Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-14474 |
|
Vulnerability in CVE-2026-14474 (CVE-2026-14474)
vulnerability in CVE-2026-14474 (CVE-2026-14474). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56285 |
|
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
Nitter's /video media proxy endpoint fails to validate target URLs against Twitter/X domains and...
|
| CVE-2026-46386 |
|
Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55454 |
|
Vulnerability in ssrf (CVE-2026-55454)
vulnerability in ssrf (CVE-2026-55454). Successful exploitation can lead to full system takeover. Exploitable via `POST /load`. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-54158 |
|
Cross-Site Scripting (XSS) in CVE-2026-54158 (CVE-2026-54158)
cross-site scripting in CVE-2026-54158 (CVE-2026-54158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54067 |
|
Cross-Site Scripting (XSS) in CVE-2026-54067 (CVE-2026-54067)
cross-site scripting in CVE-2026-54067 (CVE-2026-54067). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-54066 |
|
Path Traversal in path-traversal (CVE-2026-54066)
path traversal in path-traversal (CVE-2026-54066). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-48509 |
|
Vulnerability in MessagePack (CVE-2026-48509)
vulnerability in MessagePack (CVE-2026-48509). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializerOptions.Standard``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48502 |
|
Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-50519 |
|
Vulnerability in microsoft (CVE-2026-50519)
vulnerability in microsoft (CVE-2026-50519). Confidential information can be exposed externally.
|
| CVE-2026-20265 |
|
Vulnerability in splunk (CVE-2026-20265)
vulnerability in splunk (CVE-2026-20265). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0134 |
|
Vulnerability in cpp (CVE-2026-0134)
vulnerability in cpp (CVE-2026-0134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9262 |
|
Vulnerability in canon (CVE-2026-9262)
vulnerability in canon (CVE-2026-9262). Confidential information can be exposed externally.
|
| CVE-2026-54359 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-54359 (CVE-2026-54359)
vulnerability in CVE-2026-54359 (CVE-2026-54359). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40994 |
|
Vulnerability in CVE-2026-40994 (CVE-2026-40994)
vulnerability in CVE-2026-40994 (CVE-2026-40994). Data can be tampered with by attackers.
|
| CVE-2026-44892 |
|
Vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-44892). Risk of unauthorized operations or information disclosure. Exploitable via ``Http3ConnectionHandler``. Mitigation: upgrade to `4.2.15.Final` or later.
|
| CVE-2026-36612 |
|
Vulnerability in CVE-2026-36612 (CVE-2026-36612)
vulnerability in CVE-2026-36612 (CVE-2026-36612). Confidential information can be exposed externally.
|
| CVE-2026-36616 |
|
Vulnerability in CVE-2026-36616 (CVE-2026-36616)
vulnerability in CVE-2026-36616 (CVE-2026-36616). Confidential information can be exposed externally.
|
| CVE-2026-44825 |
|
Vulnerability in solr (CVE-2026-44825)
vulnerability in solr (CVE-2026-44825). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.0.0` or later.
|
| CVE-2026-9039 |
|
Vulnerability in CVE-2026-9039 (CVE-2026-9039)
vulnerability in CVE-2026-9039 (CVE-2026-9039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24197 |
|
Vulnerability in dos (CVE-2026-24197)
vulnerability in dos (CVE-2026-24197). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46517 |
|
Code Injection in lmdeploy (CVE-2026-46517)
code injection in lmdeploy (CVE-2026-46517). Successful exploitation can lead to full system takeover. Exploitable via ``get_model_arch``.
|
| CVE-2026-35672 |
|
Vulnerability in thorsten/phpmyfaq (CVE-2026-35672)
vulnerability in thorsten/phpmyfaq (CVE-2026-35672). Data can be tampered with by attackers. Exploitable via `POST /api/v4.0/faq/create`. Mitigation: upgrade to `4.1.3` or later.
|
| CVE-2026-46430 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-46430)
vulnerability in github.com/xyproto/algernon (CVE-2026-46430). Risk of unauthorized operations or information disclosure. Exploitable via ``http.Server.Addr``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-45728 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45728)
vulnerability in github.com/xyproto/algernon (CVE-2026-45728). Confidential information can be exposed externally. Exploitable via ``singleFileMode``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-33376 |
|
Vulnerability in grafana (CVE-2026-33376)
vulnerability in grafana (CVE-2026-33376). Confidential information can be exposed externally. Mitigation: upgrade to `11.6.14, 12.2.8, 12.3.6, 12.4.3, 13.0.1` or later.
|
| CVE-2026-43892 |
|
Cross-Site Scripting (XSS) in CVE-2026-43892 (CVE-2026-43892)
cross-site scripting in CVE-2026-43892 (CVE-2026-43892). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.16` or later.
|
| CVE-2026-30805 |
|
Vulnerability in artica (CVE-2026-30805)
vulnerability in artica (CVE-2026-30805). Confidential information can be exposed externally.
|
| CVE-2026-6866 |
|
Vulnerability in schneider-electric (CVE-2026-6866)
vulnerability in schneider-electric (CVE-2026-6866). Confidential information can be exposed externally.
|
| CVE-2026-27662 |
|
Vulnerability in CVE-2026-27662 (CVE-2026-27662)
vulnerability in CVE-2026-27662 (CVE-2026-27662). Data can be tampered with by attackers.
|
| CVE-2026-41432 |
|
Vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432)
vulnerability in github.com/QuantumNous/new-api (CVE-2026-41432). Data can be tampered with by attackers. Exploitable via `POST /api/user/pay`. Mitigation: upgrade to `0.12.10` or later.
|
| CVE-2026-44588 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588). Risk of unauthorized operations or information disclosure. Exploitable via ``getAttribute``.
|
| CVE-2026-44670 |
|
Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44670). Risk of unauthorized operations or information disclosure. Exploitable via ``outerHTML``. Mitigation: upgrade to `0.0.0-20260512140701-d7b77d945e0d` or later.
|
| CVE-2026-44338 |
|
Vulnerability in PraisonAI (CVE-2026-44338)
vulnerability in PraisonAI (CVE-2026-44338). Risk of unauthorized operations or information disclosure. Exploitable via `POST /chat`. Mitigation: upgrade to `4.6.34` or later.
|
| CVE-2025-31974 |
|
Vulnerability in hcltech (CVE-2025-31974)
vulnerability in hcltech (CVE-2025-31974). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34780 |
|
Vulnerability in electronjs (CVE-2026-34780)
vulnerability in electronjs (CVE-2026-34780). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34742 |
|
Vulnerability in lfprojects (CVE-2026-34742)
vulnerability in lfprojects (CVE-2026-34742). Confidential information can be exposed externally.
|
| CVE-2026-32305 |
|
Authentication Bypass in traefik (CVE-2026-32305)
authentication bypass in traefik (CVE-2026-32305). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-44647 |
|
Vulnerability in trendnet (CVE-2025-44647)
vulnerability in trendnet (CVE-2025-44647). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-48927 KEV |
|
[KEV] Vulnerability in Telemessage tm-sgnl (CVE-2025-48927)
vulnerability in Telemessage tm-sgnl (CVE-2025-48927). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-27809 |
|
Vulnerability in arm (CVE-2025-27809)
vulnerability in arm (CVE-2025-27809). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-27524 KEV |
|
[KEV] Vulnerability in Apache superset (CVE-2023-27524)
vulnerability in Apache superset (CVE-2023-27524). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6448 KEV |
|
[KEV] Vulnerability in Unitronics vision-plc-and-hmi (CVE-2023-6448)
vulnerability in Unitronics vision-plc-and-hmi (CVE-2023-6448). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24706 KEV |
|
[KEV] Vulnerability in Apache couchdb (CVE-2022-24706)
vulnerability in Apache couchdb (CVE-2022-24706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-13927 KEV |
|
[KEV] Vulnerability in Apache airflows-experimental-api (CVE-2020-13927)
vulnerability in Apache airflows-experimental-api (CVE-2020-13927). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-34203 |
|
Vulnerability in dlink (CVE-2021-34203)
vulnerability in dlink (CVE-2021-34203). Confidential information can be exposed externally.
|
| CVE-2017-12736 |
|
Vulnerability in siemens (CVE-2017-12736)
vulnerability in siemens (CVE-2017-12736). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8039 |
|
Vulnerability in pivotal (CVE-2017-8039)
vulnerability in pivotal (CVE-2017-8039). Data can be tampered with by attackers.
|
| CVE-2017-12739 |
|
Vulnerability in siemens (CVE-2017-12739)
vulnerability in siemens (CVE-2017-12739). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8021 |
|
Vulnerability in dell (CVE-2017-8021)
vulnerability in dell (CVE-2017-8021). Successful exploitation can lead to full system takeover.
|