Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56278 |
|
Vulnerability in express (CVE-2026-56278)
vulnerability in express (CVE-2026-56278). Confidential information can be exposed externally.
|
| CVE-2026-6556 |
|
Vulnerability in express (CVE-2026-6556)
vulnerability in express (CVE-2026-6556). Confidential information can be exposed externally.
|
| CVE-2026-53929 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-53929)
cross-site scripting in nocodb (CVE-2026-53929). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseContentDisposition``.
|
| CVE-2026-2381 |
|
Vulnerability in wordpress (CVE-2026-2381)
vulnerability in wordpress (CVE-2026-2381). Risk of unauthorized operations or information disclosure. Exploitable via ``wc_stripe_pay_for_order``.
|
| CVE-2026-48714 |
|
Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
|
| CVE-2026-50008 |
|
Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
|
| CVE-2026-8893 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8893)
cross-site scripting in wordpress (CVE-2026-8893). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9618 |
|
Cross-Site Request Forgery (CSRF) in csharp (CVE-2026-9618)
vulnerability in csharp (CVE-2026-9618). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8415 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-7881 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-7881)
vulnerability in concrete5/concrete5 (CVE-2026-7881). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-37281 |
|
OS Command Injection in express (CVE-2026-37281)
OS command injection in express (CVE-2026-37281). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8723 |
|
Vulnerability in qs (CVE-2026-8723)
vulnerability in qs (CVE-2026-8723). Risk of unauthorized operations or information disclosure. Exploitable via ``qs.stringify``. Mitigation: upgrade to `0c180a4` or later.
|
| CVE-2026-41893 |
|
Vulnerability in signalk-server (CVE-2026-41893)
vulnerability in signalk-server (CVE-2026-41893). Data can be tampered with by attackers. Exploitable via `POST /login`. Mitigation: upgrade to `2.25.0` or later.
|
| CVE-2026-42353 |
|
Path Traversal in i18next-http-middleware (CVE-2026-42353)
path traversal in i18next-http-middleware (CVE-2026-42353). Confidential information can be exposed externally. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41690 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41690)
vulnerability in i18next-http-middleware (CVE-2026-41690). Data can be tampered with by attackers. Exploitable via `GET /locales/resources.json`. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41683 |
|
Vulnerability in i18next-http-middleware (CVE-2026-41683)
vulnerability in i18next-http-middleware (CVE-2026-41683). Data can be tampered with by attackers. Exploitable via ``i18next``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-41423 |
|
SSRF (Server-Side Request Forgery) in @angular/platform-server (CVE-2026-41423)
SSRF in @angular/platform-server (CVE-2026-41423). Risk of unauthorized operations or information disclosure. Exploitable via ``evil.com``.
|
| CVE-2026-42047 |
|
Information Disclosure in inngest (CVE-2026-42047)
vulnerability in inngest (CVE-2026-42047). Confidential information can be exposed externally. Exploitable via ``GET``. Mitigation: upgrade to `3.54.0` or later.
|
| CVE-2026-33808 |
|
Vulnerability in @fastify/express (CVE-2026-33808)
vulnerability in @fastify/express (CVE-2026-33808). Confidential information can be exposed externally. Exploitable via `GET //admin/dashboard`. Mitigation: upgrade to `4.0.3` or later.
|
| CVE-2026-33807 |
|
Vulnerability in express (CVE-2026-33807)
vulnerability in express (CVE-2026-33807). Confidential information can be exposed externally.
|
| CVE-2026-23448 |
|
Vulnerability in express (CVE-2026-23448)
vulnerability in express (CVE-2026-23448). Successful exploitation can lead to full system takeover.
|
| CVE-2017-1484 |
|
Information Disclosure in express (CVE-2017-1484)
vulnerability in express (CVE-2017-1484). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12273 |
|
Vulnerability in express (CVE-2017-12273)
vulnerability in express (CVE-2017-12273). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12274 |
|
Vulnerability in express (CVE-2017-12274)
vulnerability in express (CVE-2017-12274). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12261 |
|
Vulnerability in express (CVE-2017-12261)
vulnerability in express (CVE-2017-12261). Successful exploitation can lead to full system takeover.
|
| CVE-2017-14358 |
|
Open Redirect in express (CVE-2017-14358)
vulnerability in express (CVE-2017-14358). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14357 |
|
Cross-Site Scripting (XSS) in express (CVE-2017-14357)
cross-site scripting in express (CVE-2017-14357). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14356 |
|
SQL Injection in express (CVE-2017-14356)
SQL injection in express (CVE-2017-14356). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12288 |
|
Cross-Site Scripting (XSS) in express (CVE-2017-12288)
cross-site scripting in express (CVE-2017-12288). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-10619 |
|
Vulnerability in express (CVE-2017-10619)
vulnerability in express (CVE-2017-10619). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13988 |
|
Vulnerability in express (CVE-2017-13988)
vulnerability in express (CVE-2017-13988). Data can be tampered with by attackers.
|
| CVE-2017-13987 |
|
Vulnerability in express (CVE-2017-13987)
vulnerability in express (CVE-2017-13987). Confidential information can be exposed externally.
|
| CVE-2017-13986 |
|
Cross-Site Scripting (XSS) in express (CVE-2017-13986)
cross-site scripting in express (CVE-2017-13986). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13991 |
|
Information Disclosure in express (CVE-2017-13991)
vulnerability in express (CVE-2017-13991). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13990 |
|
Information Disclosure in express (CVE-2017-13990)
vulnerability in express (CVE-2017-13990). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-13989 |
|
Vulnerability in express (CVE-2017-13989)
vulnerability in express (CVE-2017-13989). Confidential information can be exposed externally.
|
| CVE-2015-4085 |
|
Path Traversal in express (CVE-2015-4085)
path traversal in express (CVE-2015-4085). Confidential information can be exposed externally.
|
| CVE-2015-0101 |
|
Cross-Site Scripting (XSS) in express (CVE-2015-0101)
cross-site scripting in express (CVE-2015-0101). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-6393 |
|
Cross-Site Scripting (XSS) in express (CVE-2014-6393)
cross-site scripting in express (CVE-2014-6393). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8691 |
|
Buffer Overflow in express (CVE-2017-8691)
vulnerability in express (CVE-2017-8691). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6747 |
|
Authentication Bypass in express (CVE-2017-6747)
authentication bypass in express (CVE-2017-6747). Successful exploitation can lead to full system takeover.
|
| CVE-2017-1398 |
|
Open Redirect in express (CVE-2017-1398)
vulnerability in express (CVE-2017-1398). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-6722 |
|
Authentication Bypass in express (CVE-2017-6722)
authentication bypass in express (CVE-2017-6722). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-5401 |
|
Vulnerability in express (CVE-2015-5401)
vulnerability in express (CVE-2015-5401). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-3873 |
|
Vulnerability in express (CVE-2017-3873)
vulnerability in express (CVE-2017-3873). Successful exploitation can lead to full system takeover.
|
| CVE-2017-6624 |
|
Vulnerability in express (CVE-2017-6624)
vulnerability in express (CVE-2017-6624). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-1170 |
|
Vulnerability in express (CVE-2017-1170)
vulnerability in express (CVE-2017-1170). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-9197 |
|
Vulnerability in express (CVE-2016-9197)
vulnerability in express (CVE-2016-9197). Successful exploitation can lead to full system takeover.
|
| CVE-2017-3834 |
|
Vulnerability in express (CVE-2017-3834)
vulnerability in express (CVE-2017-3834). Successful exploitation can lead to full system takeover.
|
| CVE-2017-3831 |
|
Vulnerability in express (CVE-2017-3831)
vulnerability in express (CVE-2017-3831). Successful exploitation can lead to full system takeover.
|