Export limit exceeded: 349503 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (2 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-44313 1 Linkwarden 1 Linkwarden 2026-05-10 9.1 Critical
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for "http://" or "https://" prefixes. This issue has been patched in version 2.13.0.
CVE-2026-42455 1 Linkwarden 1 Linkwarden 2026-05-10 N/A
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text/html) without sanitizing JavaScript content. When the archive is later accessed via GET /api/v1/archives/[linkId]?format=4, the HTML is served with Content-Type: text/html from the Linkwarden origin, without any Content-Security-Policy header. This allows arbitrary JavaScript execution in the context of the authenticated Linkwarden sessio. At time of publication, there are no publicly available patches.