Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50200 |
|
Information Disclosure in Steeltoe.Management.Endpoint (CVE-2026-50200)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50200). Confidential information can be exposed externally. Exploitable via ``Sanitizer``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-50196 |
|
Vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196)
vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196). Risk of unauthorized operations or information disclosure. Exploitable via ``DataCenterInfo.FromJson``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-54386 |
|
Cross-Site Scripting (XSS) in marimo (CVE-2026-54386)
cross-site scripting in marimo (CVE-2026-54386). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.23.9` or later.
|
| CVE-2026-48990 |
|
Vulnerability in joserfc (CVE-2026-48990)
vulnerability in joserfc (CVE-2026-48990). Risk of unauthorized operations or information disclosure. Exploitable via ``joserfc``. Mitigation: upgrade to `1.6.7` or later.
|
| CVE-2026-48997 |
|
OS Command Injection in c (CVE-2026-48997)
OS command injection in c (CVE-2026-48997). Data can be tampered with by attackers.
|
| CVE-2026-50194 |
|
Vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194)
vulnerability in Steeltoe.Management.Endpoint (CVE-2026-50194). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `4.2.0` or later.
|
| CVE-2026-48991 |
|
Authentication Bypass in CVE-2026-48991 (CVE-2026-48991)
authentication bypass in CVE-2026-48991 (CVE-2026-48991). Confidential information can be exposed externally.
|
| CVE-2026-48820 |
|
Path Traversal in cakephp/cakephp (CVE-2026-48820)
path traversal in cakephp/cakephp (CVE-2026-48820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.5.11` or later.
|
| CVE-2026-55199 |
|
Vulnerability in c (CVE-2026-55199)
vulnerability in c (CVE-2026-55199). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12529 |
|
Vulnerability in CVE-2026-12529 (CVE-2026-12529)
vulnerability in CVE-2026-12529 (CVE-2026-12529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12530 |
|
Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
|
| CVE-2026-48979 |
|
Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
|
| CVE-2026-48821 |
|
Cross-Site Scripting (XSS) in privilege-escalation (CVE-2026-48821)
cross-site scripting in privilege-escalation (CVE-2026-48821). Confidential information can be exposed externally.
|
| CVE-2026-48822 |
|
Cross-Site Scripting (XSS) in CVE-2026-48822 (CVE-2026-48822)
cross-site scripting in CVE-2026-48822 (CVE-2026-48822). Confidential information can be exposed externally.
|
| CVE-2026-48823 |
|
Cross-Site Scripting (XSS) in CVE-2026-48823 (CVE-2026-48823)
cross-site scripting in CVE-2026-48823 (CVE-2026-48823). Confidential information can be exposed externally.
|
| CVE-2026-48814 |
|
Vulnerability in network-ai (CVE-2026-48814)
vulnerability in network-ai (CVE-2026-48814). Confidential information can be exposed externally. Exploitable via `POST /mcp`. Mitigation: upgrade to `5.7.2` or later.
|
| CVE-2026-55517 |
|
Vulnerability in deno (CVE-2026-55517)
vulnerability in deno (CVE-2026-55517). Risk of unauthorized operations or information disclosure. Exploitable via ``WebSocket``. Mitigation: upgrade to `2.7.5` or later.
|
| CVE-2026-55471 |
|
XXE (XML External Entity) in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471). Risk of unauthorized operations or information disclosure. Exploitable via `GET /evil-fhir-xslt-ssrf.dtd`. Mitigation: upgrade to `6.9.10` or later.
|
| CVE-2026-55470 |
|
Vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470). Risk of unauthorized operations or information disclosure. Exploitable via ``RegexTimeout``. Mitigation: upgrade to `6.9.10` or later.
|
| CVE-2026-55760 |
|
Path Traversal in com.github.jknack:handlebars (CVE-2026-55760)
path traversal in com.github.jknack:handlebars (CVE-2026-55760). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.2` or later.
|
| CVE-2026-55409 |
|
Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
|
| CVE-2026-53805 |
|
Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48591 |
|
Vulnerability in earmark (CVE-2026-48591)
vulnerability in earmark (CVE-2026-48591). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53873 |
|
Vulnerability in picklescan (CVE-2026-53873)
vulnerability in picklescan (CVE-2026-53873). Successful exploitation can lead to full system takeover. Exploitable via ``profile.Profile.run``. Mitigation: upgrade to `1.0.4` or later.
|
| CVE-2026-54415 |
|
Privilege Escalation in CVE-2026-54415 (CVE-2026-54415)
vulnerability in CVE-2026-54415 (CVE-2026-54415). Confidential information can be exposed externally.
|
| CVE-2025-26240 |
|
Vulnerability in pdfkit (CVE-2025-26240)
vulnerability in pdfkit (CVE-2025-26240). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54814 |
|
Vulnerability in CVE-2026-54814 (CVE-2026-54814)
vulnerability in CVE-2026-54814 (CVE-2026-54814). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12528 |
|
Out-of-Bounds Write in c (CVE-2026-12528)
out-of-bounds write in c (CVE-2026-12528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54417 |
|
Vulnerability in c (CVE-2026-54417)
vulnerability in c (CVE-2026-54417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55738 |
|
Vulnerability in c (CVE-2026-55738)
vulnerability in c (CVE-2026-55738). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54815 |
|
SQL Injection in c (CVE-2026-54815)
SQL injection in c (CVE-2026-54815). Confidential information can be exposed externally.
|
| CVE-2026-49108 |
|
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
|
| CVE-2026-10850 |
|
Cross-Site Scripting (XSS) in plane (CVE-2026-10850)
cross-site scripting in plane (CVE-2026-10850). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40756 |
|
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
|
| CVE-2026-39576 |
|
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
|
| CVE-2026-39560 |
|
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
|
| CVE-2026-39445 |
|
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
|
| CVE-2026-40738 |
|
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
|
| CVE-2025-69130 |
|
Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39442 |
|
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
|
| CVE-2026-39556 |
|
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
|
| CVE-2026-40752 |
|
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
|
| CVE-2026-40733 |
|
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
|
| CVE-2026-40757 |
|
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
|
| CVE-2025-69111 |
|
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
|
| CVE-2026-9570 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-9570)
cross-site scripting in wordpress (CVE-2026-9570). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69127 |
|
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
Unauthenticated PHP Object Injection in Plumbing <= 1.6 versions.
|
| CVE-2026-54806 |
|
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
Unauthenticated PHP Object Injection in WP Activity Log <= 5.6.3.1 versions.
|
| CVE-2026-55706 |
|
Vulnerability in c (CVE-2026-55706)
vulnerability in c (CVE-2026-55706). Risk of unauthorized operations or information disclosure.
|