Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-53869 Vulnerability in hermes-agent (CVE-2026-53869)
vulnerability in hermes-agent (CVE-2026-53869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.16.0` or later.
CVE-2026-53870 Vulnerability in hermes-agent (CVE-2026-53870)
vulnerability in hermes-agent (CVE-2026-53870). Confidential information can be exposed externally. Mitigation: upgrade to `0.16.0` or later.
CVE-2026-55196 Vulnerability in CVE-2026-55196 (CVE-2026-55196)
vulnerability in CVE-2026-55196 (CVE-2026-55196). Confidential information can be exposed externally. Exploitable via `POST /api/auth/passkey/register/options`.
CVE-2026-10741 Authorization Flaw in CVE-2026-10741 (CVE-2026-10741)
vulnerability in CVE-2026-10741 (CVE-2026-10741). Risk of unauthorized operations or information disclosure.
CVE-2026-12530 Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
CVE-2026-48979 Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
CVE-2026-48821 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2026-48821)
cross-site scripting in privilege-escalation (CVE-2026-48821). Confidential information can be exposed externally.
CVE-2026-48823 Cross-Site Scripting (XSS) in CVE-2026-48823 (CVE-2026-48823)
cross-site scripting in CVE-2026-48823 (CVE-2026-48823). Confidential information can be exposed externally.
CVE-2026-48822 Cross-Site Scripting (XSS) in CVE-2026-48822 (CVE-2026-48822)
cross-site scripting in CVE-2026-48822 (CVE-2026-48822). Confidential information can be exposed externally.
CVE-2026-48814 Vulnerability in network-ai (CVE-2026-48814)
vulnerability in network-ai (CVE-2026-48814). Confidential information can be exposed externally. Exploitable via `POST /mcp`. Mitigation: upgrade to `5.7.2` or later.
CVE-2026-55590 Open Redirect in cakephp/authentication (CVE-2026-55590)
vulnerability in cakephp/authentication (CVE-2026-55590). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.6` or later.
CVE-2026-55518 Vulnerability in avo (CVE-2026-55518)
vulnerability in avo (CVE-2026-55518). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resources/`. Mitigation: upgrade to `4.0.0.beta.51` or later.
CVE-2026-55517 Vulnerability in deno (CVE-2026-55517)
vulnerability in deno (CVE-2026-55517). Risk of unauthorized operations or information disclosure. Exploitable via ``WebSocket``. Mitigation: upgrade to `2.7.5` or later.
CVE-2026-55471 XXE (XML External Entity) in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.utilities (CVE-2026-55471). Risk of unauthorized operations or information disclosure. Exploitable via `GET /evil-fhir-xslt-ssrf.dtd`. Mitigation: upgrade to `6.9.10` or later.
CVE-2026-55470 Vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470). Risk of unauthorized operations or information disclosure. Exploitable via ``RegexTimeout``. Mitigation: upgrade to `6.9.10` or later.
CVE-2026-55450 Information Disclosure in langflow (CVE-2026-55450)
vulnerability in langflow (CVE-2026-55450). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/upload/{flow_id}`. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-55760 Path Traversal in com.github.jknack:handlebars (CVE-2026-55760)
path traversal in com.github.jknack:handlebars (CVE-2026-55760). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.2` or later.
CVE-2026-55409 Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
CVE-2026-55405 SQL Injection in dev.langchain4j:langchain4j-mariadb (CVE-2026-55405)
SQL injection in dev.langchain4j:langchain4j-mariadb (CVE-2026-55405). Confidential information can be exposed externally. Exploitable via ``COMBINED_JSON``. Mitigation: upgrade to `1.16.3-beta26` or later.
CVE-2026-30799 Vulnerability in rti (CVE-2026-30799)
vulnerability in rti (CVE-2026-30799). Data can be tampered with by attackers.
CVE-2026-48591 Vulnerability in earmark (CVE-2026-48591)
vulnerability in earmark (CVE-2026-48591). Risk of unauthorized operations or information disclosure.
CVE-2026-39199 snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.
CVE-2026-3894 Out-of-Bounds Read in rti (CVE-2026-3894)
vulnerability in rti (CVE-2026-3894). Confidential information can be exposed externally.
CVE-2026-7300 Vulnerability in rti (CVE-2026-7300)
vulnerability in rti (CVE-2026-7300). Risk of unauthorized operations or information disclosure.
CVE-2026-53805 Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
CVE-2026-30803 Vulnerability in rti (CVE-2026-30803)
vulnerability in rti (CVE-2026-30803). Confidential information can be exposed externally.
CVE-2026-2674 Out-of-Bounds Write in rti (CVE-2026-2674)
out-of-bounds write in rti (CVE-2026-2674). Data can be tampered with by attackers.
CVE-2026-20190 Vulnerability in cisco (CVE-2026-20190)
vulnerability in cisco (CVE-2026-20190). Confidential information can be exposed externally.
CVE-2026-53873 Vulnerability in picklescan (CVE-2026-53873)
vulnerability in picklescan (CVE-2026-53873). Successful exploitation can lead to full system takeover. Exploitable via ``profile.Profile.run``. Mitigation: upgrade to `1.0.4` or later.
CVE-2026-53875 Vulnerability in picklescan (CVE-2026-53875)
vulnerability in picklescan (CVE-2026-53875). Risk of unauthorized operations or information disclosure. Exploitable via ``scan_pytorch``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-35068 SQL Injection in sqli (CVE-2026-35068)
SQL injection in sqli (CVE-2026-35068). Risk of unauthorized operations or information disclosure.
CVE-2026-36418 Code Injection in CVE-2026-36418 (CVE-2026-36418)
code injection in CVE-2026-36418 (CVE-2026-36418). Confidential information can be exposed externally.
CVE-2026-53874 Unsafe Deserialization in picklescan (CVE-2026-53874)
vulnerability in picklescan (CVE-2026-53874). Successful exploitation can lead to full system takeover. Exploitable via ``eval``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-12515 Vulnerability in katello (CVE-2026-12515)
vulnerability in katello (CVE-2026-12515). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.21.0.rc1` or later.
CVE-2026-32652 Vulnerability in dell (CVE-2026-32652)
vulnerability in dell (CVE-2026-32652). Successful exploitation can lead to full system takeover.
CVE-2026-1288 Vulnerability in autodesk (CVE-2026-1288)
vulnerability in autodesk (CVE-2026-1288). Risk of unauthorized operations or information disclosure.
CVE-2026-2675 Vulnerability in rti (CVE-2026-2675)
vulnerability in rti (CVE-2026-2675). Data can be tampered with by attackers.
CVE-2026-30802 Out-of-Bounds Read in rti (CVE-2026-30802)
vulnerability in rti (CVE-2026-30802). Risk of unauthorized operations or information disclosure.
CVE-2026-2467 Vulnerability in rti (CVE-2026-2467)
vulnerability in rti (CVE-2026-2467). Data can be tampered with by attackers.
CVE-2026-20265 Vulnerability in splunk (CVE-2026-20265)
vulnerability in splunk (CVE-2026-20265). Risk of unauthorized operations or information disclosure.
CVE-2026-20266 OS Command Injection in splunk (CVE-2026-20266)
OS command injection in splunk (CVE-2026-20266). Successful exploitation can lead to full system takeover.
CVE-2026-35069 SQL Injection in sqli (CVE-2026-35069)
SQL injection in sqli (CVE-2026-35069). Confidential information can be exposed externally.
CVE-2026-53872 Path Traversal in picklescan (CVE-2026-53872)
path traversal in picklescan (CVE-2026-53872). Confidential information can be exposed externally. Exploitable via ``picklescan``. Mitigation: upgrade to `0.0.35` or later.
CVE-2026-3490 Vulnerability in picklescan (CVE-2026-3490)
vulnerability in picklescan (CVE-2026-3490). Successful exploitation can lead to full system takeover. Exploitable via ``pkgutil.resolve_name``. Mitigation: upgrade to `1.0.4` or later.
CVE-2025-71322 Vulnerability in picklescan (CVE-2025-71322)
vulnerability in picklescan (CVE-2025-71322). Successful exploitation can lead to full system takeover. Exploitable via ``pty``. Mitigation: upgrade to `0.0.33` or later.
CVE-2025-26240 Vulnerability in pdfkit (CVE-2025-26240)
vulnerability in pdfkit (CVE-2025-26240). Successful exploitation can lead to full system takeover.
CVE-2025-71325 Unsafe Deserialization in picklescan (CVE-2025-71325)
vulnerability in picklescan (CVE-2025-71325). Successful exploitation can lead to full system takeover. Exploitable via ``STACK_GLOBAL``. Mitigation: upgrade to `0.0.27` or later.
CVE-2025-71323 Vulnerability in picklescan (CVE-2025-71323)
vulnerability in picklescan (CVE-2025-71323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
CVE-2026-49502 Authentication Bypass in dell (CVE-2026-49502)
authentication bypass in dell (CVE-2026-49502). Confidential information can be exposed externally.
CVE-2026-35066 Vulnerability in dos (CVE-2026-35066)
vulnerability in dos (CVE-2026-35066). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →