Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53869 |
|
Vulnerability in hermes-agent (CVE-2026-53869)
vulnerability in hermes-agent (CVE-2026-53869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.16.0` or later.
|
| CVE-2026-12530 |
|
Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
|
| CVE-2026-48979 |
|
Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
|
| CVE-2026-55470 |
|
Vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470). Risk of unauthorized operations or information disclosure. Exploitable via ``RegexTimeout``. Mitigation: upgrade to `6.9.10` or later.
|
| CVE-2026-55760 |
|
Path Traversal in com.github.jknack:handlebars (CVE-2026-55760)
path traversal in com.github.jknack:handlebars (CVE-2026-55760). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.2` or later.
|
| CVE-2026-55409 |
|
Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
|
| CVE-2026-30799 |
|
Vulnerability in rti (CVE-2026-30799)
vulnerability in rti (CVE-2026-30799). Data can be tampered with by attackers.
|
| CVE-2026-2674 |
|
Out-of-Bounds Write in rti (CVE-2026-2674)
out-of-bounds write in rti (CVE-2026-2674). Data can be tampered with by attackers.
|
| CVE-2026-20190 |
|
Vulnerability in cisco (CVE-2026-20190)
vulnerability in cisco (CVE-2026-20190). Confidential information can be exposed externally.
|
| CVE-2026-32652 |
|
Vulnerability in dell (CVE-2026-32652)
vulnerability in dell (CVE-2026-32652). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30802 |
|
Out-of-Bounds Read in rti (CVE-2026-30802)
vulnerability in rti (CVE-2026-30802). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2467 |
|
Vulnerability in rti (CVE-2026-2467)
vulnerability in rti (CVE-2026-2467). Data can be tampered with by attackers.
|
| CVE-2026-53872 |
|
Path Traversal in picklescan (CVE-2026-53872)
path traversal in picklescan (CVE-2026-53872). Confidential information can be exposed externally. Exploitable via ``picklescan``. Mitigation: upgrade to `0.0.35` or later.
|
| CVE-2025-71322 |
|
Vulnerability in picklescan (CVE-2025-71322)
vulnerability in picklescan (CVE-2025-71322). Successful exploitation can lead to full system takeover. Exploitable via ``pty``. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2025-26240 |
|
Vulnerability in pdfkit (CVE-2025-26240)
vulnerability in pdfkit (CVE-2025-26240). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49502 |
|
Authentication Bypass in dell (CVE-2026-49502)
authentication bypass in dell (CVE-2026-49502). Confidential information can be exposed externally.
|
| CVE-2026-35066 |
|
Vulnerability in dos (CVE-2026-35066)
vulnerability in dos (CVE-2026-35066). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42055 |
|
Vulnerability in nginx (CVE-2026-42055)
vulnerability in nginx (CVE-2026-42055). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42530 |
|
Use-After-Free in nginx (CVE-2026-42530)
vulnerability in nginx (CVE-2026-42530). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54415 |
|
Privilege Escalation in CVE-2026-54415 (CVE-2026-54415)
vulnerability in CVE-2026-54415 (CVE-2026-54415). Confidential information can be exposed externally.
|
| CVE-2026-54810 |
|
Vulnerability in CVE-2026-54810 (CVE-2026-54810)
vulnerability in CVE-2026-54810 (CVE-2026-54810). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35065 |
|
Vulnerability in dos (CVE-2026-35065)
vulnerability in dos (CVE-2026-35065). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22283 |
|
Vulnerability in dell (CVE-2026-22283)
vulnerability in dell (CVE-2026-22283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11311 |
|
Vulnerability in nginx (CVE-2026-11311)
vulnerability in nginx (CVE-2026-11311). Confidential information can be exposed externally.
|
| CVE-2026-54813 |
|
SQL Injection in sqli (CVE-2026-54813)
SQL injection in sqli (CVE-2026-54813). Confidential information can be exposed externally.
|
| CVE-2026-32804 |
|
Authentication Bypass in dell (CVE-2026-32804)
authentication bypass in dell (CVE-2026-32804). Data can be tampered with by attackers.
|
| CVE-2026-55738 |
|
Vulnerability in c (CVE-2026-55738)
vulnerability in c (CVE-2026-55738). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54193 |
|
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
|
| CVE-2026-54417 |
|
Vulnerability in c (CVE-2026-54417)
vulnerability in c (CVE-2026-54417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54816 |
|
Code Injection in CVE-2026-54816 (CVE-2026-54816)
code injection in CVE-2026-54816 (CVE-2026-54816). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52707 |
|
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
|
| CVE-2026-54818 |
|
SQL Injection in sqli (CVE-2026-54818)
SQL injection in sqli (CVE-2026-54818). Confidential information can be exposed externally.
|
| CVE-2026-54814 |
|
Vulnerability in CVE-2026-54814 (CVE-2026-54814)
vulnerability in CVE-2026-54814 (CVE-2026-54814). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40757 |
|
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
|
| CVE-2026-40733 |
|
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
|
| CVE-2026-40720 |
|
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
|
| CVE-2026-40752 |
|
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
|
| CVE-2026-40756 |
|
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
|
| CVE-2026-39576 |
|
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
|
| CVE-2026-39560 |
|
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
|
| CVE-2026-39559 |
|
Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
|
| CVE-2026-39445 |
|
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
|
| CVE-2026-39523 |
|
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
|
| CVE-2026-40738 |
|
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
|
| CVE-2025-69130 |
|
Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69175 |
|
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
|
| CVE-2026-39442 |
|
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
|
| CVE-2026-39556 |
|
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
|
| CVE-2025-69128 |
|
Path Traversal in path-traversal (CVE-2025-69128)
path traversal in path-traversal (CVE-2025-69128). Risk of unauthorized operations or information disclosure.
|