Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49091 |
|
Vulnerability in elastic (CVE-2026-49091)
vulnerability in elastic (CVE-2026-49091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56379 |
|
Vulnerability in imagemagick (CVE-2026-56379)
vulnerability in imagemagick (CVE-2026-56379). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44913 |
|
Vulnerability in apache (CVE-2026-44913)
vulnerability in apache (CVE-2026-44913). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54133 |
|
Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
|
| CVE-2026-28898 |
|
Vulnerability in github.com/apple/swift-nio-http2 (CVE-2026-28898)
vulnerability in github.com/apple/swift-nio-http2 (CVE-2026-28898). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTP2FramePayloadToHTTP1ServerCodec``. Mitigation: upgrade to `1.44.1` or later.
|
| CVE-2026-20245 KEV |
|
[KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34246 |
|
Vulnerability in privilege-escalation (CVE-2026-34246)
vulnerability in privilege-escalation (CVE-2026-34246). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46496 |
|
Vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496)
vulnerability in @haxtheweb/haxcms-nodejs (CVE-2026-46496). Risk of unauthorized operations or information disclosure. Exploitable via ``source``. Mitigation: upgrade to `26.0.0` or later.
|
| CVE-2026-28907 |
|
Vulnerability in apple (CVE-2026-28907)
vulnerability in apple (CVE-2026-28907). Confidential information can be exposed externally.
|
| CVE-2026-20136 |
|
Vulnerability in Cisco identity-services-engine (CVE-2026-20136)
vulnerability in Cisco identity-services-engine (CVE-2026-20136). Confidential information can be exposed externally.
|
| CVE-2026-42810 |
|
Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42810). Successful exploitation can lead to full system takeover. Exploitable via ``TABLE_CREATE``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-6058 |
|
Vulnerability in c (CVE-2026-6058)
vulnerability in c (CVE-2026-6058). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-38475 KEV |
|
[KEV] Vulnerability in Apache http-server (CVE-2024-38475)
vulnerability in Apache http-server (CVE-2024-38475). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-48655 |
|
Vulnerability in misp-project (CVE-2023-48655)
vulnerability in misp-project (CVE-2023-48655). Successful exploitation can lead to full system takeover.
|
| CVE-2022-42948 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Fortra cobalt-strike (CVE-2022-42948)
cross-site scripting in Fortra cobalt-strike (CVE-2022-42948). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24682 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaborate-suite-zcs (CVE-2022-24682)
cross-site scripting in Synacor zimbra-collaborate-suite-zcs (CVE-2022-24682). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-6109 |
|
Vulnerability in c (CVE-2019-6109)
vulnerability in c (CVE-2019-6109). Confidential information can be exposed externally.
|
| CVE-2017-12340 |
|
Vulnerability in cisco (CVE-2017-12340)
vulnerability in cisco (CVE-2017-12340). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12064 |
|
Vulnerability in open-emr (CVE-2017-12064)
vulnerability in open-emr (CVE-2017-12064). Data can be tampered with by attackers.
|
| CVE-2017-8303 |
|
Vulnerability in accellion (CVE-2017-8303)
vulnerability in accellion (CVE-2017-8303). Successful exploitation can lead to full system takeover.
|
| CVE-2014-9938 |
|
Vulnerability in git-scm (CVE-2014-9938)
vulnerability in git-scm (CVE-2014-9938). Successful exploitation can lead to full system takeover.
|