Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-67446 |
|
Vulnerability in CVE-2025-67446 (CVE-2025-67446)
vulnerability in CVE-2025-67446 (CVE-2025-67446). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43986 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43986)
SSRF in ssrf (CVE-2026-43986). Confidential information can be exposed externally. Exploitable via ``image_hash_lookup``.
|
| CVE-2026-36182 |
|
Vulnerability in CVE-2026-36182 (CVE-2026-36182)
vulnerability in CVE-2026-36182 (CVE-2026-36182). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35906 |
|
OS Command Injection in CVE-2026-35906 (CVE-2026-35906)
OS command injection in CVE-2026-35906 (CVE-2026-35906). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35904 |
|
Vulnerability in CVE-2026-35904 (CVE-2026-35904)
vulnerability in CVE-2026-35904 (CVE-2026-35904). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35905 |
|
Vulnerability in CVE-2026-35905 (CVE-2026-35905)
vulnerability in CVE-2026-35905 (CVE-2026-35905). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8037 |
|
Command Injection in CVE-2026-8037 (CVE-2026-8037)
command injection in CVE-2026-8037 (CVE-2026-8037). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25741 |
|
Vulnerability in CVE-2019-25741 (CVE-2019-25741)
vulnerability in CVE-2019-25741 (CVE-2019-25741). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25738 |
|
Vulnerability in wordpress (CVE-2019-25738)
vulnerability in wordpress (CVE-2019-25738). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25727 |
|
Path Traversal in wordpress (CVE-2019-25727)
path traversal in wordpress (CVE-2019-25727). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25729 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2019-25729)
vulnerability in csrf (CVE-2019-25729). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4104 |
|
SQL Injection in sqli (CVE-2026-4104)
SQL injection in sqli (CVE-2026-4104). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50225 |
|
Vulnerability in acer (CVE-2026-50225)
vulnerability in acer (CVE-2026-50225). Data can be tampered with by attackers.
|
| CVE-2026-50214 |
|
Vulnerability in acer (CVE-2026-50214)
vulnerability in acer (CVE-2026-50214). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50211 |
|
Vulnerability in acer (CVE-2026-50211)
vulnerability in acer (CVE-2026-50211). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50208 |
|
Vulnerability in acer (CVE-2026-50208)
vulnerability in acer (CVE-2026-50208). Confidential information can be exposed externally.
|
| CVE-2026-49191 |
|
Authentication Bypass in acer (CVE-2026-49191)
authentication bypass in acer (CVE-2026-49191). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49188 |
|
Vulnerability in acer (CVE-2026-49188)
vulnerability in acer (CVE-2026-49188). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49185 |
|
OS Command Injection in acer (CVE-2026-49185)
OS command injection in acer (CVE-2026-49185). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49186 |
|
Authentication Bypass in acer (CVE-2026-49186)
authentication bypass in acer (CVE-2026-49186). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41283 |
|
Authorization Flaw in CVE-2026-41283 (CVE-2026-41283)
vulnerability in CVE-2026-41283 (CVE-2026-41283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46266 |
|
Vulnerability in linux (CVE-2026-46266)
vulnerability in linux (CVE-2026-46266). Data can be tampered with by attackers.
|
| CVE-2026-46244 |
|
Vulnerability in c (CVE-2026-46244)
vulnerability in c (CVE-2026-46244). Confidential information can be exposed externally.
|
| CVE-2026-36748 |
|
Cross-Site Scripting (XSS) in CVE-2026-36748 (CVE-2026-36748)
cross-site scripting in CVE-2026-36748 (CVE-2026-36748). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36576 |
|
OS Command Injection in CVE-2026-36576 (CVE-2026-36576)
OS command injection in CVE-2026-36576 (CVE-2026-36576). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5241 |
|
Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
|
| CVE-2026-9648 |
|
Vulnerability in crypton-x509-validation (CVE-2026-9648)
vulnerability in crypton-x509-validation (CVE-2026-9648). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-35075 |
|
Vulnerability in mbs-solutions (CVE-2026-35075)
vulnerability in mbs-solutions (CVE-2026-35075). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47065 |
|
Unsafe Deserialization in apache (CVE-2026-47065)
vulnerability in apache (CVE-2026-47065). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14771 |
|
Vulnerability in abb (CVE-2025-14771)
vulnerability in abb (CVE-2025-14771). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32625 |
|
Information Disclosure in librechat (CVE-2026-32625)
vulnerability in librechat (CVE-2026-32625). Confidential information can be exposed externally.
|
| CVE-2026-49448 |
|
Authentication Bypass in authentik (CVE-2026-49448)
authentication bypass in authentik (CVE-2026-49448). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
|
| CVE-2026-42849 |
|
Cross-Site Scripting (XSS) in authentik (CVE-2026-42849)
cross-site scripting in authentik (CVE-2026-42849). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|
| CVE-2026-5076 |
|
Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
|
| CVE-2026-38967 |
|
Vulnerability in CVE-2026-38967 (CVE-2026-38967)
vulnerability in CVE-2026-38967 (CVE-2026-38967). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0611 |
|
Vulnerability in csharp (CVE-2026-0611)
vulnerability in csharp (CVE-2026-0611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47117 |
|
Code Injection in openmed (CVE-2026-47117)
code injection in openmed (CVE-2026-47117). Successful exploitation can lead to full system takeover. Exploitable via ``model_name``. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-7312 |
|
Vulnerability in progress (CVE-2026-7312)
vulnerability in progress (CVE-2026-7312). Confidential information can be exposed externally.
|
| CVE-2026-7198 |
|
Vulnerability in progress (CVE-2026-7198)
vulnerability in progress (CVE-2026-7198). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10611 |
|
Authentication Bypass in misp (CVE-2026-10611)
authentication bypass in misp (CVE-2026-10611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42684 |
|
SQL Injection in sqli (CVE-2026-42684)
SQL injection in sqli (CVE-2026-42684). Confidential information can be exposed externally.
|
| CVE-2025-53209 |
|
Vulnerability in privilege-escalation (CVE-2025-53209)
vulnerability in privilege-escalation (CVE-2025-53209). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8206 |
|
Privilege Escalation in wordpress (CVE-2026-8206)
vulnerability in wordpress (CVE-2026-8206). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40965 |
|
Information Disclosure in CVE-2026-40965 (CVE-2026-40965)
vulnerability in CVE-2026-40965 (CVE-2026-40965). Confidential information can be exposed externally. Mitigation: upgrade to `78.13.0` or later.
|
| CVE-2018-25427 |
|
Vulnerability in CVE-2018-25427 (CVE-2018-25427)
vulnerability in CVE-2018-25427 (CVE-2018-25427). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8644 |
|
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.
|
| CVE-2026-9319 |
|
Unsafe Deserialization in deserialization (CVE-2026-9319)
vulnerability in deserialization (CVE-2026-9319). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9311 |
|
Code Injection in ibm (CVE-2026-9311)
code injection in ibm (CVE-2026-9311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45131 |
|
Code Injection in CVE-2026-45131 (CVE-2026-45131)
code injection in CVE-2026-45131 (CVE-2026-45131). Confidential information can be exposed externally.
|
| CVE-2026-45132 |
|
Code Injection in CVE-2026-45132 (CVE-2026-45132)
code injection in CVE-2026-45132 (CVE-2026-45132). Confidential information can be exposed externally.
|