Filter and search through 392,438 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-22836 | Rejected reason: Not used | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-22835 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22834 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22833 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22832 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22831 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22830 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22829 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |
| CVE-2026-22822 | ### Summary The `getSecretKey` template function, while introduced for senhasegura Devops Secrets Management (DSM) provider, has the ability to fetch... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22820 | ### Summary A TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. ### Details ... | 3.7 | 102 | Neutral | No | Yes |
| CVE-2026-22819 | ### Summary This vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanism... | 3.1 | 94 | Neutral | No | Yes |
| CVE-2026-22818 | ## Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the algorithm specified in the JWT header to influence signature verificatio... | 6.5 | 216 | Neutral | No | Yes |
| CVE-2026-22817 | ## Summary A flaw in Hono’s JWK/JWKS JWT verification middleware allowed the JWT header’s `alg` value to influence signature verification when the se... | 6.5 | 216 | Neutral | No | Yes |
| CVE-2026-22816 | Gradle is a build automation tool, and its native-platform tool provides Java bindings for native APIs. When resolving dependencies in versions before... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22814 | ### Summary **Description** A Mass Assignment (CWE-915) vulnerability in AdonisJS Lucid may allow a remote attacker who can influence data that is pas... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22813 | ### Summary A malicious website can abuse the server URL override feature of the OpenCode web UI to achieve cross-site scripting on `http://localhost:... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-22812 | *Previously reported via email to [email protected] on 2025-11-17 per the security policy in [opencode-sdk-js/SECURITY.md](https://github.com/sst/openco... | 8.8 | 775 | Rising | Yes | Yes |
| CVE-2026-22809 | ## Summary A potential Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the `issuu_id... | 4.4 | 90 | Neutral | No | Yes |
| CVE-2026-22808 | ### Summary A cross-site scripting (XSS) vulnerability in Fleet’s Windows MDM authentication flow could allow an attacker to compromise a Fleet user ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-22807 | # Summary vLLM loads Hugging Face `auto_map` dynamic modules during model resolution **without gating on `trust_remote_code`**, allowing attacker-con... | 8.8 | 708 | Neutral | No | Yes |