Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12378 |
|
Vulnerability in wordpress (CVE-2026-12378)
vulnerability in wordpress (CVE-2026-12378). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43825 |
|
Unsafe Deserialization in apache (CVE-2026-43825)
vulnerability in apache (CVE-2026-43825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46590 |
|
Unsafe Deserialization in apache (CVE-2026-46590)
vulnerability in apache (CVE-2026-46590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42527 |
|
Unsafe Deserialization in csharp (CVE-2026-42527)
vulnerability in csharp (CVE-2026-42527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43865 |
|
Unsafe Deserialization in csharp (CVE-2026-43865)
vulnerability in csharp (CVE-2026-43865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40859 |
|
Unsafe Deserialization in apache (CVE-2026-40859)
vulnerability in apache (CVE-2026-40859). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43867 |
|
Unsafe Deserialization in apache (CVE-2026-43867)
vulnerability in apache (CVE-2026-43867). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43866 |
|
Unsafe Deserialization in apache (CVE-2026-43866)
vulnerability in apache (CVE-2026-43866). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55223 |
|
Unsafe Deserialization in apache (CVE-2026-55223)
vulnerability in apache (CVE-2026-55223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46386 |
|
Unsafe Deserialization in rails (CVE-2026-46386)
vulnerability in rails (CVE-2026-46386). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12046 |
|
Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
|
| CVE-2026-12115 |
|
Unsafe Deserialization in wordpress (CVE-2026-12115)
vulnerability in wordpress (CVE-2026-12115). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41731 |
|
Unsafe Deserialization in org.springframework.kafka:spring-kafka (CVE-2026-41731)
vulnerability in org.springframework.kafka:spring-kafka (CVE-2026-41731). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41855 |
|
Unsafe Deserialization in spring (CVE-2026-41855)
vulnerability in spring (CVE-2026-41855). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7566 |
|
Unsafe Deserialization in wordpress (CVE-2026-7566)
vulnerability in wordpress (CVE-2026-7566). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50076 |
|
Unsafe Deserialization in apache (CVE-2026-50076)
vulnerability in apache (CVE-2026-50076). Confidential information can be exposed externally.
|
| CVE-2026-39555 |
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
| CVE-2025-11993 |
|
Unsafe Deserialization in wordpress (CVE-2025-11993)
vulnerability in wordpress (CVE-2025-11993). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6455 |
|
Cross-Site Request Forgery (CSRF) in wordpress (CVE-2026-6455)
vulnerability in wordpress (CVE-2026-6455). Data can be tampered with by attackers.
|
| CVE-2026-48207 |
|
Unsafe Deserialization in pyfory (CVE-2026-48207)
vulnerability in pyfory (CVE-2026-48207). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.0` or later.
|
| CVE-2026-7637 |
|
Unsafe Deserialization in wordpress (CVE-2026-7637)
vulnerability in wordpress (CVE-2026-7637). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44501 |
|
Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
|
| CVE-2026-5127 |
|
Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-42440 |
|
Vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440)
vulnerability in org.apache.opennlp:opennlp-tools (CVE-2026-42440). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.0-M3` or later.
|
| CVE-2026-40860 |
|
Unsafe Deserialization in apache (CVE-2026-40860)
vulnerability in apache (CVE-2026-40860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25747 |
|
Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
|
| CVE-2022-23302 |
|
Unsafe Deserialization in apache (CVE-2022-23302)
vulnerability in apache (CVE-2022-23302). Successful exploitation can lead to full system takeover.
|
| CVE-2022-23307 |
|
Unsafe Deserialization in apache (CVE-2022-23307)
vulnerability in apache (CVE-2022-23307). Successful exploitation can lead to full system takeover.
|
| CVE-2021-4104 |
|
Unsafe Deserialization in apache (CVE-2021-4104)
vulnerability in apache (CVE-2021-4104). Successful exploitation can lead to full system takeover.
|
| CVE-2019-17571 |
|
Unsafe Deserialization in log4j:log4j (CVE-2019-17571)
vulnerability in log4j:log4j (CVE-2019-17571). Successful exploitation can lead to full system takeover.
|
| CVE-2017-5641 |
|
Unsafe Deserialization in apache (CVE-2017-5641)
vulnerability in apache (CVE-2017-5641). Successful exploitation can lead to full system takeover.
|
| CVE-2017-5636 |
|
Vulnerability in apache (CVE-2017-5636)
vulnerability in apache (CVE-2017-5636). Successful exploitation can lead to full system takeover.
|
| CVE-2016-8736 |
|
Unsafe Deserialization in apache (CVE-2016-8736)
vulnerability in apache (CVE-2016-8736). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10932 |
|
Unsafe Deserialization in c (CVE-2017-10932)
vulnerability in c (CVE-2017-10932). Successful exploitation can lead to full system takeover.
|
| CVE-2017-12612 |
|
Unsafe Deserialization in apache (CVE-2017-12612)
vulnerability in apache (CVE-2017-12612). Successful exploitation can lead to full system takeover.
|
| CVE-2016-6809 |
|
Unsafe Deserialization in apache (CVE-2016-6809)
vulnerability in apache (CVE-2016-6809). Successful exploitation can lead to full system takeover.
|