Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12488 |
|
Vulnerability in dos (CVE-2026-12488)
vulnerability in dos (CVE-2026-12488). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12485 |
|
Vulnerability in CVE-2026-12485 (CVE-2026-12485)
vulnerability in CVE-2026-12485 (CVE-2026-12485). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3652 |
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
| CVE-2026-11614 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11614)
cross-site scripting in wordpress (CVE-2026-11614). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12681 |
|
Vulnerability in CVE-2026-12681 (CVE-2026-12681)
vulnerability in CVE-2026-12681 (CVE-2026-12681). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54639 |
|
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `c...
Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `convertTokenData(tokens, { output: 'object' });`; indirect usage, via using Expand API; and/or indire...
|
| CVE-2026-7574 |
|
Vulnerability in CVE-2026-7574 (CVE-2026-7574)
vulnerability in CVE-2026-7574 (CVE-2026-7574). Confidential information can be exposed externally.
|
| CVE-2026-56785 |
|
Cross-Site Scripting (XSS) in CVE-2026-56785 (CVE-2026-56785)
cross-site scripting in CVE-2026-56785 (CVE-2026-56785). Confidential information can be exposed externally.
|
| CVE-2026-12163 |
|
Cross-Site Scripting (XSS) in fortra (CVE-2026-12163)
cross-site scripting in fortra (CVE-2026-12163). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54588 |
|
Vulnerability in CVE-2026-54588 (CVE-2026-54588)
vulnerability in CVE-2026-54588 (CVE-2026-54588). Confidential information can be exposed externally. Exploitable via ``HTTP_HOST``.
|
| CVE-2026-11972 |
|
Vulnerability in CVE-2026-11972 (CVE-2026-11972)
vulnerability in CVE-2026-11972 (CVE-2026-11972). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55542 |
|
Vulnerability in snipe/snipe-it (CVE-2026-55542)
vulnerability in snipe/snipe-it (CVE-2026-55542). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-48493 |
|
Authorization Flaw in snipe/snipe-it (CVE-2026-48493)
vulnerability in snipe/snipe-it (CVE-2026-48493). Data can be tampered with by attackers. Exploitable via ``assets.view``. Mitigation: upgrade to `8.6.0` or later.
|
| CVE-2026-48492 |
|
Vulnerability in snipe/snipe-it (CVE-2026-48492)
vulnerability in snipe/snipe-it (CVE-2026-48492). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/{object}/selectlist`. Mitigation: upgrade to `8.5.1` or later.
|
| CVE-2026-54512 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
|
| CVE-2026-50193 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-50193)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-50193). Risk of unauthorized operations or information disclosure. Exploitable via ``JsonNode``. Mitigation: upgrade to `2.14.0` or later.
|
| CVE-2026-9073 |
|
Vulnerability in redhat (CVE-2026-9073)
vulnerability in redhat (CVE-2026-9073). Confidential information can be exposed externally.
|
| CVE-2026-54513 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54513)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54513). Successful exploitation can lead to full system takeover. Exploitable via ``EvilType``. Mitigation: upgrade to `3.1.4` or later.
|
| CVE-2026-54517 |
|
Authorization Flaw in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54517)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54517). Risk of unauthorized operations or information disclosure. Exploitable via ``true``. Mitigation: upgrade to `3.1.4` or later.
|
| CVE-2026-54518 |
|
Authorization Flaw in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54518)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54518). Risk of unauthorized operations or information disclosure. Exploitable via ``d633bc0``. Mitigation: upgrade to `2.21.4` or later.
|
| CVE-2026-54514 |
|
SSRF (Server-Side Request Forgery) in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514)
SSRF in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54514). Risk of unauthorized operations or information disclosure. Exploitable via ``JDKFromStringDeserializer``. Mitigation: upgrade to `3.1.4` or later.
|
| CVE-2026-41862 |
|
Unsafe Deserialization in CVE-2026-41862 (CVE-2026-41862)
vulnerability in CVE-2026-41862 (CVE-2026-41862). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23513 |
|
Authorization Flaw in CVE-2026-23513 (CVE-2026-23513)
vulnerability in CVE-2026-23513 (CVE-2026-23513). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12892 |
|
Out-of-Bounds Read in gstreamer (CVE-2026-12892)
vulnerability in gstreamer (CVE-2026-12892). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12891 |
|
Out-of-Bounds Read in gstreamer (CVE-2026-12891)
vulnerability in gstreamer (CVE-2026-12891). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11807 |
|
Vulnerability in CVE-2026-11807 (CVE-2026-11807)
vulnerability in CVE-2026-11807 (CVE-2026-11807). Confidential information can be exposed externally.
|
| CVE-2026-12112 |
|
Authentication Bypass in privilege-escalation (CVE-2026-12112)
authentication bypass in privilege-escalation (CVE-2026-12112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11820 |
|
Vulnerability in c (CVE-2026-11820)
vulnerability in c (CVE-2026-11820). Confidential information can be exposed externally.
|
| CVE-2026-11819 |
|
Vulnerability in c (CVE-2026-11819)
vulnerability in c (CVE-2026-11819). Confidential information can be exposed externally.
|
| CVE-2026-54555 |
|
Authorization Flaw in CVE-2026-54555 (CVE-2026-54555)
vulnerability in CVE-2026-54555 (CVE-2026-54555). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.42.2` or later.
|
| CVE-2026-39253 |
|
Unsafe Deserialization in CVE-2026-39253 (CVE-2026-39253)
vulnerability in CVE-2026-39253 (CVE-2026-39253). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55249 |
|
OS Command Injection in c (CVE-2026-55249)
OS command injection in c (CVE-2026-55249). Confidential information can be exposed externally.
|
| CVE-2026-54320 |
|
Authentication Bypass in CVE-2026-54320 (CVE-2026-54320)
authentication bypass in CVE-2026-54320 (CVE-2026-54320). Confidential information can be exposed externally. Mitigation: upgrade to `0.184.0` or later.
|
| CVE-2026-55488 |
|
Path Traversal in motioneye (CVE-2026-55488)
path traversal in motioneye (CVE-2026-55488). Risk of unauthorized operations or information disclosure. Exploitable via `GET /movie/`. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-50221 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
SSRF in ssrf (CVE-2026-50221). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-9695 |
|
Out-of-Bounds Write in adobe (CVE-2020-9695)
out-of-bounds write in adobe (CVE-2020-9695). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61024 |
|
SQL Injection in dos (CVE-2025-61024)
SQL injection in dos (CVE-2025-61024). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61029 |
|
SQL Injection in dos (CVE-2025-61029)
SQL injection in dos (CVE-2025-61029). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-9713 |
|
Out-of-Bounds Read in adobe (CVE-2020-9713)
vulnerability in adobe (CVE-2020-9713). Confidential information can be exposed externally.
|
| CVE-2020-9711 |
|
Out-of-Bounds Read in adobe (CVE-2020-9711)
vulnerability in adobe (CVE-2020-9711). Confidential information can be exposed externally.
|
| CVE-2026-0864 |
|
Vulnerability in CVE-2026-0864 (CVE-2026-0864)
vulnerability in CVE-2026-0864 (CVE-2026-0864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55448 |
|
OS Command Injection in mise (CVE-2026-55448)
OS command injection in mise (CVE-2026-55448). Confidential information can be exposed externally. Exploitable via ``mise``. Mitigation: upgrade to `2026.6.4` or later.
|
| CVE-2026-55441 |
|
OS Command Injection in mise (CVE-2026-55441)
OS command injection in mise (CVE-2026-55441). Successful exploitation can lead to full system takeover. Exploitable via ``mise.toml``. Mitigation: upgrade to `2026.6.4` or later.
|
| CVE-2026-54323 |
|
Vulnerability in CVE-2026-54323 (CVE-2026-54323)
vulnerability in CVE-2026-54323 (CVE-2026-54323). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `0.185.0` or later.
|
| CVE-2026-53662 |
|
Cross-Site Scripting (XSS) in CVE-2026-53662 (CVE-2026-53662)
cross-site scripting in CVE-2026-53662 (CVE-2026-53662). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54557 |
|
Path Traversal in mise (CVE-2026-54557)
path traversal in mise (CVE-2026-54557). Data can be tampered with by attackers. Exploitable via ``bin_path``. Mitigation: upgrade to `2026.6.1` or later.
|
| CVE-2026-53925 |
|
Path Traversal in glances (CVE-2026-53925)
path traversal in glances (CVE-2026-53925). Successful exploitation can lead to full system takeover. Exploitable via ``command``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2026-54350 |
|
SQL Injection in @budibase/server (CVE-2026-54350)
SQL injection in @budibase/server (CVE-2026-54350). Confidential information can be exposed externally. Exploitable via `POST /api/v2/queries/`. Mitigation: upgrade to `3.39.12` or later.
|
| CVE-2026-52816 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52816)
vulnerability in gogs.io/gogs (CVE-2026-52816). Risk of unauthorized operations or information disclosure. Exploitable via `POST /-/api/sanitize_ipynb`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56116 |
|
Vulnerability in dos (CVE-2026-56116)
vulnerability in dos (CVE-2026-56116). Risk of unauthorized operations or information disclosure.
|