Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54414 |
|
Path Traversal in path-traversal (CVE-2026-54414)
path traversal in path-traversal (CVE-2026-54414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.16.0` or later.
|
| CVE-2026-7515 |
|
Vulnerability in wordpress (CVE-2026-7515)
vulnerability in wordpress (CVE-2026-7515). Successful exploitation can lead to full system takeover. Exploitable via ``doc_style``.
|
| CVE-2026-50195 |
|
Vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195)
vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195). Successful exploitation can lead to full system takeover. Exploitable via ``IfNotPresent``. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-12048 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-12048)
cross-site scripting in react (CVE-2026-12048). Confidential information can be exposed externally.
|
| CVE-2026-12045 |
|
Command Injection in pgadmin (CVE-2026-12045)
command injection in pgadmin (CVE-2026-12045). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12046 |
|
Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
|
| CVE-2026-54130 |
|
Vulnerability in microsoft (CVE-2026-54130)
vulnerability in microsoft (CVE-2026-54130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47647 |
|
Vulnerability in microsoft (CVE-2026-47647)
vulnerability in microsoft (CVE-2026-47647). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49454 |
|
Authentication Bypass in relyra (CVE-2026-49454)
authentication bypass in relyra (CVE-2026-49454). Confidential information can be exposed externally. Exploitable via ``SignatureValue``. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-49257 |
|
Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-49252 |
|
Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
|
| CVE-2026-47846 |
|
Vulnerability in CVE-2026-47846 (CVE-2026-47846)
vulnerability in CVE-2026-47846 (CVE-2026-47846). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54390 |
|
Vulnerability in CVE-2026-54390 (CVE-2026-54390)
vulnerability in CVE-2026-54390 (CVE-2026-54390). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54103 |
|
Vulnerability in CVE-2026-54103 (CVE-2026-54103)
vulnerability in CVE-2026-54103 (CVE-2026-54103). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38717 |
|
Command Injection in inhandnetworks (CVE-2026-38717)
command injection in inhandnetworks (CVE-2026-38717). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38715 |
|
Command Injection in inhandnetworks (CVE-2026-38715)
command injection in inhandnetworks (CVE-2026-38715). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38716 |
|
Command Injection in inhandnetworks (CVE-2026-38716)
command injection in inhandnetworks (CVE-2026-38716). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38714 |
|
Command Injection in inhandnetworks (CVE-2026-38714)
command injection in inhandnetworks (CVE-2026-38714). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40624 |
|
Vulnerability in cisa (CVE-2026-40624)
vulnerability in cisa (CVE-2026-40624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9158 |
|
Use-After-Free in eclipse (CVE-2026-9158)
vulnerability in eclipse (CVE-2026-9158). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8024 |
|
Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54419 |
|
SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55740 |
|
SQL Injection in sqli (CVE-2026-55740)
SQL injection in sqli (CVE-2026-55740). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12569 KEV |
|
[KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-48768 |
|
Path Traversal in CVE-2026-48768 (CVE-2026-48768)
path traversal in CVE-2026-48768 (CVE-2026-48768). Data can be tampered with by attackers. Exploitable via `POST /api/blocks/file-input/v3/generate-upload-url`.
|
| CVE-2026-54387 |
|
Vulnerability in CVE-2026-54387 (CVE-2026-54387)
vulnerability in CVE-2026-54387 (CVE-2026-54387). Confidential information can be exposed externally.
|
| CVE-2026-54388 |
|
Vulnerability in CVE-2026-54388 (CVE-2026-54388)
vulnerability in CVE-2026-54388 (CVE-2026-54388). Confidential information can be exposed externally.
|
| CVE-2026-55196 |
|
Vulnerability in CVE-2026-55196 (CVE-2026-55196)
vulnerability in CVE-2026-55196 (CVE-2026-55196). Confidential information can be exposed externally. Exploitable via `POST /api/auth/passkey/register/options`.
|
| CVE-2026-48814 |
|
Vulnerability in network-ai (CVE-2026-48814)
vulnerability in network-ai (CVE-2026-48814). Confidential information can be exposed externally. Exploitable via `POST /mcp`. Mitigation: upgrade to `5.7.2` or later.
|
| CVE-2026-55450 |
|
Information Disclosure in langflow (CVE-2026-55450)
vulnerability in langflow (CVE-2026-55450). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/upload/{flow_id}`. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-3894 |
|
Out-of-Bounds Read in rti (CVE-2026-3894)
vulnerability in rti (CVE-2026-3894). Confidential information can be exposed externally.
|
| CVE-2026-53805 |
|
Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30803 |
|
Vulnerability in rti (CVE-2026-30803)
vulnerability in rti (CVE-2026-30803). Confidential information can be exposed externally.
|
| CVE-2026-53873 |
|
Vulnerability in picklescan (CVE-2026-53873)
vulnerability in picklescan (CVE-2026-53873). Successful exploitation can lead to full system takeover. Exploitable via ``profile.Profile.run``. Mitigation: upgrade to `1.0.4` or later.
|
| CVE-2026-36418 |
|
Code Injection in CVE-2026-36418 (CVE-2026-36418)
code injection in CVE-2026-36418 (CVE-2026-36418). Confidential information can be exposed externally.
|
| CVE-2026-53874 |
|
Unsafe Deserialization in picklescan (CVE-2026-53874)
vulnerability in picklescan (CVE-2026-53874). Successful exploitation can lead to full system takeover. Exploitable via ``eval``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-20266 |
|
OS Command Injection in splunk (CVE-2026-20266)
OS command injection in splunk (CVE-2026-20266). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3490 |
|
Vulnerability in picklescan (CVE-2026-3490)
vulnerability in picklescan (CVE-2026-3490). Successful exploitation can lead to full system takeover. Exploitable via ``pkgutil.resolve_name``. Mitigation: upgrade to `1.0.4` or later.
|
| CVE-2025-71325 |
|
Unsafe Deserialization in picklescan (CVE-2025-71325)
vulnerability in picklescan (CVE-2025-71325). Successful exploitation can lead to full system takeover. Exploitable via ``STACK_GLOBAL``. Mitigation: upgrade to `0.0.27` or later.
|
| CVE-2025-71323 |
|
Vulnerability in picklescan (CVE-2025-71323)
vulnerability in picklescan (CVE-2025-71323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-55743 |
|
OS Command Injection in CVE-2026-55743 (CVE-2026-55743)
OS command injection in CVE-2026-55743 (CVE-2026-55743). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71321 |
|
Unsafe Deserialization in picklescan (CVE-2025-71321)
vulnerability in picklescan (CVE-2025-71321). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2025-71320 |
|
Vulnerability in picklescan (CVE-2025-71320)
vulnerability in picklescan (CVE-2025-71320). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-54812 |
|
SQL Injection in sqli (CVE-2026-54812)
SQL injection in sqli (CVE-2026-54812). Confidential information can be exposed externally.
|
| CVE-2026-54815 |
|
SQL Injection in c (CVE-2026-54815)
SQL injection in c (CVE-2026-54815). Confidential information can be exposed externally.
|
| CVE-2026-54808 |
|
SQL Injection in sqli (CVE-2026-54808)
SQL injection in sqli (CVE-2026-54808). Confidential information can be exposed externally.
|
| CVE-2026-49268 |
|
Vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
|
| CVE-2026-49108 |
|
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
|
| CVE-2026-54809 |
|
SQL Injection in sqli (CVE-2026-54809)
SQL injection in sqli (CVE-2026-54809). Confidential information can be exposed externally.
|