2026-21932 |
|
Vulnerability in java (CVE-2026-21932)
vulnerability in java (CVE-2026-21932). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
|
| CVE-2026-21925 |
|
Vulnerability in java (CVE-2026-21925)
vulnerability in java (CVE-2026-21925). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481, 11.0.30, 17.0.18, 21.0.10, 25.0.2` or later.
|
| CVE-2026-20676 |
|
Vulnerability in java (CVE-2026-20676)
vulnerability in java (CVE-2026-20676). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20652 |
|
Vulnerability in java (CVE-2026-20652)
vulnerability in java (CVE-2026-20652). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20644 |
|
Buffer Overflow in java (CVE-2026-20644)
vulnerability in java (CVE-2026-20644). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20636 |
|
Buffer Overflow in java (CVE-2026-20636)
vulnerability in java (CVE-2026-20636). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20635 |
|
Buffer Overflow in java (CVE-2026-20635)
vulnerability in java (CVE-2026-20635). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2026-20608 |
|
Vulnerability in java (CVE-2026-20608)
vulnerability in java (CVE-2026-20608). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2025-7425 |
|
Use-After-Free in java (CVE-2025-7425)
vulnerability in java (CVE-2025-7425). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2025-7424 |
|
Vulnerability in java (CVE-2025-7424)
vulnerability in java (CVE-2025-7424). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2025-61748 |
|
Vulnerability in java (CVE-2025-61748)
vulnerability in java (CVE-2025-61748). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `21.0.9, 25.0.1` or later.
|
| CVE-2025-6052 |
|
Vulnerability in java (CVE-2025-6052)
vulnerability in java (CVE-2025-6052). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2025-53066 |
|
Information Disclosure in java (CVE-2025-53066)
vulnerability in java (CVE-2025-53066). Confidential information can be exposed externally. Mitigation: upgrade to `1.8.0, 8.0.471, 11.0.29, 17.0.17, 21.0.9, 25.0.1` or later.
|
| CVE-2025-53057 |
|
Vulnerability in java (CVE-2025-53057)
vulnerability in java (CVE-2025-53057). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.0, 8.0.471, 11.0.29, 17.0.17, 21.0.9, 25.0.1` or later.
|
| CVE-2025-50106 |
|
Vulnerability in java (CVE-2025-50106)
vulnerability in java (CVE-2025-50106). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.8.0, 8.0.461, 11.0.28, 17.0.16, 21.0.8, 24.0.2` or later.
|
| CVE-2025-50059 |
|
Vulnerability in java (CVE-2025-50059)
vulnerability in java (CVE-2025-50059). Confidential information can be exposed externally. Mitigation: upgrade to `11.0.28, 17.0.16, 21.0.8, 24.0.2` or later.
|
| CVE-2025-47219 |
|
Out-of-Bounds Read in java (CVE-2025-47219)
vulnerability in java (CVE-2025-47219). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2025-43457 |
|
Use-After-Free in java (CVE-2025-43457)
vulnerability in java (CVE-2025-43457). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.491` or later.
|
| CVE-2025-32415 |
|
Vulnerability in java (CVE-2025-32415)
vulnerability in java (CVE-2025-32415). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.461` or later.
|