Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49145 |
|
Vulnerability in CVE-2026-49145 (CVE-2026-49145)
vulnerability in CVE-2026-49145 (CVE-2026-49145). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6901 |
|
Vulnerability in CVE-2026-6901 (CVE-2026-6901)
vulnerability in CVE-2026-6901 (CVE-2026-6901). Confidential information can be exposed externally.
|
| CVE-2026-57919 |
|
Vulnerability in privilege-escalation (CVE-2026-57919)
vulnerability in privilege-escalation (CVE-2026-57919). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46710 |
|
Vulnerability in privilege-escalation (CVE-2026-46710)
vulnerability in privilege-escalation (CVE-2026-46710). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6` or later.
|
| CVE-2026-53865 |
|
Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53858 |
|
Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53846 |
|
Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53842 |
|
Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-54055 |
|
Vulnerability in privilege-escalation (CVE-2026-54055)
vulnerability in privilege-escalation (CVE-2026-54055). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
|
| CVE-2026-53819 |
|
Vulnerability in openclaw (CVE-2026-53819)
vulnerability in openclaw (CVE-2026-53819). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.27` or later.
|
| CVE-2026-48565 |
|
Vulnerability in microsoft (CVE-2026-48565)
vulnerability in microsoft (CVE-2026-48565). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47648 |
|
Vulnerability in microsoft (CVE-2026-47648)
vulnerability in microsoft (CVE-2026-47648). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24064 |
|
Vulnerability in privilege-escalation (CVE-2026-24064)
vulnerability in privilege-escalation (CVE-2026-24064). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11400 |
|
CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
|
| CVE-2026-11401 |
|
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
|
| CVE-2026-45792 |
|
Vulnerability in rtk (CVE-2026-45792)
vulnerability in rtk (CVE-2026-45792). Data can be tampered with by attackers. Exploitable via ``strip_lines_matching``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-45721 |
|
Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
|
| CVE-2026-45772 |
|
Vulnerability in turbo (CVE-2026-45772)
vulnerability in turbo (CVE-2026-45772). Successful exploitation can lead to full system takeover. Exploitable via ``yarnPath``. Mitigation: upgrade to `2.9.14` or later.
|
| CVE-2026-30906 |
|
Vulnerability in zoom (CVE-2026-30906)
vulnerability in zoom (CVE-2026-30906). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0251 |
|
Vulnerability in privilege-escalation (CVE-2026-0251)
vulnerability in privilege-escalation (CVE-2026-0251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42830 |
|
Vulnerability in microsoft (CVE-2026-42830)
vulnerability in microsoft (CVE-2026-42830). Data can be tampered with by attackers.
|
| CVE-2026-44477 |
|
Vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477)
vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477). Successful exploitation can lead to full system takeover. Exploitable via ``postgres``. Mitigation: upgrade to `1.29.1` or later.
|
| CVE-2012-1854 KEV |
|
[KEV] Vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854)
vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-39883 |
|
Vulnerability in opentelemetry (CVE-2026-39883)
vulnerability in opentelemetry (CVE-2026-39883). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.43.0` or later.
|
| CVE-2026-24051 |
|
Vulnerability in opentelemetry (CVE-2026-24051)
vulnerability in opentelemetry (CVE-2026-24051). Successful exploitation can lead to full system takeover.
|
| CVE-2024-53866 |
|
Vulnerability in pnpm (CVE-2024-53866)
vulnerability in pnpm (CVE-2024-53866). Successful exploitation can lead to full system takeover.
|
| CVE-2023-4736 |
|
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
|
| CVE-2021-3305 |
|
Vulnerability in feishu (CVE-2021-3305)
vulnerability in feishu (CVE-2021-3305). Successful exploitation can lead to full system takeover.
|
| CVE-2021-36666 |
|
Privilege Escalation in druva (CVE-2021-36666)
vulnerability in druva (CVE-2021-36666). Successful exploitation can lead to full system takeover.
|
| CVE-2022-22047 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2022-22047)
vulnerability in Microsoft windows (CVE-2022-22047). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-17010 |
|
Vulnerability in sony (CVE-2017-17010)
vulnerability in sony (CVE-2017-17010). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10909 |
|
Vulnerability in sony (CVE-2017-10909)
vulnerability in sony (CVE-2017-10909). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17809 |
|
Vulnerability in goldenfrog (CVE-2017-17809)
vulnerability in goldenfrog (CVE-2017-17809). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16997 |
|
Vulnerability in c (CVE-2017-16997)
vulnerability in c (CVE-2017-16997). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11397 |
|
Vulnerability in trendmicro (CVE-2017-11397)
vulnerability in trendmicro (CVE-2017-11397). Successful exploitation can lead to full system takeover.
|
| CVE-2017-16690 |
|
Vulnerability in sap (CVE-2017-16690)
vulnerability in sap (CVE-2017-16690). Successful exploitation can lead to full system takeover.
|
| CVE-2014-8358 |
|
Vulnerability in huawei (CVE-2014-8358)
vulnerability in huawei (CVE-2014-8358). Successful exploitation can lead to full system takeover.
|
| CVE-2017-13070 |
|
Vulnerability in qnap (CVE-2017-13070)
vulnerability in qnap (CVE-2017-13070). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10893 |
|
Vulnerability in j-lis (CVE-2017-10893)
vulnerability in j-lis (CVE-2017-10893). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17069 |
|
Vulnerability in amazon (CVE-2017-17069)
vulnerability in amazon (CVE-2017-17069). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10892 |
|
Vulnerability in sony (CVE-2017-10892)
vulnerability in sony (CVE-2017-10892). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10891 |
|
Vulnerability in sony (CVE-2017-10891)
vulnerability in sony (CVE-2017-10891). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8137 |
|
Vulnerability in huawei (CVE-2017-8137)
vulnerability in huawei (CVE-2017-8137). Successful exploitation can lead to full system takeover.
|
| CVE-2017-4939 |
|
Vulnerability in vmware (CVE-2017-4939)
vulnerability in vmware (CVE-2017-4939). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10887 |
|
Vulnerability in bookwalker (CVE-2017-10887)
vulnerability in bookwalker (CVE-2017-10887). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12312 |
|
Vulnerability in cisco (CVE-2017-12312)
vulnerability in cisco (CVE-2017-12312). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12313 |
|
Vulnerability in cisco (CVE-2017-12313)
vulnerability in cisco (CVE-2017-12313). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10885 |
|
Vulnerability in sbisec (CVE-2017-10885)
vulnerability in sbisec (CVE-2017-10885). Successful exploitation can lead to full system takeover.
|
| CVE-2016-6803 |
|
Vulnerability in apache (CVE-2016-6803)
vulnerability in apache (CVE-2016-6803). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10825 |
|
Vulnerability in flets-w (CVE-2017-10825)
vulnerability in flets-w (CVE-2017-10825). Successful exploitation can lead to full system takeover.
|