Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-38329 |
|
Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
|
| CVE-2026-39006 |
|
Vulnerability in CVE-2026-39006 (CVE-2026-39006)
vulnerability in CVE-2026-39006 (CVE-2026-39006). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38812 |
|
SQL Injection in sqli (CVE-2026-38812)
SQL injection in sqli (CVE-2026-38812). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39196 |
|
SQL Injection in sqli (CVE-2026-39196)
SQL injection in sqli (CVE-2026-39196). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38060 |
|
OS Command Injection in CVE-2026-38060 (CVE-2026-38060)
OS command injection in CVE-2026-38060 (CVE-2026-38060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38061 |
|
OS Command Injection in CVE-2026-38061 (CVE-2026-38061)
OS command injection in CVE-2026-38061 (CVE-2026-38061). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38062 |
|
OS Command Injection in CVE-2026-38062 (CVE-2026-38062)
OS command injection in CVE-2026-38062 (CVE-2026-38062). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38063 |
|
OS Command Injection in CVE-2026-38063 (CVE-2026-38063)
OS command injection in CVE-2026-38063 (CVE-2026-38063). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38064 |
|
OS Command Injection in CVE-2026-38064 (CVE-2026-38064)
OS command injection in CVE-2026-38064 (CVE-2026-38064). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38065 |
|
OS Command Injection in CVE-2026-38065 (CVE-2026-38065)
OS command injection in CVE-2026-38065 (CVE-2026-38065). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30120 |
|
Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
|
| CVE-2026-30121 |
|
Remotion: arbitrary file write vulnerability
Remotion: arbitrary file write vulnerability
|
| CVE-2026-36537 |
|
Vulnerability in CVE-2026-36537 (CVE-2026-36537)
vulnerability in CVE-2026-36537 (CVE-2026-36537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9862 |
|
OS Command Injection in CVE-2026-9862 (CVE-2026-9862)
OS command injection in CVE-2026-9862 (CVE-2026-9862). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52704 |
|
Code Injection in CVE-2026-52704 (CVE-2026-52704)
code injection in CVE-2026-52704 (CVE-2026-52704). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25436 |
|
Unrestricted File Upload in wordpress (CVE-2018-25436)
vulnerability in wordpress (CVE-2018-25436). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11526 |
|
Vulnerability in CVE-2026-11526 (CVE-2026-11526)
vulnerability in CVE-2026-11526 (CVE-2026-11526). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12183 |
|
Authentication Bypass in CVE-2026-12183 (CVE-2026-12183)
authentication bypass in CVE-2026-12183 (CVE-2026-12183). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53838 |
|
Vulnerability in openclaw (CVE-2026-53838)
vulnerability in openclaw (CVE-2026-53838). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53609 |
|
Vulnerability in CVE-2026-53609 (CVE-2026-53609)
vulnerability in CVE-2026-53609 (CVE-2026-53609). Confidential information can be exposed externally. Exploitable via ``__proto__``.
|
| CVE-2026-53519 |
|
Path Traversal in github.com/nezhahq/nezha (CVE-2026-53519)
path traversal in github.com/nezhahq/nezha (CVE-2026-53519). Confidential information can be exposed externally. Exploitable via `GET /dashboard../data/config.yaml`. Mitigation: upgrade to `2.0.13` or later.
|
| CVE-2026-41157 |
|
Out-of-Bounds Write in Google chrome (CVE-2026-41157)
out-of-bounds write in Google chrome (CVE-2026-41157). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28742 |
|
Vulnerability in CVE-2026-28742 (CVE-2026-28742)
vulnerability in CVE-2026-28742 (CVE-2026-28742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48558 KEV |
|
[KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-44172 |
|
SQL Injection in mariadb (CVE-2026-44172)
SQL injection in mariadb (CVE-2026-44172). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44170 |
|
OS Command Injection in mariadb (CVE-2026-44170)
OS command injection in mariadb (CVE-2026-44170). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50091 |
|
Vulnerability in c (CVE-2026-50091)
vulnerability in c (CVE-2026-50091). Confidential information can be exposed externally.
|
| CVE-2026-50084 |
|
Vulnerability in c (CVE-2026-50084)
vulnerability in c (CVE-2026-50084). Confidential information can be exposed externally.
|
| CVE-2026-50083 |
|
Vulnerability in c (CVE-2026-50083)
vulnerability in c (CVE-2026-50083). Confidential information can be exposed externally.
|
| CVE-2026-53787 |
|
Unrestricted File Upload in path-traversal (CVE-2026-53787)
vulnerability in path-traversal (CVE-2026-53787). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54133 |
|
Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
|
| CVE-2026-11849 |
|
Vulnerability in CVE-2026-11849 (CVE-2026-11849)
vulnerability in CVE-2026-11849 (CVE-2026-11849). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50627 |
|
Vulnerability in apache (CVE-2026-50627)
vulnerability in apache (CVE-2026-50627). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49875 |
|
XXE (XML External Entity) in apache (CVE-2026-49875)
vulnerability in apache (CVE-2026-49875). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50628 |
|
Vulnerability in apache (CVE-2026-50628)
vulnerability in apache (CVE-2026-50628). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48611 |
|
Authentication Bypass in CVE-2026-48611 (CVE-2026-48611)
authentication bypass in CVE-2026-48611 (CVE-2026-48611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47367 |
|
Vulnerability in CVE-2026-47367 (CVE-2026-47367)
vulnerability in CVE-2026-47367 (CVE-2026-47367). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47370 |
|
Vulnerability in CVE-2026-47370 (CVE-2026-47370)
vulnerability in CVE-2026-47370 (CVE-2026-47370). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47369 |
|
Vulnerability in CVE-2026-47369 (CVE-2026-47369)
vulnerability in CVE-2026-47369 (CVE-2026-47369). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47365 |
|
Vulnerability in wordpress (CVE-2026-47365)
vulnerability in wordpress (CVE-2026-47365). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45060 |
|
SQL Injection in sqli (CVE-2026-45060)
SQL injection in sqli (CVE-2026-45060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42846 |
|
OS Command Injection in CVE-2026-42846 (CVE-2026-42846)
OS command injection in CVE-2026-42846 (CVE-2026-42846). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39494 |
|
SQL Injection in sqli (CVE-2026-39494)
SQL injection in sqli (CVE-2026-39494). Confidential information can be exposed externally.
|
| CVE-2026-42647 |
|
SQL Injection in sqli (CVE-2026-42647)
SQL injection in sqli (CVE-2026-42647). Confidential information can be exposed externally.
|
| CVE-2026-12027 |
|
Vulnerability in google (CVE-2026-12027)
vulnerability in google (CVE-2026-12027). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41005 |
|
Vulnerability in CVE-2026-41005 (CVE-2026-41005)
vulnerability in CVE-2026-41005 (CVE-2026-41005). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49973 |
|
Vulnerability in CVE-2026-49973 (CVE-2026-49973)
vulnerability in CVE-2026-49973 (CVE-2026-49973). Confidential information can be exposed externally.
|
| CVE-2026-45177 |
|
Vulnerability in paloaltonetworks (CVE-2026-45177)
vulnerability in paloaltonetworks (CVE-2026-45177). Confidential information can be exposed externally.
|
| CVE-2026-49261 |
|
OS Command Injection in mariadb (CVE-2026-49261)
OS command injection in mariadb (CVE-2026-49261). Successful exploitation can lead to full system takeover. Exploitable via ``wsrep_notify_cmd``. Mitigation: upgrade to `10.6.27` or later.
|
| CVE-2026-11839 |
|
Unrestricted File Upload in CVE-2026-11839 (CVE-2026-11839)
vulnerability in CVE-2026-11839 (CVE-2026-11839). Successful exploitation can lead to full system takeover.
|