Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-54414 Path Traversal in path-traversal (CVE-2026-54414)
path traversal in path-traversal (CVE-2026-54414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.16.0` or later.
CVE-2026-7515 Vulnerability in wordpress (CVE-2026-7515)
vulnerability in wordpress (CVE-2026-7515). Successful exploitation can lead to full system takeover. Exploitable via ``doc_style``.
CVE-2026-50195 Vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195)
vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195). Successful exploitation can lead to full system takeover. Exploitable via ``IfNotPresent``. Mitigation: upgrade to `2.3.2` or later.
CVE-2026-12048 Cross-Site Scripting (XSS) in react (CVE-2026-12048)
cross-site scripting in react (CVE-2026-12048). Confidential information can be exposed externally.
CVE-2026-12045 Command Injection in pgadmin (CVE-2026-12045)
command injection in pgadmin (CVE-2026-12045). Successful exploitation can lead to full system takeover.
CVE-2026-12046 Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
CVE-2026-54130 Vulnerability in microsoft (CVE-2026-54130)
vulnerability in microsoft (CVE-2026-54130). Successful exploitation can lead to full system takeover.
CVE-2026-47647 Vulnerability in microsoft (CVE-2026-47647)
vulnerability in microsoft (CVE-2026-47647). Successful exploitation can lead to full system takeover.
CVE-2026-49454 Authentication Bypass in relyra (CVE-2026-49454)
authentication bypass in relyra (CVE-2026-49454). Confidential information can be exposed externally. Exploitable via ``SignatureValue``. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-49257 Vulnerability in mcp-pinot-server (CVE-2026-49257)
vulnerability in mcp-pinot-server (CVE-2026-49257). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-49252 Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
CVE-2026-47846 Vulnerability in CVE-2026-47846 (CVE-2026-47846)
vulnerability in CVE-2026-47846 (CVE-2026-47846). Successful exploitation can lead to full system takeover.
CVE-2026-54390 Vulnerability in CVE-2026-54390 (CVE-2026-54390)
vulnerability in CVE-2026-54390 (CVE-2026-54390). Successful exploitation can lead to full system takeover.
CVE-2026-54103 Vulnerability in CVE-2026-54103 (CVE-2026-54103)
vulnerability in CVE-2026-54103 (CVE-2026-54103). Successful exploitation can lead to full system takeover.
CVE-2026-38717 Command Injection in inhandnetworks (CVE-2026-38717)
command injection in inhandnetworks (CVE-2026-38717). Successful exploitation can lead to full system takeover.
CVE-2026-38715 Command Injection in inhandnetworks (CVE-2026-38715)
command injection in inhandnetworks (CVE-2026-38715). Successful exploitation can lead to full system takeover.
CVE-2026-38716 Command Injection in inhandnetworks (CVE-2026-38716)
command injection in inhandnetworks (CVE-2026-38716). Successful exploitation can lead to full system takeover.
CVE-2026-38714 Command Injection in inhandnetworks (CVE-2026-38714)
command injection in inhandnetworks (CVE-2026-38714). Successful exploitation can lead to full system takeover.
CVE-2026-40624 Vulnerability in cisa (CVE-2026-40624)
vulnerability in cisa (CVE-2026-40624). Successful exploitation can lead to full system takeover.
CVE-2026-9158 Use-After-Free in eclipse (CVE-2026-9158)
vulnerability in eclipse (CVE-2026-9158). Successful exploitation can lead to full system takeover.
CVE-2026-8024 Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
CVE-2026-54419 SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
CVE-2026-55742 Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
CVE-2026-55740 SQL Injection in sqli (CVE-2026-55740)
SQL injection in sqli (CVE-2026-55740). Successful exploitation can lead to full system takeover.
CVE-2026-12569 KEV [KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-48768 Path Traversal in CVE-2026-48768 (CVE-2026-48768)
path traversal in CVE-2026-48768 (CVE-2026-48768). Data can be tampered with by attackers. Exploitable via `POST /api/blocks/file-input/v3/generate-upload-url`.
CVE-2026-54387 Vulnerability in CVE-2026-54387 (CVE-2026-54387)
vulnerability in CVE-2026-54387 (CVE-2026-54387). Confidential information can be exposed externally.
CVE-2026-54388 Vulnerability in CVE-2026-54388 (CVE-2026-54388)
vulnerability in CVE-2026-54388 (CVE-2026-54388). Confidential information can be exposed externally.
CVE-2026-55196 Vulnerability in CVE-2026-55196 (CVE-2026-55196)
vulnerability in CVE-2026-55196 (CVE-2026-55196). Confidential information can be exposed externally. Exploitable via `POST /api/auth/passkey/register/options`.
CVE-2026-48814 Vulnerability in network-ai (CVE-2026-48814)
vulnerability in network-ai (CVE-2026-48814). Confidential information can be exposed externally. Exploitable via `POST /mcp`. Mitigation: upgrade to `5.7.2` or later.
CVE-2026-55450 Information Disclosure in langflow (CVE-2026-55450)
vulnerability in langflow (CVE-2026-55450). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/upload/{flow_id}`. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-3894 Out-of-Bounds Read in rti (CVE-2026-3894)
vulnerability in rti (CVE-2026-3894). Confidential information can be exposed externally.
CVE-2026-53805 Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
CVE-2026-30803 Vulnerability in rti (CVE-2026-30803)
vulnerability in rti (CVE-2026-30803). Confidential information can be exposed externally.
CVE-2026-53873 Vulnerability in picklescan (CVE-2026-53873)
vulnerability in picklescan (CVE-2026-53873). Successful exploitation can lead to full system takeover. Exploitable via ``profile.Profile.run``. Mitigation: upgrade to `1.0.4` or later.
CVE-2026-36418 Code Injection in CVE-2026-36418 (CVE-2026-36418)
code injection in CVE-2026-36418 (CVE-2026-36418). Confidential information can be exposed externally.
CVE-2026-53874 Unsafe Deserialization in picklescan (CVE-2026-53874)
vulnerability in picklescan (CVE-2026-53874). Successful exploitation can lead to full system takeover. Exploitable via ``eval``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-20266 OS Command Injection in splunk (CVE-2026-20266)
OS command injection in splunk (CVE-2026-20266). Successful exploitation can lead to full system takeover.
CVE-2026-3490 Vulnerability in picklescan (CVE-2026-3490)
vulnerability in picklescan (CVE-2026-3490). Successful exploitation can lead to full system takeover. Exploitable via ``pkgutil.resolve_name``. Mitigation: upgrade to `1.0.4` or later.
CVE-2025-71325 Unsafe Deserialization in picklescan (CVE-2025-71325)
vulnerability in picklescan (CVE-2025-71325). Successful exploitation can lead to full system takeover. Exploitable via ``STACK_GLOBAL``. Mitigation: upgrade to `0.0.27` or later.
CVE-2025-71323 Vulnerability in picklescan (CVE-2025-71323)
vulnerability in picklescan (CVE-2025-71323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
CVE-2026-55743 OS Command Injection in CVE-2026-55743 (CVE-2026-55743)
OS command injection in CVE-2026-55743 (CVE-2026-55743). Successful exploitation can lead to full system takeover.
CVE-2025-71321 Unsafe Deserialization in picklescan (CVE-2025-71321)
vulnerability in picklescan (CVE-2025-71321). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
CVE-2025-71320 Vulnerability in picklescan (CVE-2025-71320)
vulnerability in picklescan (CVE-2025-71320). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
CVE-2026-54812 SQL Injection in sqli (CVE-2026-54812)
SQL injection in sqli (CVE-2026-54812). Confidential information can be exposed externally.
CVE-2026-54815 SQL Injection in c (CVE-2026-54815)
SQL injection in c (CVE-2026-54815). Confidential information can be exposed externally.
CVE-2026-54808 SQL Injection in sqli (CVE-2026-54808)
SQL injection in sqli (CVE-2026-54808). Confidential information can be exposed externally.
CVE-2026-49268 Vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268)
vulnerability in org.apache.shiro:shiro-core (CVE-2026-49268). Confidential information can be exposed externally. Mitigation: upgrade to `3.0.0-alpha-2` or later.
CVE-2026-49108 Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
Unauthenticated PHP Object Injection in Moderno < 1.43 versions.
CVE-2026-54809 SQL Injection in sqli (CVE-2026-54809)
SQL injection in sqli (CVE-2026-54809). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →