Filter and search through 392,598 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-21877 | ### Impact n8n is affected by an authenticated Remote Code Execution (RCE) vulnerability. Under certain conditions, an authenticated user may be able... | 9.9 | 815 | Neutral | Yes |
| Yes |
| CVE-2026-21876 | The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 a... | 9.3 | 677 | Neutral | Yes | Yes |
| CVE-2026-21875 | ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add... | 9.8 | 588 | Neutral | No | Yes |
| CVE-2026-21874 | ### Summary An unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI application using ... | 5.3 | 124 | Neutral | No | Yes |
| CVE-2026-21873 | ### Summary An unsafe implementation in the `pushstate` event listener used by `ui.sub_pages` allows an attacker to manipulate the fragment identifie... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-21872 | ### Summary An unsafe implementation in the `click` event listener used by `ui.sub_pages`, combined with attacker-controlled link rendering on the pa... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-21871 | ### Summary XSS risk exists in NiceGUI when developers pass attacker-controlled strings into `ui.navigate.history.push()` or `ui.navigate.history.repl... | 6.1 | 272 | Neutral | No | Yes |
| CVE-2026-21869 | llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input i... | 8.8 | 545 | Neutral | No | Yes |
| CVE-2026-21868 | Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and below have a Regular Expression Denial of Service (ReDoS) vulnerability in the use... | 7.5 | 386 | Neutral | No | Yes |
| CVE-2026-21867 | Rejected reason: Reason: This candidate was issued in error. | 0.0 | 0 | Neutral | No | No |
| CVE-2026-21865 | No description available | 0.0 | 0 | Neutral | No | No |
| CVE-2026-21860 | Werkzeug's `safe_join` function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are spe... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-21859 | ## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in Mailpit's `/proxy` endpoint that allows attackers to make requests to interna... | 5.8 | 378 | Neutral | Yes | Yes |
| CVE-2026-21858 | ### Impact A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows. A vul... | 10.0 | 779 | Rising | Yes | Yes |
| CVE-2026-21857 | ### Summary Authenticated users with backup permissions can read arbitrary files within the webroot via path traversal in the Backup addon's file expo... | 6.5 | 321 | Neutral | No | Yes |
| CVE-2026-21856 | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL inj... | 7.2 | 322 | Neutral | No | No |
| CVE-2026-21855 | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in th... | 9.3 | 577 | Neutral | No | No |
| CVE-2026-21854 | The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoi... | 9.8 | 596 | Neutral | No | No |
| CVE-2026-21852 | A vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before users confirm... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-21851 | ## Summary A **Path Traversal (Zip Slip)** vulnerability exists in MONAI's `_download_from_ngc_private()` function. The function uses `zipfile.ZipFil... | 5.3 | 240 | Neutral | No | Yes |