Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-11407 Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
CVE-2026-53869 Vulnerability in hermes-agent (CVE-2026-53869)
vulnerability in hermes-agent (CVE-2026-53869). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.16.0` or later.
CVE-2026-12530 Vulnerability in Amazon bedrock-agentcore (CVE-2026-12530)
vulnerability in Amazon bedrock-agentcore (CVE-2026-12530). Confidential information can be exposed externally. Mitigation: upgrade to `1.6.1` or later.
CVE-2026-48979 Vulnerability in php-standard-library/h2 (CVE-2026-48979)
vulnerability in php-standard-library/h2 (CVE-2026-48979). Data can be tampered with by attackers. Exploitable via ``StreamException``. Mitigation: upgrade to `6.2.1` or later.
CVE-2026-55470 Vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470)
vulnerability in ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 (CVE-2026-55470). Risk of unauthorized operations or information disclosure. Exploitable via ``RegexTimeout``. Mitigation: upgrade to `6.9.10` or later.
CVE-2026-55760 Path Traversal in com.github.jknack:handlebars (CVE-2026-55760)
path traversal in com.github.jknack:handlebars (CVE-2026-55760). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.2` or later.
CVE-2026-55409 Cross-Site Scripting (XSS) in filament/forms (CVE-2026-55409)
cross-site scripting in filament/forms (CVE-2026-55409). Confidential information can be exposed externally. Exploitable via ``RichEditor``. Mitigation: upgrade to `3.3.53` or later.
CVE-2026-30799 Vulnerability in rti (CVE-2026-30799)
vulnerability in rti (CVE-2026-30799). Data can be tampered with by attackers.
CVE-2026-2674 Out-of-Bounds Write in rti (CVE-2026-2674)
out-of-bounds write in rti (CVE-2026-2674). Data can be tampered with by attackers.
CVE-2026-20190 Vulnerability in cisco (CVE-2026-20190)
vulnerability in cisco (CVE-2026-20190). Confidential information can be exposed externally.
CVE-2026-32652 Vulnerability in dell (CVE-2026-32652)
vulnerability in dell (CVE-2026-32652). Successful exploitation can lead to full system takeover.
CVE-2026-30802 Out-of-Bounds Read in rti (CVE-2026-30802)
vulnerability in rti (CVE-2026-30802). Risk of unauthorized operations or information disclosure.
CVE-2026-2467 Vulnerability in rti (CVE-2026-2467)
vulnerability in rti (CVE-2026-2467). Data can be tampered with by attackers.
CVE-2026-53872 Path Traversal in picklescan (CVE-2026-53872)
path traversal in picklescan (CVE-2026-53872). Confidential information can be exposed externally. Exploitable via ``picklescan``. Mitigation: upgrade to `0.0.35` or later.
CVE-2025-71322 Vulnerability in picklescan (CVE-2025-71322)
vulnerability in picklescan (CVE-2025-71322). Successful exploitation can lead to full system takeover. Exploitable via ``pty``. Mitigation: upgrade to `0.0.33` or later.
CVE-2025-26240 Vulnerability in pdfkit (CVE-2025-26240)
vulnerability in pdfkit (CVE-2025-26240). Successful exploitation can lead to full system takeover.
CVE-2026-49502 Authentication Bypass in dell (CVE-2026-49502)
authentication bypass in dell (CVE-2026-49502). Confidential information can be exposed externally.
CVE-2026-35066 Vulnerability in dos (CVE-2026-35066)
vulnerability in dos (CVE-2026-35066). Risk of unauthorized operations or information disclosure.
CVE-2026-42055 Vulnerability in nginx (CVE-2026-42055)
vulnerability in nginx (CVE-2026-42055). Successful exploitation can lead to full system takeover.
CVE-2026-42530 Use-After-Free in nginx (CVE-2026-42530)
vulnerability in nginx (CVE-2026-42530). Successful exploitation can lead to full system takeover.
CVE-2026-54415 Privilege Escalation in CVE-2026-54415 (CVE-2026-54415)
vulnerability in CVE-2026-54415 (CVE-2026-54415). Confidential information can be exposed externally.
CVE-2026-54810 Vulnerability in CVE-2026-54810 (CVE-2026-54810)
vulnerability in CVE-2026-54810 (CVE-2026-54810). Risk of unauthorized operations or information disclosure.
CVE-2026-35065 Vulnerability in dos (CVE-2026-35065)
vulnerability in dos (CVE-2026-35065). Successful exploitation can lead to full system takeover.
CVE-2026-22283 Vulnerability in dell (CVE-2026-22283)
vulnerability in dell (CVE-2026-22283). Successful exploitation can lead to full system takeover.
CVE-2026-11311 Vulnerability in nginx (CVE-2026-11311)
vulnerability in nginx (CVE-2026-11311). Confidential information can be exposed externally.
CVE-2026-54813 SQL Injection in sqli (CVE-2026-54813)
SQL injection in sqli (CVE-2026-54813). Confidential information can be exposed externally.
CVE-2026-32804 Authentication Bypass in dell (CVE-2026-32804)
authentication bypass in dell (CVE-2026-32804). Data can be tampered with by attackers.
CVE-2026-55738 Vulnerability in c (CVE-2026-55738)
vulnerability in c (CVE-2026-55738). Successful exploitation can lead to full system takeover.
CVE-2026-54193 Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions.
CVE-2026-54417 Vulnerability in c (CVE-2026-54417)
vulnerability in c (CVE-2026-54417). Risk of unauthorized operations or information disclosure.
CVE-2026-54816 Code Injection in CVE-2026-54816 (CVE-2026-54816)
code injection in CVE-2026-54816 (CVE-2026-54816). Successful exploitation can lead to full system takeover.
CVE-2026-52707 Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
Unauthenticated Local File Inclusion in Kastell <= 2.0 versions.
CVE-2026-54818 SQL Injection in sqli (CVE-2026-54818)
SQL injection in sqli (CVE-2026-54818). Confidential information can be exposed externally.
CVE-2026-54814 Vulnerability in CVE-2026-54814 (CVE-2026-54814)
vulnerability in CVE-2026-54814 (CVE-2026-54814). Successful exploitation can lead to full system takeover.
CVE-2026-40757 Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
Unauthenticated PHP Object Injection in Château <= 1.2.1 versions.
CVE-2026-40733 Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
Unauthenticated PHP Object Injection in ShiftUp <= 1.3 versions.
CVE-2026-40720 Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
Unauthenticated Cross Site Scripting (XSS) in Royal Elementor Addons Pro < 1.7.1041 versions.
CVE-2026-40752 Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
CVE-2026-40756 Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.
CVE-2026-39576 Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
Unauthenticated PHP Object Injection in SingleMalt <= 1.5 versions.
CVE-2026-39560 Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
CVE-2026-39559 Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
Unauthenticated Local File Inclusion in Uppercase < 1.2.2 versions.
CVE-2026-39445 Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
CVE-2026-39523 Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions.
CVE-2026-40738 Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Eldon <= 1.4.1 versions.
CVE-2025-69130 Unsafe Deserialization in wordpress (CVE-2025-69130)
vulnerability in wordpress (CVE-2025-69130). Successful exploitation can lead to full system takeover.
CVE-2025-69175 Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
Unauthenticated Local File Inclusion in Line Agency <= 1.3.1 versions.
CVE-2026-39442 Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions.
CVE-2026-39556 Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
Unauthenticated PHP Object Injection in Konsept <= 1.9 versions.
CVE-2025-69128 Path Traversal in path-traversal (CVE-2025-69128)
path traversal in path-traversal (CVE-2025-69128). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →