Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-43633 Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
CVE-2026-42099 Vulnerability in sparxsystems (CVE-2026-42099)
vulnerability in sparxsystems (CVE-2026-42099). Successful exploitation can lead to full system takeover.
CVE-2025-40903 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40903)
cross-site scripting in nozominetworks (CVE-2025-40903). Risk of unauthorized operations or information disclosure.
CVE-2025-40904 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40904)
cross-site scripting in nozominetworks (CVE-2025-40904). Risk of unauthorized operations or information disclosure.
CVE-2025-40900 Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
CVE-2025-40901 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40901)
cross-site scripting in nozominetworks (CVE-2025-40901). Risk of unauthorized operations or information disclosure.
CVE-2025-40902 Cross-Site Scripting (XSS) in nozominetworks (CVE-2025-40902)
cross-site scripting in nozominetworks (CVE-2025-40902). Risk of unauthorized operations or information disclosure.
CVE-2026-8912 SQL Injection in wordpress (CVE-2026-8912)
SQL injection in wordpress (CVE-2026-8912). Confidential information can be exposed externally.
CVE-2026-4883 Unrestricted File Upload in wordpress (CVE-2026-4883)
vulnerability in wordpress (CVE-2026-4883). Successful exploitation can lead to full system takeover.
CVE-2026-7307 Vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307)
vulnerability in org.keycloak:keycloak-saml-core (CVE-2026-7307). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `26.6.2` or later.
CVE-2026-7507 Vulnerability in org.keycloak:keycloak-services (CVE-2026-7507)
vulnerability in org.keycloak:keycloak-services (CVE-2026-7507). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.6.2` or later.
CVE-2026-43492 Vulnerability in dos (CVE-2026-43492)
vulnerability in dos (CVE-2026-43492). Risk of unauthorized operations or information disclosure.
CVE-2026-46725 Unsafe Deserialization in mmc/ceselector (CVE-2026-46725)
vulnerability in mmc/ceselector (CVE-2026-46725). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.3` or later.
CVE-2026-8727 Unsafe Deserialization in tomasnorre/crawler (CVE-2026-8727)
vulnerability in tomasnorre/crawler (CVE-2026-8727). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.13` or later.
CVE-2026-46724 Path Traversal in tpwd/ke_search (CVE-2026-46724)
path traversal in tpwd/ke_search (CVE-2026-46724). Risk of unauthorized operations or information disclosure. Exploitable via ``ke_search``. Mitigation: upgrade to `4.6.7` or later.
CVE-2026-8827 SQL Injection in friendsoftypo3/tt-address (CVE-2026-8827)
SQL injection in friendsoftypo3/tt-address (CVE-2026-8827). Risk of unauthorized operations or information disclosure. Exploitable via ``tt_address``. Mitigation: upgrade to `8.1.2` or later.
CVE-2026-45434 Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.
CVE-2026-31910 SSRF (Server-Side Request Forgery) in apache (CVE-2026-31910)
SSRF in apache (CVE-2026-31910). Confidential information can be exposed externally.
CVE-2026-31379 Path Traversal in apache (CVE-2026-31379)
path traversal in apache (CVE-2026-31379). Risk of unauthorized operations or information disclosure.
CVE-2026-31906 Cross-Site Scripting (XSS) in apache (CVE-2026-31906)
cross-site scripting in apache (CVE-2026-31906). Risk of unauthorized operations or information disclosure.
CVE-2026-29220 Path Traversal in apache (CVE-2026-29220)
path traversal in apache (CVE-2026-29220). Risk of unauthorized operations or information disclosure.
CVE-2026-29226 SSRF (Server-Side Request Forgery) in apache (CVE-2026-29226)
SSRF in apache (CVE-2026-29226). Risk of unauthorized operations or information disclosure.
CVE-2026-4885 Unrestricted File Upload in wordpress (CVE-2026-4885)
vulnerability in wordpress (CVE-2026-4885). Successful exploitation can lead to full system takeover.
CVE-2026-8813 Vulnerability in exifreader (CVE-2026-8813)
vulnerability in exifreader (CVE-2026-8813). Risk of unauthorized operations or information disclosure. Exploitable via ``multiLocalizedUnicodeType``. Mitigation: upgrade to `4.39.0` or later.
CVE-2026-47307 Vulnerability in dos (CVE-2026-47307)
vulnerability in dos (CVE-2026-47307). Risk of unauthorized operations or information disclosure.
CVE-2026-33565 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28751 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-27781 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-25781 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
CVE-2026-25110 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-27648 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
CVE-2026-24792 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre...
CVE-2026-22069 A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
CVE-2026-33234 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-33234)
SSRF in ssrf (CVE-2026-33234). Risk of unauthorized operations or information disclosure.
CVE-2026-33232 Vulnerability in dos (CVE-2026-33232)
vulnerability in dos (CVE-2026-33232). Risk of unauthorized operations or information disclosure.
CVE-2026-33233 Code Injection in deserialization (CVE-2026-33233)
code injection in deserialization (CVE-2026-33233). Successful exploitation can lead to full system takeover.
CVE-2026-32323 Privilege Escalation in privilege-escalation (CVE-2026-32323)
vulnerability in privilege-escalation (CVE-2026-32323). Successful exploitation can lead to full system takeover.
CVE-2026-30950 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
CVE-2026-27964 Cross-Site Scripting (XSS) in facturascripts/facturascripts (CVE-2026-27964)
cross-site scripting in facturascripts/facturascripts (CVE-2026-27964). Risk of unauthorized operations or information disclosure.
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
CVE-2026-27737 Cross-Site Scripting (XSS) in CVE-2026-27737 (CVE-2026-27737)
cross-site scripting in CVE-2026-27737 (CVE-2026-27737). Data can be tampered with by attackers.
CVE-2026-8851 SQL Injection in sqli (CVE-2026-8851)
SQL injection in sqli (CVE-2026-8851). Confidential information can be exposed externally.
CVE-2026-47091 Path Traversal in path-traversal (CVE-2026-47091)
path traversal in path-traversal (CVE-2026-47091). Risk of unauthorized operations or information disclosure.
CVE-2026-26978 Unsafe Deserialization in CVE-2026-26978 (CVE-2026-26978)
vulnerability in CVE-2026-26978 (CVE-2026-26978). Risk of unauthorized operations or information disclosure.
CVE-2026-45686 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45686)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45686). Risk of unauthorized operations or information disclosure. Exploitable via ``set``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45685 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45685)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45685). Risk of unauthorized operations or information disclosure. Exploitable via ``parseOpMessage``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45242 Vulnerability in @steipete/summarize (CVE-2026-45242)
vulnerability in @steipete/summarize (CVE-2026-45242). Data can be tampered with by attackers. Mitigation: upgrade to `0.15.0` or later.
CVE-2026-45231 Cross-Site Scripting (XSS) in CVE-2026-45231 (CVE-2026-45231)
cross-site scripting in CVE-2026-45231 (CVE-2026-45231). Risk of unauthorized operations or information disclosure.
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-29964 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →