Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53435 |
|
Unsafe Deserialization in jenkins (CVE-2026-53435)
vulnerability in jenkins (CVE-2026-53435). Successful exploitation can lead to full system takeover. Exploitable via ``config.xml``. Mitigation: upgrade to `2.555.3, 2.568.0` or later.
|
| CVE-2026-52758 |
|
SQL Injection in sqli (CVE-2026-52758)
SQL injection in sqli (CVE-2026-52758). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52755 |
|
Path Traversal in path-traversal (CVE-2026-52755)
path traversal in path-traversal (CVE-2026-52755). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52754 |
|
Vulnerability in nsa (CVE-2026-52754)
vulnerability in nsa (CVE-2026-52754). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52752 |
|
Path Traversal in path-traversal (CVE-2026-52752)
path traversal in path-traversal (CVE-2026-52752). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52751 |
|
Unsafe Deserialization in deserialization (CVE-2026-52751)
vulnerability in deserialization (CVE-2026-52751). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52750 |
|
Vulnerability in nsa (CVE-2026-52750)
vulnerability in nsa (CVE-2026-52750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49498 |
|
SQL Injection in sqli (CVE-2026-49498)
SQL injection in sqli (CVE-2026-49498). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49069 |
|
Cross-Site Scripting (XSS) in CVE-2026-49069 (CVE-2026-49069)
cross-site scripting in CVE-2026-49069 (CVE-2026-49069). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71330 |
|
Vulnerability in dos (CVE-2025-71330)
vulnerability in dos (CVE-2025-71330). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71329 |
|
Vulnerability in dos (CVE-2025-71329)
vulnerability in dos (CVE-2025-71329). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49396 |
|
Cross-Site Request Forgery (CSRF) in github.com/nezhahq/nezha (CVE-2026-49396)
vulnerability in github.com/nezhahq/nezha (CVE-2026-49396). Data can be tampered with by attackers. Exploitable via `GET /api/v1/cron/`. Mitigation: upgrade to `2.0.14` or later.
|
| CVE-2026-24067 |
|
Vulnerability in privilege-escalation (CVE-2026-24067)
vulnerability in privilege-escalation (CVE-2026-24067). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24066 |
|
Vulnerability in privilege-escalation (CVE-2026-24066)
vulnerability in privilege-escalation (CVE-2026-24066). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3018 |
|
SQL Injection in wordpress (CVE-2026-3018)
SQL injection in wordpress (CVE-2026-3018). Confidential information can be exposed externally.
|
| CVE-2026-8071 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8071)
cross-site scripting in wordpress (CVE-2026-8071). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3326 |
|
SQL Injection in wordpress (CVE-2026-3326)
SQL injection in wordpress (CVE-2026-3326). Confidential information can be exposed externally.
|
| CVE-2026-11837 |
|
Vulnerability in privilege-escalation (CVE-2026-11837)
vulnerability in privilege-escalation (CVE-2026-11837). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26239 |
|
Vulnerability in qnap (CVE-2026-26239)
vulnerability in qnap (CVE-2026-26239). Data can be tampered with by attackers.
|
| CVE-2026-26237 |
|
Vulnerability in qnap (CVE-2026-26237)
vulnerability in qnap (CVE-2026-26237). Confidential information can be exposed externally.
|
| CVE-2026-24724 |
|
Authorization Flaw in qnap (CVE-2026-24724)
vulnerability in qnap (CVE-2026-24724). Confidential information can be exposed externally.
|
| CVE-2026-24719 |
|
OS Command Injection in qnap (CVE-2026-24719)
OS command injection in qnap (CVE-2026-24719). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24716 |
|
Vulnerability in dos (CVE-2026-24716)
vulnerability in dos (CVE-2026-24716). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22893 |
|
OS Command Injection in qnap (CVE-2026-22893)
OS command injection in qnap (CVE-2026-22893). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66281 |
|
Vulnerability in dos (CVE-2025-66281)
vulnerability in dos (CVE-2025-66281). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66280 |
|
Vulnerability in qnap (CVE-2025-66280)
vulnerability in qnap (CVE-2025-66280). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66279 |
|
OS Command Injection in qnap (CVE-2025-66279)
OS command injection in qnap (CVE-2025-66279). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66273 |
|
OS Command Injection in qnap (CVE-2025-66273)
OS command injection in qnap (CVE-2025-66273). Successful exploitation can lead to full system takeover.
|
| CVE-2025-62850 |
|
Vulnerability in dos (CVE-2025-62850)
vulnerability in dos (CVE-2025-62850). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45542 |
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup p...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/pro...
|
| CVE-2026-45541 |
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation pat...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esp_http_server component. While parsing the client-supplied Sec-WebSocket-Protocol request...
|
| CVE-2026-45329 |
|
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c vali...
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked....
|
| CVE-2026-53674 |
|
Vulnerability in dos (CVE-2026-53674)
vulnerability in dos (CVE-2026-53674). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53673 |
|
Vulnerability in CVE-2026-53673 (CVE-2026-53673)
vulnerability in CVE-2026-53673 (CVE-2026-53673). Confidential information can be exposed externally.
|
| CVE-2026-41732 |
|
Unsafe Deserialization in apache (CVE-2026-41732)
vulnerability in apache (CVE-2026-41732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41729 |
|
Vulnerability in vmware (CVE-2026-41729)
vulnerability in vmware (CVE-2026-41729). Confidential information can be exposed externally.
|
| CVE-2026-41728 |
|
Vulnerability in vmware (CVE-2026-41728)
vulnerability in vmware (CVE-2026-41728). Data can be tampered with by attackers.
|
| CVE-2026-41731 |
|
Unsafe Deserialization in org.springframework.kafka:spring-kafka (CVE-2026-41731)
vulnerability in org.springframework.kafka:spring-kafka (CVE-2026-41731). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40993 |
|
Unsafe Deserialization in vmware (CVE-2026-40993)
vulnerability in vmware (CVE-2026-40993). Data can be tampered with by attackers.
|
| CVE-2026-40988 |
|
Vulnerability in dos (CVE-2026-40988)
vulnerability in dos (CVE-2026-40988). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41717 |
|
Vulnerability in vmware (CVE-2026-41717)
vulnerability in vmware (CVE-2026-41717). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41716 |
|
Vulnerability in broadcom (CVE-2026-41716)
vulnerability in broadcom (CVE-2026-41716). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9753 |
|
Vulnerability in mongodb (CVE-2026-9753)
vulnerability in mongodb (CVE-2026-9753). Confidential information can be exposed externally.
|
| CVE-2026-41003 |
|
Cross-Site Scripting (XSS) in vmware (CVE-2026-41003)
cross-site scripting in vmware (CVE-2026-41003). Confidential information can be exposed externally.
|
| CVE-2026-9742 |
|
Vulnerability in mongodb (CVE-2026-9742)
vulnerability in mongodb (CVE-2026-9742). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9740 |
|
Vulnerability in mongodb (CVE-2026-9740)
vulnerability in mongodb (CVE-2026-9740). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46541 |
|
Vulnerability in CVE-2026-46541 (CVE-2026-46541)
vulnerability in CVE-2026-46541 (CVE-2026-46541). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46518 |
|
Cross-Site Scripting (XSS) in csrf (CVE-2026-46518)
cross-site scripting in csrf (CVE-2026-46518). Confidential information can be exposed externally.
|
| CVE-2026-41695 |
|
Vulnerability in dos (CVE-2026-41695)
vulnerability in dos (CVE-2026-41695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34713 |
|
Vulnerability in adobe (CVE-2026-34713)
vulnerability in adobe (CVE-2026-34713). Risk of unauthorized operations or information disclosure.
|