Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

KEV

Categories

All 🌐 Web Application 🧭 Browser 🖥️ Operating System 📱 Mobile 🛰️ Network Infrastructure ☁️ Cloud / Container 📝 CMS / Site Builder 🗄️ Database / Storage 🔐 Auth / Identity 🔑 Cryptography 🛠️ DevOps / CI-CD 🤖 AI / ML 🔌 IoT / Embedded 🧩 Hardware / Firmware 🏢 Enterprise SaaS 🧰 Developer Tooling ☠️ Malicious Package 📦 Other

Tag groups

All 💬 Programming Languages 22 🧱 Web Frameworks 29 📱 Mobile Platforms 6 🤖 AI/ML Frameworks 11 🖥️ Web Servers 9 🗄️ Databases 13 📝 CMS 9 ☁️ Cloud Platforms 11 📦 Container Tech 12 🖥️ Operating Systems 15 ⚔️ Attack Types 25 🧬 CWE 185 🏢 Vendors 581 📦 Products 666 🌳 Package Ecosystems 24 🛠️ DevOps Tools 17 📡 Protocols 15

Popular tags (Top 40)

Rootio Linux419 Microsoft386 C237 Java183 Jre178 Java Min178 Bitnami178 Windows177 Rootdebian11175 Rootdebian12151 Linux130 Cwe 20125 Cwe 78120 Linux Kernel106 Cwe 787105 Apple99 Cwe 41699 Cwe 2296 Rootdebian1393 Cwe 11990 Cisco89 Denial of Service85 Cwe 9484 Multiple Products79 Adobe78 Google77 Cwe 50270 Cwe 7966 Cwe 8954 Apache47 Cwe 91844 Cwe 28443 Oracle42 Cwe 28741 JavaScript41 PHP41 Cwe 7740 Chromium V838 Cwe 30638 Cwe 84337

Filtering: Group: attack-types Clear

ID	Title	Severity	Tags	Detected
CVE-2026-44128	Vulnerability in CVE-2026-44128 (CVE-2026-44128) vulnerability in CVE-2026-44128 (CVE-2026-44128). Risk of unauthorized operations or information disclosure.		Remote Code Execution Cwe 95	1 day ago
CVE-2026-41512	Code Injection in gem (CVE-2026-41512) code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.	Critical	JavaScript Remote Code Execution Cwe 94 Gem +13	1 day ago
CVE-2026-41507	Code Injection in remote (CVE-2026-41507) code injection in remote (CVE-2026-41507). Successful exploitation can lead to full system takeover.	Critical	Remote Code Execution Cwe 94 Remote Unsanitized Input +11	1 day ago
CVE-2026-41497	Command Injection in praison (CVE-2026-41497) command injection in praison (CVE-2026-41497). Successful exploitation can lead to full system takeover. Exploitable via ``bash``. Mitigation: upgrade to `>= 4.6.9` or later.	Critical	Python Cwe 77 Cwe 78 Praison +11	1 day ago
CVE-2026-41423	SSRF (Server-Side Request Forgery) in express (CVE-2026-41423) SSRF in express (CVE-2026-41423). Risk of unauthorized operations or information disclosure.		JavaScript Express Angular Server-Side Request Forgery +1	1 day ago
CVE-2026-41491	Path Traversal in path-traversal (CVE-2026-41491) path traversal in path-traversal (CVE-2026-41491). Confidential information can be exposed externally.	High	Path Traversal Cwe 22 Cwe 284	1 day ago
CVE-2026-41493	Path Traversal in path-traversal (CVE-2026-41493) path traversal in path-traversal (CVE-2026-41493). Risk of unauthorized operations or information disclosure.		Ruby Path Traversal Cwe 22	1 day ago
CVE-2026-25199	Information Disclosure in apache (CVE-2026-25199) vulnerability in apache (CVE-2026-25199). Confidential information can be exposed externally.	Critical	Apache Cwe 200 Cloudstack Authentication Bypass +10	1 day ago
CVE-2026-25077	Code Injection in apache (CVE-2026-25077) code injection in apache (CVE-2026-25077). Risk of unauthorized operations or information disclosure.	Medium	Apache Denial of Service Cwe 94 Cloudstack	1 day ago
CVE-2025-69233	Vulnerability in apache (CVE-2025-69233) vulnerability in apache (CVE-2025-69233). Risk of unauthorized operations or information disclosure.	Medium	Apache Denial of Service Cwe 367 Cwe 770 +1	1 day ago
CVE-2022-50994	OS Command Injection in CVE-2022-50994 (CVE-2022-50994) OS command injection in CVE-2022-50994 (CVE-2022-50994). Successful exploitation can lead to full system takeover.	High	Remote Code Execution Cwe 78	1 day ago
CVE-2026-8153	OS Command Injection in iot-embedded (CVE-2026-8153) OS command injection in iot-embedded (CVE-2026-8153). Successful exploitation can lead to full system takeover.	Critical	Cwe 78 Os Network Iot Embedded +8	1 day ago
CVE-2026-7475	Cross-Site Scripting (XSS) in wordpress (CVE-2026-7475) cross-site scripting in wordpress (CVE-2026-7475). Risk of unauthorized operations or information disclosure. Exploitable via ``sky_script_content``.	Medium	WordPress Cross-Site Scripting Cwe 79	1 day ago
CVE-2026-7650	Cross-Site Scripting (XSS) in wordpress (CVE-2026-7650) cross-site scripting in wordpress (CVE-2026-7650). Risk of unauthorized operations or information disclosure.	Medium	WordPress Cross-Site Scripting Cwe 79	1 day ago
CVE-2026-5341	Cross-Site Scripting (XSS) in wordpress (CVE-2026-5341) cross-site scripting in wordpress (CVE-2026-5341). Risk of unauthorized operations or information disclosure. Exploitable via ``strava_nmr_connect``.	Medium	WordPress Cross-Site Scripting Cwe 79	1 day ago
CVE-2026-7330	Cross-Site Scripting (XSS) in wordpress (CVE-2026-7330) cross-site scripting in wordpress (CVE-2026-7330). Risk of unauthorized operations or information disclosure.	High	WordPress Cross-Site Scripting Cwe 79	1 day ago
CVE-2026-5127	Unsafe Deserialization in wordpress (CVE-2026-5127) vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.	High	PHP WordPress Insecure Deserialization Cwe 502	1 day ago
CVE-2013-10075	Vulnerability in apache (CVE-2013-10075) vulnerability in apache (CVE-2013-10075). Confidential information can be exposed externally.	Critical	Apache Cwe 672 Chorny Perl +12	1 day ago
CVE-2026-8069	Path Traversal in privilege-escalation (CVE-2026-8069) path traversal in privilege-escalation (CVE-2026-8069). Risk of unauthorized operations or information disclosure.		Privilege Escalation Cwe 22 Cwe 269 Cwe 284 +1	1 day ago
CVE-2026-4935	SQL Injection in wordpress (CVE-2026-4935) SQL injection in wordpress (CVE-2026-4935). Confidential information can be exposed externally.	High	WordPress SQL Injection Cwe 89	1 day ago
CVE-2025-69691	Vulnerability in pfsense (CVE-2025-69691) vulnerability in pfsense (CVE-2025-69691). Successful exploitation can lead to full system takeover.	Critical	PHP Cwe 284 Cwe 915 Pfsense +6	1 day ago
CVE-2025-69690	Unsafe Deserialization in deserialization (CVE-2025-69690) vulnerability in deserialization (CVE-2025-69690). Successful exploitation can lead to full system takeover.	Critical	PHP Cwe 502 Cwe 915 Remote Code Execution +13	1 day ago
CVE-2025-67887	Vulnerability in CVE-2025-67887 (CVE-2025-67887) vulnerability in CVE-2025-67887 (CVE-2025-67887). Risk of unauthorized operations or information disclosure.		PHP Remote Code Execution	1 day ago
CVE-2025-67886	Unrestricted File Upload in CVE-2025-67886 (CVE-2025-67886) vulnerability in CVE-2025-67886 (CVE-2025-67886). Risk of unauthorized operations or information disclosure.	Medium	PHP Remote Code Execution Cwe 434	1 day ago
CVE-2023-46453	SQL Injection in network-device (CVE-2023-46453) SQL injection in network-device (CVE-2023-46453). Successful exploitation can lead to full system takeover.	Critical	Authentication Bypass Cwe 89 Sql Injection Network Device +11	1 day ago
CVE-2024-51092	OS Command Injection in command-injection (CVE-2024-51092) OS command injection in command-injection (CVE-2024-51092). Confidential information can be exposed externally. Exploitable via ``version_netsnmp``.	Critical	PHP Cwe 78 Authentication Bypass Command Injection +11	1 day ago
CVE-2024-53326	Unsafe Deserialization in deserialization (CVE-2024-53326) vulnerability in deserialization (CVE-2024-53326). Successful exploitation can lead to full system takeover.	High	Insecure Deserialization Cwe 502	1 day ago
CVE-2024-33724	Cross-Site Scripting (XSS) in CVE-2024-33724 (CVE-2024-33724) cross-site scripting in CVE-2024-33724 (CVE-2024-33724). Risk of unauthorized operations or information disclosure.	Medium	PHP Cross-Site Scripting Cwe 79	1 day ago
CVE-2024-33288	SQL Injection in sqli (CVE-2024-33288) SQL injection in sqli (CVE-2024-33288). Risk of unauthorized operations or information disclosure.	High	PHP SQL Injection Cwe 89	1 day ago
CVE-2024-33722	SQL Injection in sqli (CVE-2024-33722) SQL injection in sqli (CVE-2024-33722). Risk of unauthorized operations or information disclosure.	Medium	PHP SQL Injection Cwe 89	1 day ago
CVE-2024-27686	Vulnerability in dos (CVE-2024-27686) vulnerability in dos (CVE-2024-27686). Risk of unauthorized operations or information disclosure.	High	Denial of Service Cwe 400	1 day ago
CVE-2023-42343	Cross-Site Scripting (XSS) in CVE-2023-42343 (CVE-2023-42343) cross-site scripting in CVE-2023-42343 (CVE-2023-42343). Risk of unauthorized operations or information disclosure.	Medium	Cross-Site Scripting Cwe 79	1 day ago
CVE-2023-42345	Cross-Site Scripting (XSS) in CVE-2023-42345 (CVE-2023-42345) cross-site scripting in CVE-2023-42345 (CVE-2023-42345). Risk of unauthorized operations or information disclosure.	Medium	Cross-Site Scripting Cwe 79	1 day ago
CVE-2022-26523	Vulnerability in dos (CVE-2022-26523) vulnerability in dos (CVE-2022-26523). Risk of unauthorized operations or information disclosure.	Medium	Denial of Service Cwe 400	1 day ago
CVE-2022-23961	Cross-Site Scripting (XSS) in CVE-2022-23961 (CVE-2022-23961) cross-site scripting in CVE-2022-23961 (CVE-2022-23961). Risk of unauthorized operations or information disclosure.	Medium	Cross-Site Scripting Cwe 79	1 day ago
CVE-2022-26522	Vulnerability in dos (CVE-2022-26522) vulnerability in dos (CVE-2022-26522). Successful exploitation can lead to full system takeover.	High	Denial of Service Cwe 367	1 day ago
CVE-2026-8136	Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136) cross-site scripting in CVE-2026-8136 (CVE-2026-8136). Risk of unauthorized operations or information disclosure.	Low	PHP Cross-Site Scripting Cwe 79 Cwe 94	1 day ago
CVE-2026-8133	Vulnerability in sqli (CVE-2026-8133) vulnerability in sqli (CVE-2026-8133). Risk of unauthorized operations or information disclosure.	High	PHP SQL Injection Cwe 74 Cwe 89	1 day ago
CVE-2026-8132	Vulnerability in sqli (CVE-2026-8132) vulnerability in sqli (CVE-2026-8132). Risk of unauthorized operations or information disclosure.	High	PHP SQL Injection Cwe 74 Cwe 89	1 day ago
CVE-2026-43944	Vulnerability in electerm (CVE-2026-43944) vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.	Critical	Cwe 20 Cwe 94 Cwe 829 Electerm Project +13	1 day ago
CVE-2026-8129	Vulnerability in sqli (CVE-2026-8129) vulnerability in sqli (CVE-2026-8129). Risk of unauthorized operations or information disclosure.	High	PHP SQL Injection Cwe 74 Cwe 89	1 day ago
CVE-2026-8130	Vulnerability in sqli (CVE-2026-8130) vulnerability in sqli (CVE-2026-8130). Risk of unauthorized operations or information disclosure.	High	PHP SQL Injection Cwe 74 Cwe 89	1 day ago
CVE-2026-8131	Vulnerability in sqli (CVE-2026-8131) vulnerability in sqli (CVE-2026-8131). Risk of unauthorized operations or information disclosure.	High	PHP SQL Injection Cwe 74 Cwe 89	1 day ago
CVE-2026-43943	OS Command Injection in electerm (CVE-2026-43943) OS command injection in electerm (CVE-2026-43943). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.9` or later.	High	Remote Code Execution Cwe 78 Cwe 88 Electerm Project +1	1 day ago
CVE-2026-43940	Path Traversal in electerm (CVE-2026-43940) path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.	High	JavaScript Path Traversal Cwe 22 Cwe 829 +2	1 day ago
CVE-2026-43941	Vulnerability in electerm (CVE-2026-43941) vulnerability in electerm (CVE-2026-43941). Successful exploitation can lead to full system takeover. Exploitable via ``shell.openExternal``.	Critical	Cwe 88 Cwe 601 Electerm Project Electerm +5	1 day ago
CVE-2026-42275	Path Traversal in path-traversal (CVE-2026-42275) path traversal in path-traversal (CVE-2026-42275). Confidential information can be exposed externally.	High	Path Traversal Cwe 22 Cwe 61 Netfoundry +1	1 day ago
CVE-2026-42261	Vulnerability in ssrf (CVE-2026-42261) vulnerability in ssrf (CVE-2026-42261). Confidential information can be exposed externally. Exploitable via `POST /api/skills/fetch-remote`.	High	Server-Side Request Forgery Cwe 20 Cwe 693 Cwe 918	1 day ago
CVE-2026-42150	Cross-Site Scripting (XSS) in CVE-2026-42150 (CVE-2026-42150) cross-site scripting in CVE-2026-42150 (CVE-2026-42150). Risk of unauthorized operations or information disclosure.	Medium	Cross-Site Scripting Cwe 79	1 day ago
CVE-2026-41900	OS Command Injection in CVE-2026-41900 (CVE-2026-41900) OS command injection in CVE-2026-41900 (CVE-2026-41900). Successful exploitation can lead to full system takeover.	High	Remote Code Execution Cwe 78 Cwe 94 Cwe 250 +2	1 day ago

Vulnerabilities

🍪 About cookies