Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40365 |
|
Vulnerability in microsoft (CVE-2026-40365)
vulnerability in microsoft (CVE-2026-40365). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34663 |
|
Out-of-Bounds Read in adobe (CVE-2026-34663)
vulnerability in adobe (CVE-2026-34663). Confidential information can be exposed externally.
|
| CVE-2026-34637 |
|
Out-of-Bounds Write in adobe (CVE-2026-34637)
out-of-bounds write in adobe (CVE-2026-34637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34662 |
|
Vulnerability in adobe (CVE-2026-34662)
vulnerability in adobe (CVE-2026-34662). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34638 |
|
Use-After-Free in adobe (CVE-2026-34638)
vulnerability in adobe (CVE-2026-34638). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34661 |
|
Out-of-Bounds Write in adobe (CVE-2026-34661)
out-of-bounds write in adobe (CVE-2026-34661). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34636 |
|
Out-of-Bounds Write in adobe (CVE-2026-34636)
out-of-bounds write in adobe (CVE-2026-34636). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33110 |
|
Unsafe Deserialization in deserialization (CVE-2026-33110)
vulnerability in deserialization (CVE-2026-33110). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33112 |
|
Unsafe Deserialization in deserialization (CVE-2026-33112)
vulnerability in deserialization (CVE-2026-33112). Successful exploitation can lead to full system takeover.
|
| CVE-2025-46311 |
|
Vulnerability in apple (CVE-2025-46311)
vulnerability in apple (CVE-2025-46311). Confidential information can be exposed externally.
|
| CVE-2025-43524 |
|
Vulnerability in apple (CVE-2025-43524)
vulnerability in apple (CVE-2025-43524). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29204 |
|
Vulnerability in CVE-2026-29204 (CVE-2026-29204)
vulnerability in CVE-2026-29204 (CVE-2026-29204). Confidential information can be exposed externally. Exploitable via ``clientarea.php``.
|
| CVE-2025-53844 |
|
Out-of-Bounds Write in fortinet (CVE-2025-53844)
out-of-bounds write in fortinet (CVE-2025-53844). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67604 |
|
Vulnerability in fortinet (CVE-2025-67604)
vulnerability in fortinet (CVE-2025-67604). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42899 |
|
Vulnerability in dotnet (CVE-2026-42899)
vulnerability in dotnet (CVE-2026-42899). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.27, 9.0.16, 10.0.8` or later.
|
| CVE-2026-42048 |
|
Path Traversal in langflow (CVE-2026-42048)
path traversal in langflow (CVE-2026-42048). Data can be tampered with by attackers. Exploitable via `DELETE /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-35433 |
|
Vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433)
vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32177 |
|
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
|
| CVE-2026-32175 |
|
Vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175)
vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-43513 |
|
Vulnerability in tomcat (CVE-2026-43513)
vulnerability in tomcat (CVE-2026-43513). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43514 |
|
Vulnerability in tomcat (CVE-2026-43514)
vulnerability in tomcat (CVE-2026-43514). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43515 |
|
Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41293 |
|
Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-42498 |
|
Information Disclosure in tomcat (CVE-2026-42498)
vulnerability in tomcat (CVE-2026-42498). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-43512 |
|
Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-41284 |
|
Vulnerability in tomcat (CVE-2026-41284)
vulnerability in tomcat (CVE-2026-41284). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2023-27753 |
|
Unrestricted File Upload in CVE-2023-27753 (CVE-2023-27753)
vulnerability in CVE-2023-27753 (CVE-2023-27753). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8401 |
|
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
|
| CVE-2026-8051 |
|
OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7432 |
|
Vulnerability in ivanti (CVE-2026-7432)
vulnerability in ivanti (CVE-2026-7432). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7431 |
|
Vulnerability in ivanti (CVE-2026-7431)
vulnerability in ivanti (CVE-2026-7431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8390 |
|
Use-After-Free in mozilla (CVE-2026-8390)
vulnerability in mozilla (CVE-2026-8390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8391 |
|
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3.
|
| CVE-2026-8388 |
|
Buffer Overflow in mozilla (CVE-2026-8388)
vulnerability in mozilla (CVE-2026-8388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8389 |
|
Buffer Overflow in mozilla (CVE-2026-8389)
vulnerability in mozilla (CVE-2026-8389). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7616 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-7616)
vulnerability in wordpress (CVE-2026-7616). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6663 |
|
Vulnerability in wordpress (CVE-2026-6663)
vulnerability in wordpress (CVE-2026-6663). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6932 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6932)
vulnerability in wordpress (CVE-2026-6932). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22796 |
|
Vulnerability in jvn (CVE-2026-22796)
vulnerability in jvn (CVE-2026-22796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3921 |
|
Vulnerability in Google chrome (CVE-2026-3921)
vulnerability in Google chrome (CVE-2026-3921). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43885 |
|
Information Disclosure in wwbn/avideo (CVE-2026-43885)
vulnerability in wwbn/avideo (CVE-2026-43885). Risk of unauthorized operations or information disclosure. Exploitable via ``APISecret``.
|
| CVE-2026-43884 |
|
SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43884)
SSRF in wwbn/avideo (CVE-2026-43884). Confidential information can be exposed externally. Exploitable via `POST /plugin/AI/receiveAsync.json.php`.
|
| CVE-2026-43877 |
|
Cross-Site Request Forgery (CSRF) in wwbn/avideo (CVE-2026-43877)
vulnerability in wwbn/avideo (CVE-2026-43877). Risk of unauthorized operations or information disclosure. Exploitable via ``autoCSRFGuard``.
|
| CVE-2026-43878 |
|
Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43878)
cross-site scripting in wwbn/avideo (CVE-2026-43878). Risk of unauthorized operations or information disclosure. Exploitable via ``user``.
|
| CVE-2026-43879 |
|
SSRF (Server-Side Request Forgery) in wwbn/avideo (CVE-2026-43879)
SSRF in wwbn/avideo (CVE-2026-43879). Risk of unauthorized operations or information disclosure. Exploitable via `POST /internal/admin/action`.
|
| CVE-2026-43883 |
|
Vulnerability in wwbn/avideo (CVE-2026-43883)
vulnerability in wwbn/avideo (CVE-2026-43883). Risk of unauthorized operations or information disclosure. Exploitable via ``agreement``.
|
| CVE-2026-43881 |
|
Vulnerability in wwbn/avideo (CVE-2026-43881)
vulnerability in wwbn/avideo (CVE-2026-43881). Risk of unauthorized operations or information disclosure. Exploitable via ``isCompany``.
|
| CVE-2026-43880 |
|
Vulnerability in wwbn/avideo (CVE-2026-43880)
vulnerability in wwbn/avideo (CVE-2026-43880). Risk of unauthorized operations or information disclosure. Exploitable via `POST /objects/sendEmail.json.php`.
|
| CVE-2026-43873 |
|
Vulnerability in wwbn/avideo (CVE-2026-43873)
vulnerability in wwbn/avideo (CVE-2026-43873). Confidential information can be exposed externally. Exploitable via ``cloneSiteURL``.
|
| CVE-2026-43876 |
|
Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43876)
cross-site scripting in wwbn/avideo (CVE-2026-43876). Risk of unauthorized operations or information disclosure. Exploitable via ``message``.
|