Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9733 |
|
Vulnerability in csrf (CVE-2026-9733)
vulnerability in csrf (CVE-2026-9733). Confidential information can be exposed externally.
|
| CVE-2026-12866 |
|
Code Injection in CVE-2026-12866 (CVE-2026-12866)
code injection in CVE-2026-12866 (CVE-2026-12866). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67038 KEV |
|
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell...
|
| CVE-2026-54352 |
|
Path Traversal in @budibase/server (CVE-2026-54352)
path traversal in @budibase/server (CVE-2026-54352). Confidential information can be exposed externally. Exploitable via `POST /api/pwa/process-zip`. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-50137 |
|
Vulnerability in @budibase/server (CVE-2026-50137)
vulnerability in @budibase/server (CVE-2026-50137). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-48509 |
|
Vulnerability in MessagePack (CVE-2026-48509)
vulnerability in MessagePack (CVE-2026-48509). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializerOptions.Standard``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-12249 |
|
Vulnerability in CVE-2026-12249 (CVE-2026-12249)
vulnerability in CVE-2026-12249 (CVE-2026-12249). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10789 |
|
Code Injection in autodesk (CVE-2026-10789)
code injection in autodesk (CVE-2026-10789). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33646 |
|
Code Injection in mise (CVE-2026-33646)
code injection in mise (CVE-2026-33646). Successful exploitation can lead to full system takeover. Exploitable via ``tera_exec``. Mitigation: upgrade to `2026.3.10` or later.
|
| CVE-2026-7664 |
|
Authentication Bypass in langflow (CVE-2026-7664)
authentication bypass in langflow (CVE-2026-7664). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12628 |
|
Vulnerability in ibm (CVE-2026-12628)
vulnerability in ibm (CVE-2026-12628). Confidential information can be exposed externally.
|
| CVE-2026-28381 |
|
Vulnerability in grafana (CVE-2026-28381)
vulnerability in grafana (CVE-2026-28381). Confidential information can be exposed externally.
|
| CVE-2026-10561 |
|
Code Injection in langflow (CVE-2026-10561)
code injection in langflow (CVE-2026-10561). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11373 |
|
Vulnerability in CVE-2026-11373 (CVE-2026-11373)
vulnerability in CVE-2026-11373 (CVE-2026-11373). Confidential information can be exposed externally.
|
| CVE-2026-56397 |
|
Cross-Site Scripting (XSS) in CVE-2026-56397 (CVE-2026-56397)
cross-site scripting in CVE-2026-56397 (CVE-2026-56397). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56395 |
|
Cross-Site Scripting (XSS) in CVE-2026-56395 (CVE-2026-56395)
cross-site scripting in CVE-2026-56395 (CVE-2026-56395). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56265 |
|
Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5366 |
|
Code Injection in prefect (CVE-2026-5366)
code injection in prefect (CVE-2026-5366). Successful exploitation can lead to full system takeover. Exploitable via ``GitRepository``.
|
| CVE-2024-58351 |
|
Code Injection in dos (CVE-2024-58351)
code injection in dos (CVE-2024-58351). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50972 |
|
Code Injection in CVE-2022-50972 (CVE-2022-50972)
code injection in CVE-2022-50972 (CVE-2022-50972). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48939 |
|
Unrestricted File Upload in joomlic (CVE-2026-48939)
vulnerability in joomlic (CVE-2026-48939). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48908 KEV |
|
[KEV] Unrestricted File Upload in Joomshaper ollyo (CVE-2026-48908)
vulnerability in Joomshaper ollyo (CVE-2026-48908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-9265 |
|
Out-of-Bounds Read in CVE-2026-9265 (CVE-2026-9265)
vulnerability in CVE-2026-9265 (CVE-2026-9265). Confidential information can be exposed externally.
|
| CVE-2026-11551 |
|
Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56081 |
|
Vulnerability in CVE-2026-56081 (CVE-2026-56081)
vulnerability in CVE-2026-56081 (CVE-2026-56081). Confidential information can be exposed externally.
|
| CVE-2026-56073 |
|
Vulnerability in CVE-2026-56073 (CVE-2026-56073)
vulnerability in CVE-2026-56073 (CVE-2026-56073). Confidential information can be exposed externally.
|
| CVE-2026-48584 |
|
Vulnerability in microsoft (CVE-2026-48584)
vulnerability in microsoft (CVE-2026-48584). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48582 |
|
Vulnerability in microsoft (CVE-2026-48582)
vulnerability in microsoft (CVE-2026-48582). Confidential information can be exposed externally.
|
| CVE-2026-45480 |
|
Authentication Bypass in microsoft (CVE-2026-45480)
authentication bypass in microsoft (CVE-2026-45480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55447 |
|
Vulnerability in langflow (CVE-2026-55447)
vulnerability in langflow (CVE-2026-55447). Successful exploitation can lead to full system takeover. Exploitable via ``BaseFileComponent``. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-54906 |
|
Vulnerability in concurrent-ruby (CVE-2026-54906)
vulnerability in concurrent-ruby (CVE-2026-54906). Successful exploitation can lead to full system takeover. Exploitable via ``release_write_lock``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-48773 |
|
Out-of-Bounds Write in CVE-2026-48773 (CVE-2026-48773)
out-of-bounds write in CVE-2026-48773 (CVE-2026-48773). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48772 |
|
Vulnerability in CVE-2026-48772 (CVE-2026-48772)
vulnerability in CVE-2026-48772 (CVE-2026-48772). Confidential information can be exposed externally. Exploitable via ``UNKNOWN``.
|
| CVE-2026-53492 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-51846 |
|
Vulnerability in CVE-2026-51846 (CVE-2026-51846)
vulnerability in CVE-2026-51846 (CVE-2026-51846). Successful exploitation can lead to full system takeover.
|
| CVE-2026-51845 |
|
Vulnerability in CVE-2026-51845 (CVE-2026-51845)
vulnerability in CVE-2026-51845 (CVE-2026-51845). Successful exploitation can lead to full system takeover.
|
| CVE-2026-51843 |
|
Vulnerability in CVE-2026-51843 (CVE-2026-51843)
vulnerability in CVE-2026-51843 (CVE-2026-51843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-51844 |
|
Vulnerability in CVE-2026-51844 (CVE-2026-51844)
vulnerability in CVE-2026-51844 (CVE-2026-51844). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49230 |
|
Vulnerability in apache (CVE-2026-49230)
vulnerability in apache (CVE-2026-49230). Confidential information can be exposed externally.
|
| CVE-2026-49871 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
|
| CVE-2026-39999 |
|
Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
|
| CVE-2026-44087 |
|
Vulnerability in apache (CVE-2026-44087)
vulnerability in apache (CVE-2026-44087). Confidential information can be exposed externally.
|
| CVE-2025-62821 |
|
Out-of-Bounds Read in microsoft (CVE-2025-62821)
vulnerability in microsoft (CVE-2025-62821). Confidential information can be exposed externally.
|
| CVE-2026-9142 |
|
Vulnerability in ni (CVE-2026-9142)
vulnerability in ni (CVE-2026-9142). Confidential information can be exposed externally.
|
| CVE-2026-48137 |
|
Vulnerability in ni (CVE-2026-48137)
vulnerability in ni (CVE-2026-48137). Confidential information can be exposed externally.
|
| CVE-2026-56142 |
|
Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56141 |
|
Vulnerability in jetbrains (CVE-2026-56141)
vulnerability in jetbrains (CVE-2026-56141). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50242 |
|
Vulnerability in jetbrains (CVE-2026-50242)
vulnerability in jetbrains (CVE-2026-50242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8713 |
|
Path Traversal in wordpress (CVE-2026-8713)
path traversal in wordpress (CVE-2026-8713). Data can be tampered with by attackers.
|