Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12378 |
|
Vulnerability in wordpress (CVE-2026-12378)
vulnerability in wordpress (CVE-2026-12378). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43825 |
|
Unsafe Deserialization in apache (CVE-2026-43825)
vulnerability in apache (CVE-2026-43825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46590 |
|
Unsafe Deserialization in apache (CVE-2026-46590)
vulnerability in apache (CVE-2026-46590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42527 |
|
Unsafe Deserialization in csharp (CVE-2026-42527)
vulnerability in csharp (CVE-2026-42527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43865 |
|
Unsafe Deserialization in csharp (CVE-2026-43865)
vulnerability in csharp (CVE-2026-43865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40859 |
|
Unsafe Deserialization in apache (CVE-2026-40859)
vulnerability in apache (CVE-2026-40859). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43867 |
|
Unsafe Deserialization in apache (CVE-2026-43867)
vulnerability in apache (CVE-2026-43867). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43866 |
|
Unsafe Deserialization in apache (CVE-2026-43866)
vulnerability in apache (CVE-2026-43866). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-14637 |
|
Vulnerability in deserialization (CVE-2026-14637)
vulnerability in deserialization (CVE-2026-14637). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55153 |
|
Vulnerability in deserialization (CVE-2026-55153)
vulnerability in deserialization (CVE-2026-55153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14265 |
|
Unsafe Deserialization in Amazon aws (CVE-2026-14265)
vulnerability in Amazon aws (CVE-2026-14265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58025 |
|
Code Injection in deserialization (CVE-2026-58025)
code injection in deserialization (CVE-2026-58025). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24249 |
|
Code Injection in deserialization (CVE-2026-24249)
code injection in deserialization (CVE-2026-24249). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24245 |
|
Unsafe Deserialization in deserialization (CVE-2026-24245)
vulnerability in deserialization (CVE-2026-24245). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24243 |
|
Unsafe Deserialization in deserialization (CVE-2026-24243)
vulnerability in deserialization (CVE-2026-24243). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24244 |
|
Unsafe Deserialization in deserialization (CVE-2026-24244)
vulnerability in deserialization (CVE-2026-24244). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24247 |
|
Unsafe Deserialization in deserialization (CVE-2026-24247)
vulnerability in deserialization (CVE-2026-24247). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24240 |
|
Unsafe Deserialization in deserialization (CVE-2026-24240)
vulnerability in deserialization (CVE-2026-24240). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55223 |
|
Unsafe Deserialization in apache (CVE-2026-55223)
vulnerability in apache (CVE-2026-55223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13773 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-13773)
SSRF in ssrf (CVE-2026-13773). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46386 |
|
Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57527 |
|
Unsafe Deserialization in deserialization (CVE-2026-57527)
vulnerability in deserialization (CVE-2026-57527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53914 |
|
Unsafe Deserialization in deserialization (CVE-2026-53914)
vulnerability in deserialization (CVE-2026-53914). Confidential information can be exposed externally.
|
| CVE-2026-54512 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
|
| CVE-2026-49286 |
|
Unsafe Deserialization in pontedilana/php-weasyprint (CVE-2026-49286)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49286). Successful exploitation can lead to full system takeover. Exploitable via ``eb8accc``. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-50196 |
|
Vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196)
vulnerability in Steeltoe.Discovery.Eureka (CVE-2026-50196). Risk of unauthorized operations or information disclosure. Exploitable via ``DataCenterInfo.FromJson``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-12115 |
|
Unsafe Deserialization in wordpress (CVE-2026-12115)
vulnerability in wordpress (CVE-2026-12115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41699 |
|
Unsafe Deserialization in deserialization (CVE-2026-41699)
vulnerability in deserialization (CVE-2026-41699). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41731 |
|
Unsafe Deserialization in org.springframework.kafka:spring-kafka (CVE-2026-41731)
vulnerability in org.springframework.kafka:spring-kafka (CVE-2026-41731). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45484 |
|
Unsafe Deserialization in deserialization (CVE-2026-45484)
vulnerability in deserialization (CVE-2026-45484). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26142 |
|
Unsafe Deserialization in deserialization (CVE-2026-26142)
vulnerability in deserialization (CVE-2026-26142). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41855 |
|
Unsafe Deserialization in spring (CVE-2026-41855)
vulnerability in spring (CVE-2026-41855). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45034 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-45034)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-45034). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_url``. Mitigation: upgrade to `1.30.5` or later.
|
| CVE-2026-7566 |
|
Unsafe Deserialization in wordpress (CVE-2026-7566)
vulnerability in wordpress (CVE-2026-7566). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50076 |
|
Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
|
| CVE-2026-39555 |
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
| CVE-2026-9330 |
|
Unsafe Deserialization in deserialization (CVE-2026-9330)
vulnerability in deserialization (CVE-2026-9330). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9319 |
|
Unsafe Deserialization in deserialization (CVE-2026-9319)
vulnerability in deserialization (CVE-2026-9319). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47294 |
|
OS Command Injection in deserialization (CVE-2026-47294)
OS command injection in deserialization (CVE-2026-47294). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11993 |
|
Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9828 |
|
Unsafe Deserialization in ch.qos.logback:logback-core (CVE-2026-9828)
vulnerability in ch.qos.logback:logback-core (CVE-2026-9828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.5.33` or later.
|
| CVE-2026-6455 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
|
| CVE-2026-24162 |
|
Unsafe Deserialization in deserialization (CVE-2026-24162)
vulnerability in deserialization (CVE-2026-24162). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45659 KEV |
|
[KEV] Unsafe Deserialization in Microsoft deserialization (CVE-2026-45659)
vulnerability in Microsoft deserialization (CVE-2026-45659). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41104 |
|
Unsafe Deserialization in deserialization (CVE-2026-41104)
vulnerability in deserialization (CVE-2026-41104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-48207 |
|
Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
|
| CVE-2026-24216 |
|
Unsafe Deserialization in dos (CVE-2026-24216)
vulnerability in dos (CVE-2026-24216). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43633 |
|
Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
|