Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11776 |
|
SQL Injection in wordpress (CVE-2026-11776)
SQL injection in wordpress (CVE-2026-11776). Confidential information can be exposed externally.
|
| CVE-2026-11777 |
|
SQL Injection in wordpress (CVE-2026-11777)
SQL injection in wordpress (CVE-2026-11777). Confidential information can be exposed externally.
|
| CVE-2026-11360 |
|
SQL Injection in wordpress (CVE-2026-11360)
SQL injection in wordpress (CVE-2026-11360). Confidential information can be exposed externally.
|
| CVE-2026-55740 |
|
SQL Injection in sqli (CVE-2026-55740)
SQL injection in sqli (CVE-2026-55740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10736 |
|
SQL Injection in wordpress (CVE-2026-10736)
SQL injection in wordpress (CVE-2026-10736). Confidential information can be exposed externally.
|
| CVE-2026-12569 KEV |
|
[KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-48764 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-48764)
SSRF in ssrf (CVE-2026-48764). Confidential information can be exposed externally.
|
| CVE-2026-48768 |
|
Path Traversal in CVE-2026-48768 (CVE-2026-48768)
path traversal in CVE-2026-48768 (CVE-2026-48768). Data can be tampered with by attackers. Exploitable via `POST /api/blocks/file-input/v3/generate-upload-url`.
|
| CVE-2026-54386 |
|
Cross-Site Scripting (XSS) in marimo (CVE-2026-54386)
cross-site scripting in marimo (CVE-2026-54386). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.9` or later.
|
| CVE-2026-50196 |
|
Vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196)
vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196). Risk of unauthorized operations or information disclosure. Exploitable via ``DataCenterInfo.FromJson``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-55199 |
|
Vulnerability in c (CVE-2026-55199)
vulnerability in c (CVE-2026-55199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55201 |
|
Path Traversal in path-traversal (CVE-2026-55201)
path traversal in path-traversal (CVE-2026-55201). Confidential information can be exposed externally.
|
| CVE-2026-49133 |
|
Path Traversal in path-traversal (CVE-2026-49133)
path traversal in path-traversal (CVE-2026-49133). Confidential information can be exposed externally.
|
| CVE-2026-55200 |
|
Vulnerability in libssh2 (CVE-2026-55200)
vulnerability in libssh2 (CVE-2026-55200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55196 |
|
Vulnerability in CVE-2026-55196 (CVE-2026-55196)
vulnerability in CVE-2026-55196 (CVE-2026-55196). Confidential information can be exposed externally. Exploitable via `POST /api/auth/passkey/register/options`.
|
| CVE-2026-48821 |
|
Cross-Site Scripting (XSS) in privilege-escalation (CVE-2026-48821)
cross-site scripting in privilege-escalation (CVE-2026-48821). Confidential information can be exposed externally.
|
| CVE-2026-48822 |
|
Cross-Site Scripting (XSS) in CVE-2026-48822 (CVE-2026-48822)
cross-site scripting in CVE-2026-48822 (CVE-2026-48822). Confidential information can be exposed externally.
|
| CVE-2026-48823 |
|
Cross-Site Scripting (XSS) in CVE-2026-48823 (CVE-2026-48823)
cross-site scripting in CVE-2026-48823 (CVE-2026-48823). Confidential information can be exposed externally.
|
| CVE-2026-48814 |
|
Vulnerability in network-ai (CVE-2026-48814)
vulnerability in network-ai (CVE-2026-48814). Confidential information can be exposed externally. Exploitable via `POST /mcp`. Mitigation: upgrade to `5.7.2` or later.
|
| CVE-2026-55471 |
|
XXE (XML External Entity) in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471). Risk of unauthorized operations or information disclosure. Exploitable via `GET /evil-fhir-xslt-ssrf.dtd`. Mitigation: upgrade to `6.9.10` or later.
|
| CVE-2026-55760 |
|
Path Traversal in com.github.jknack:handlebars (CVE-2026-55760)
path traversal in com.github.jknack:handlebars (CVE-2026-55760). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.2` or later.
|
| CVE-2026-55409 |
|
Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
|
| CVE-2026-48591 |
|
Vulnerability in earmark (CVE-2026-48591)
vulnerability in earmark (CVE-2026-48591). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53805 |
|
Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39199 |
|
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.
|
| CVE-2026-53874 |
|
Unsafe Deserialization in picklescan (CVE-2026-53874)
vulnerability in picklescan (CVE-2026-53874). Successful exploitation can lead to full system takeover. Exploitable via ``eval``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-35069 |
|
SQL Injection in sqli (CVE-2026-35069)
SQL injection in sqli (CVE-2026-35069). Confidential information can be exposed externally.
|
| CVE-2026-35068 |
|
SQL Injection in sqli (CVE-2026-35068)
SQL injection in sqli (CVE-2026-35068). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3490 |
|
Vulnerability in picklescan (CVE-2026-3490)
vulnerability in picklescan (CVE-2026-3490). Successful exploitation can lead to full system takeover. Exploitable via ``pkgutil.resolve_name``. Mitigation: upgrade to `1.0.4` or later.
|
| CVE-2026-53872 |
|
Path Traversal in picklescan (CVE-2026-53872)
path traversal in picklescan (CVE-2026-53872). Confidential information can be exposed externally. Exploitable via ``picklescan``. Mitigation: upgrade to `0.0.35` or later.
|
| CVE-2026-36418 |
|
Code Injection in CVE-2026-36418 (CVE-2026-36418)
code injection in CVE-2026-36418 (CVE-2026-36418). Confidential information can be exposed externally.
|
| CVE-2026-54812 |
|
SQL Injection in sqli (CVE-2026-54812)
SQL injection in sqli (CVE-2026-54812). Confidential information can be exposed externally.
|
| CVE-2025-71321 |
|
Unsafe Deserialization in picklescan (CVE-2025-71321)
vulnerability in picklescan (CVE-2025-71321). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-55743 |
|
OS Command Injection in CVE-2026-55743 (CVE-2026-55743)
OS command injection in CVE-2026-55743 (CVE-2026-55743). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71323 |
|
Vulnerability in picklescan (CVE-2025-71323)
vulnerability in picklescan (CVE-2025-71323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-35065 |
|
Vulnerability in dos (CVE-2026-35065)
vulnerability in dos (CVE-2026-35065). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35162 |
|
Vulnerability in dos (CVE-2026-35162)
vulnerability in dos (CVE-2026-35162). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48142 |
|
Out-of-Bounds Read in nginx (CVE-2026-48142)
vulnerability in nginx (CVE-2026-48142). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42055 |
|
Vulnerability in nginx (CVE-2026-42055)
vulnerability in nginx (CVE-2026-42055). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35066 |
|
Vulnerability in dos (CVE-2026-35066)
vulnerability in dos (CVE-2026-35066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54417 |
|
Vulnerability in c (CVE-2026-54417)
vulnerability in c (CVE-2026-54417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55738 |
|
Vulnerability in c (CVE-2026-55738)
vulnerability in c (CVE-2026-55738). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9591 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-9591)
vulnerability in csrf (CVE-2026-9591). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54819 |
|
SQL Injection in sqli (CVE-2026-54819)
SQL injection in sqli (CVE-2026-54819). Confidential information can be exposed externally.
|
| CVE-2026-54809 |
|
SQL Injection in sqli (CVE-2026-54809)
SQL injection in sqli (CVE-2026-54809). Confidential information can be exposed externally.
|
| CVE-2026-54818 |
|
SQL Injection in sqli (CVE-2026-54818)
SQL injection in sqli (CVE-2026-54818). Confidential information can be exposed externally.
|
| CVE-2026-54808 |
|
SQL Injection in sqli (CVE-2026-54808)
SQL injection in sqli (CVE-2026-54808). Confidential information can be exposed externally.
|
| CVE-2026-54813 |
|
SQL Injection in sqli (CVE-2026-54813)
SQL injection in sqli (CVE-2026-54813). Confidential information can be exposed externally.
|