Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42672 |
|
SQL Injection in sqli (CVE-2026-42672)
SQL injection in sqli (CVE-2026-42672). Confidential information can be exposed externally.
|
| CVE-2026-42680 |
|
Vulnerability in privilege-escalation (CVE-2026-42680)
vulnerability in privilege-escalation (CVE-2026-42680). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42682 |
|
Vulnerability in CVE-2026-42682 (CVE-2026-42682)
vulnerability in CVE-2026-42682 (CVE-2026-42682). Data can be tampered with by attackers.
|
| CVE-2026-48866 |
|
Path Traversal in path-traversal (CVE-2026-48866)
path traversal in path-traversal (CVE-2026-48866). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48879 |
|
Vulnerability in privilege-escalation (CVE-2026-48879)
vulnerability in privilege-escalation (CVE-2026-48879). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7858 |
|
Unsafe Deserialization in deserialization (CVE-2026-7858)
vulnerability in deserialization (CVE-2026-7858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42252 |
|
Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-48188 |
|
Vulnerability in sqli (CVE-2026-48188)
vulnerability in sqli (CVE-2026-48188). Confidential information can be exposed externally.
|
| CVE-2026-10187 |
|
Buffer Overflow in CVE-2026-10187 (CVE-2026-10187)
vulnerability in CVE-2026-10187 (CVE-2026-10187). Successful exploitation can lead to full system takeover.
|
| CVE-2018-25412 |
|
Vulnerability in deltasql-project (CVE-2018-25412)
vulnerability in deltasql-project (CVE-2018-25412). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45700 |
|
Out-of-Bounds Write in c (CVE-2026-45700)
out-of-bounds write in c (CVE-2026-45700). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-45372 |
|
Vulnerability in c (CVE-2026-45372)
vulnerability in c (CVE-2026-45372). Data can be tampered with by attackers. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-9051 |
|
Vulnerability in privilege-escalation (CVE-2026-9051)
vulnerability in privilege-escalation (CVE-2026-9051). Confidential information can be exposed externally.
|
| CVE-2026-47744 |
|
Privilege Escalation in shopper/framework (CVE-2026-47744)
vulnerability in shopper/framework (CVE-2026-47744). Successful exploitation can lead to full system takeover. Exploitable via ``view_users``. Mitigation: upgrade to `2.8.0` or later.
|
| CVE-2026-45633 |
|
OS Command Injection in CVE-2026-45633 (CVE-2026-45633)
OS command injection in CVE-2026-45633 (CVE-2026-45633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45630 |
|
OS Command Injection in CVE-2026-45630 (CVE-2026-45630)
OS command injection in CVE-2026-45630 (CVE-2026-45630). Confidential information can be exposed externally.
|
| CVE-2026-45631 |
|
Vulnerability in CVE-2026-45631 (CVE-2026-45631)
vulnerability in CVE-2026-45631 (CVE-2026-45631). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.29.3` or later.
|
| CVE-2026-45632 |
|
OS Command Injection in CVE-2026-45632 (CVE-2026-45632)
OS command injection in CVE-2026-45632 (CVE-2026-45632). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45661 |
|
Path Traversal in path-traversal (CVE-2026-45661)
path traversal in path-traversal (CVE-2026-45661). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45628 |
|
Vulnerability in c (CVE-2026-45628)
vulnerability in c (CVE-2026-45628). Confidential information can be exposed externally.
|
| CVE-2026-45629 |
|
OS Command Injection in CVE-2026-45629 (CVE-2026-45629)
OS command injection in CVE-2026-45629 (CVE-2026-45629). Confidential information can be exposed externally.
|
| CVE-2026-47140 |
|
Vulnerability in vm2 (CVE-2026-47140)
vulnerability in vm2 (CVE-2026-47140). Successful exploitation can lead to full system takeover. Exploitable via ``NodeVM``. Mitigation: upgrade to `3.11.4` or later.
|
| CVE-2026-47210 |
|
Vulnerability in vm2 (CVE-2026-47210)
vulnerability in vm2 (CVE-2026-47210). Successful exploitation can lead to full system takeover. Exploitable via ``vm2``. Mitigation: upgrade to `3.11.4` or later.
|
| CVE-2026-47137 |
|
Vulnerability in vm2 (CVE-2026-47137)
vulnerability in vm2 (CVE-2026-47137). Successful exploitation can lead to full system takeover. Exploitable via ``nodevm.js``. Mitigation: upgrade to `3.11.4` or later.
|
| CVE-2026-47208 |
|
Vulnerability in vm2 (CVE-2026-47208)
vulnerability in vm2 (CVE-2026-47208). Successful exploitation can lead to full system takeover. Exploitable via ``localPromise``. Mitigation: upgrade to `3.11.4` or later.
|
| CVE-2026-47131 |
|
Vulnerability in vm2 (CVE-2026-47131)
vulnerability in vm2 (CVE-2026-47131). Successful exploitation can lead to full system takeover. Exploitable via ``ERR_INVALID_ARG_TYPE``. Mitigation: upgrade to `3.11.4` or later.
|
| CVE-2026-45663 |
|
Command Injection in CVE-2026-45663 (CVE-2026-45663)
command injection in CVE-2026-45663 (CVE-2026-45663). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44962 |
|
Vulnerability in privilege-escalation (CVE-2026-44962)
vulnerability in privilege-escalation (CVE-2026-44962). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10042 |
|
Unsafe Deserialization in deserialization (CVE-2026-10042)
vulnerability in deserialization (CVE-2026-10042). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4290 |
|
Vulnerability in wordpress (CVE-2026-4290)
vulnerability in wordpress (CVE-2026-4290). Data can be tampered with by attackers.
|
| CVE-2026-46376 |
|
Vulnerability in sangoma (CVE-2026-46376)
vulnerability in sangoma (CVE-2026-46376). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.45` or later.
|
| CVE-2026-10071 |
|
Unrestricted File Upload in CVE-2026-10071 (CVE-2026-10071)
vulnerability in CVE-2026-10071 (CVE-2026-10071). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45312 |
|
Vulnerability in CVE-2026-45312 (CVE-2026-45312)
vulnerability in CVE-2026-45312 (CVE-2026-45312). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41277 |
|
OS Command Injection in waterfall-security (CVE-2025-41277)
OS command injection in waterfall-security (CVE-2025-41277). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41274 |
|
OS Command Injection in waterfall-security (CVE-2025-41274)
OS command injection in waterfall-security (CVE-2025-41274). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41275 |
|
OS Command Injection in waterfall-security (CVE-2025-41275)
OS command injection in waterfall-security (CVE-2025-41275). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41276 |
|
OS Command Injection in waterfall-security (CVE-2025-41276)
OS command injection in waterfall-security (CVE-2025-41276). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41273 |
|
Vulnerability in waterfall-security (CVE-2025-41273)
vulnerability in waterfall-security (CVE-2025-41273). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49201 |
|
Vulnerability in acer (CVE-2026-49201)
vulnerability in acer (CVE-2026-49201). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41272 |
|
OS Command Injection in waterfall-security (CVE-2025-41272)
OS command injection in waterfall-security (CVE-2025-41272). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41268 |
|
Vulnerability in path-traversal (CVE-2025-41268)
vulnerability in path-traversal (CVE-2025-41268). Data can be tampered with by attackers.
|
| CVE-2025-41270 |
|
OS Command Injection in waterfall-security (CVE-2025-41270)
OS command injection in waterfall-security (CVE-2025-41270). Successful exploitation can lead to full system takeover.
|
| CVE-2025-41269 |
|
OS Command Injection in waterfall-security (CVE-2025-41269)
OS command injection in waterfall-security (CVE-2025-41269). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9559 |
|
Path Traversal in mautic/core (CVE-2026-9559)
path traversal in mautic/core (CVE-2026-9559). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-9558 |
|
Vulnerability in mautic/core (CVE-2026-9558)
vulnerability in mautic/core (CVE-2026-9558). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
|
| CVE-2026-49199 |
|
Command Injection in acer (CVE-2026-49199)
command injection in acer (CVE-2026-49199). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49200 |
|
Vulnerability in acer (CVE-2026-49200)
vulnerability in acer (CVE-2026-49200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49197 |
|
Authentication Bypass in acer (CVE-2026-49197)
authentication bypass in acer (CVE-2026-49197). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-3655 |
|
Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
|
| CVE-2026-8732 |
|
Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
|