Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40048 |
|
Unsafe Deserialization in apache (CVE-2026-40048)
vulnerability in apache (CVE-2026-40048). Successful exploitation can lead to full system takeover. Exploitable via ``java.security.KeyPair``.
|
| CVE-2026-6786 |
|
Out-of-Bounds Read in mozilla (CVE-2026-6786)
vulnerability in mozilla (CVE-2026-6786). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6785 |
|
Out-of-Bounds Read in mozilla (CVE-2026-6785)
vulnerability in mozilla (CVE-2026-6785). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40466 |
|
Vulnerability in org.apache.activemq:apache-activemq (CVE-2026-40466)
vulnerability in org.apache.activemq:apache-activemq (CVE-2026-40466). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.2.5` or later.
|
| CVE-2026-41044 |
|
Vulnerability in org.apache.activemq:apache-activemq (CVE-2026-41044)
vulnerability in org.apache.activemq:apache-activemq (CVE-2026-41044). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.2.5` or later.
|
| CVE-2026-21728 |
|
Vulnerability in grafana (CVE-2026-21728)
vulnerability in grafana (CVE-2026-21728). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-57726 KEV |
|
[KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-57728 KEV |
|
[KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7399 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-29635 KEV |
|
[KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-6920 |
|
Out-of-Bounds Read in google (CVE-2026-6920)
vulnerability in google (CVE-2026-6920). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6921 |
|
Vulnerability in google (CVE-2026-6921)
vulnerability in google (CVE-2026-6921). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6919 |
|
Use-After-Free in google (CVE-2026-6919)
vulnerability in google (CVE-2026-6919). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39987 KEV |
|
[KEV] Vulnerability in Marimo remote-attack (CVE-2026-39987)
vulnerability in Marimo remote-attack (CVE-2026-39987). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-28950 |
|
Vulnerability in apple (CVE-2026-28950)
vulnerability in apple (CVE-2026-28950). Confidential information can be exposed externally.
|
| CVE-2026-32885 |
|
Path Traversal in ddev (CVE-2026-32885)
path traversal in ddev (CVE-2026-32885). Data can be tampered with by attackers.
|
| CVE-2026-40542 |
|
Vulnerability in apache (CVE-2026-40542)
vulnerability in apache (CVE-2026-40542). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33825 KEV |
|
[KEV] Vulnerability in Microsoft defender (CVE-2026-33825)
vulnerability in Microsoft defender (CVE-2026-33825). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33519 |
|
Vulnerability in esri (CVE-2026-33519)
vulnerability in esri (CVE-2026-33519). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33518 |
|
Vulnerability in esri (CVE-2026-33518)
vulnerability in esri (CVE-2026-33518). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30452 |
|
Vulnerability in textpattern (CVE-2026-30452)
vulnerability in textpattern (CVE-2026-30452). Data can be tampered with by attackers.
|
| CVE-2025-41029 |
|
SQL Injection in sqli (CVE-2025-41029)
SQL injection in sqli (CVE-2025-41029). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6784 |
|
Out-of-Bounds Read in mozilla (CVE-2026-6784)
vulnerability in mozilla (CVE-2026-6784). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6754 |
|
Use-After-Free in mozilla (CVE-2026-6754)
vulnerability in mozilla (CVE-2026-6754). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6752 |
|
Buffer Overflow in mozilla (CVE-2026-6752)
vulnerability in mozilla (CVE-2026-6752). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6750 |
|
Privilege Escalation in privilege-escalation (CVE-2026-6750)
vulnerability in privilege-escalation (CVE-2026-6750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6748 |
|
Vulnerability in mozilla (CVE-2026-6748)
vulnerability in mozilla (CVE-2026-6748). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6749 |
|
Vulnerability in mozilla (CVE-2026-6749)
vulnerability in mozilla (CVE-2026-6749). Confidential information can be exposed externally.
|
| CVE-2026-6747 |
|
Use-After-Free in mozilla (CVE-2026-6747)
vulnerability in mozilla (CVE-2026-6747). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6753 |
|
Buffer Overflow in mozilla (CVE-2026-6753)
vulnerability in mozilla (CVE-2026-6753). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6746 |
|
Use-After-Free in mozilla (CVE-2026-6746)
vulnerability in mozilla (CVE-2026-6746). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-6751 |
|
Vulnerability in mozilla (CVE-2026-6751)
vulnerability in mozilla (CVE-2026-6751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31018 |
|
Code Injection in dolibarr (CVE-2026-31018)
code injection in dolibarr (CVE-2026-31018). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31019 |
|
OS Command Injection in dolibarr (CVE-2026-31019)
OS command injection in dolibarr (CVE-2026-31019). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10354 |
|
Cross-Site Scripting (XSS) in CVE-2025-10354 (CVE-2025-10354)
cross-site scripting in CVE-2025-10354 (CVE-2025-10354). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32147 |
|
Path Traversal in path-traversal (CVE-2026-32147)
path traversal in path-traversal (CVE-2026-32147). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33557 |
|
Vulnerability in apache (CVE-2026-33557)
vulnerability in apache (CVE-2026-33557). Confidential information can be exposed externally. Exploitable via ``sasl.oauthbearer.jwt.validator.class``.
|
| CVE-2026-5966 |
|
Vulnerability in path-traversal (CVE-2026-5966)
vulnerability in path-traversal (CVE-2026-5966). Data can be tampered with by attackers.
|
| CVE-2026-5967 |
|
OS Command Injection in privilege-escalation (CVE-2026-5967)
OS command injection in privilege-escalation (CVE-2026-5967). Successful exploitation can lead to full system takeover.
|
| CVE-2023-27351 KEV |
|
[KEV] Authentication Bypass in Papercut ngmf (CVE-2023-27351)
authentication bypass in Papercut ngmf (CVE-2023-27351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20128 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20133 KEV |
|
[KEV] Information Disclosure in Cisco catalyst-sd-wan-manager (CVE-2026-20133)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-27199 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32975 KEV |
|
[KEV] Authentication Bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975)
authentication bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2749 KEV |
|
[KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20122 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122)
vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48700 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40948 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-40948)
vulnerability in apache (CVE-2026-40948). Risk of unauthorized operations or information disclosure. Exploitable via ``state``.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30459 |
|
Vulnerability in thedaylightstudio (CVE-2026-30459)
vulnerability in thedaylightstudio (CVE-2026-30459). Data can be tampered with by attackers.
|