Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-48282 KEV [KEV] Path Traversal in Adobe path-traversal (CVE-2026-48282)
path traversal in Adobe path-traversal (CVE-2026-48282). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-56290 KEV [KEV] Unrestricted File Upload in Joomlack page-builder-ck (CVE-2026-56290)
vulnerability in Joomlack page-builder-ck (CVE-2026-56290). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2025-67038 KEV An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
CVE-2026-48908 KEV [KEV] Unrestricted File Upload in Joomshaper ollyo (CVE-2026-48908)
vulnerability in Joomshaper ollyo (CVE-2026-48908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-12569 KEV [KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-20262 KEV [KEV] Path Traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262)
path traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
CVE-2026-48558 KEV [KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-35273 KEV [KEV] Vulnerability in Oracle c (CVE-2026-35273)
vulnerability in Oracle c (CVE-2026-35273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-20253 KEV [KEV] Vulnerability in splunk (CVE-2026-20253)
vulnerability in splunk (CVE-2026-20253). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-10520 KEV [KEV] OS Command Injection in Ivanti standalone-sentry (CVE-2026-10520)
OS command injection in Ivanti standalone-sentry (CVE-2026-10520). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-11645 KEV [KEV] Out-of-Bounds Read in Google chrome (CVE-2026-11645)
vulnerability in Google chrome (CVE-2026-11645). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-50751 KEV [KEV] Authentication Bypass in Check point checkpoint (CVE-2026-50751)
authentication bypass in Check point checkpoint (CVE-2026-50751). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-48907 KEV [KEV] Vulnerability in widget factory (CVE-2026-48907)
vulnerability in widget factory (CVE-2026-48907). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20245 KEV [KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-28318 KEV [KEV] Vulnerability in Solarwinds serv-u (CVE-2026-28318)
vulnerability in Solarwinds serv-u (CVE-2026-28318). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20230 KEV [KEV] SSRF (Server-Side Request Forgery) in Cisco ssrf (CVE-2026-20230)
SSRF in Cisco ssrf (CVE-2026-20230). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
CVE-2010-0249 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2010-0249)
vulnerability in Microsoft internet-explorer (CVE-2010-0249). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2022-0492 KEV [KEV] Authentication Bypass in Linux c (CVE-2022-0492)
authentication bypass in Linux c (CVE-2022-0492). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2025-48595 KEV [KEV] Vulnerability in Android google (CVE-2025-48595)
vulnerability in Android google (CVE-2025-48595). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2024-21182 KEV Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
CVE-2026-48027 KEV [KEV] Vulnerability in nx (CVE-2026-48027)
vulnerability in nx (CVE-2026-48027). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-45247 KEV [KEV] Unsafe Deserialization in Mirasvit full-page-cache-warmer (CVE-2026-45247)
vulnerability in Mirasvit full-page-cache-warmer (CVE-2026-45247). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-45659 KEV [KEV] Unsafe Deserialization in Microsoft deserialization (CVE-2026-45659)
vulnerability in Microsoft deserialization (CVE-2026-45659). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-34909 KEV [KEV] Path Traversal in Ubiquiti path-traversal (CVE-2026-34909)
path traversal in Ubiquiti path-traversal (CVE-2026-34909). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-34910 KEV [KEV] Vulnerability in Ubiquiti ui (CVE-2026-34910)
vulnerability in Ubiquiti ui (CVE-2026-34910). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-34908 KEV [KEV] Vulnerability in Ubiquiti ui (CVE-2026-34908)
vulnerability in Ubiquiti ui (CVE-2026-34908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-34926 KEV [KEV] Vulnerability in Trend micro path-traversal (CVE-2026-34926)
vulnerability in Trend micro path-traversal (CVE-2026-34926). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-9082 KEV [KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
CVE-2026-45498 KEV Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
CVE-2026-41091 KEV [KEV] Vulnerability in Microsoft malware-protection-engine (CVE-2026-41091)
vulnerability in Microsoft malware-protection-engine (CVE-2026-41091). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2008-4250 KEV [KEV] Code Injection in Microsoft windows-2000 (CVE-2008-4250)
code injection in Microsoft windows-2000 (CVE-2008-4250). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2010-0806 KEV [KEV] Vulnerability in Microsoft internet-explorer (CVE-2010-0806)
vulnerability in Microsoft internet-explorer (CVE-2010-0806). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2009-3459 KEV [KEV] Buffer Overflow in Adobe acrobat (CVE-2009-3459)
vulnerability in Adobe acrobat (CVE-2009-3459). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2009-1537 KEV [KEV] Vulnerability in Microsoft directx (CVE-2009-1537)
vulnerability in Microsoft directx (CVE-2009-1537). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-8398 KEV [KEV] Vulnerability in Daemon disc-soft (CVE-2026-8398)
vulnerability in Daemon disc-soft (CVE-2026-8398). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-42897 KEV [KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
cross-site scripting in Microsoft exchange-server (CVE-2026-42897). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-20182 KEV [KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-45321 KEV [KEV] Vulnerability in @tanstack/arktype-adapter (CVE-2026-45321)
vulnerability in @tanstack/arktype-adapter (CVE-2026-45321). Successful exploitation can lead to full system takeover. Exploitable via ``pull_request_target``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.166.16` or later.
CVE-2026-42271 KEV [KEV] Command Injection in Berriai litellm (CVE-2026-42271)
command injection in Berriai litellm (CVE-2026-42271). Successful exploitation can lead to full system takeover. Exploitable via `POST /mcp-rest/test/connection`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.83.7` or later.
CVE-2026-42208 KEV [KEV] SQL Injection in Berriai litellm (CVE-2026-42208)
SQL injection in Berriai litellm (CVE-2026-42208). Successful exploitation can lead to full system takeover. Exploitable via `POST /chat/completions`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `>=1.83.7` or later.
CVE-2026-6973 KEV [KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-0300 KEV [KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-31431 KEV [KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-41940 KEV [KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-32202 KEV [KEV] Vulnerability in Microsoft windows (CVE-2026-32202)
vulnerability in Microsoft windows (CVE-2026-32202). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-1708 KEV [KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-7399 KEV [KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-57728 KEV [KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-57726 KEV [KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-29635 KEV [KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →