Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-1336 Clear
ID Title
CVE-2026-55794 Code Injection in craftcms/cms (CVE-2026-55794)
code injection in craftcms/cms (CVE-2026-55794). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.10.0` or later.
CVE-2026-28496 Vulnerability in CVE-2026-28496 (CVE-2026-28496)
vulnerability in CVE-2026-28496 (CVE-2026-28496). Risk of unauthorized operations or information disclosure. Exploitable via ``string_render``.
CVE-2026-52796 Vulnerability in gogs.io/gogs (CVE-2026-52796)
vulnerability in gogs.io/gogs (CVE-2026-52796). Risk of unauthorized operations or information disclosure. Exploitable via ``com.Expand``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-54390 Vulnerability in CVE-2026-54390 (CVE-2026-54390)
vulnerability in CVE-2026-54390 (CVE-2026-54390). Successful exploitation can lead to full system takeover.
CVE-2026-11407 Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
CVE-2026-41065 Vulnerability in CVE-2026-41065 (CVE-2026-41065)
vulnerability in CVE-2026-41065 (CVE-2026-41065). Risk of unauthorized operations or information disclosure.
CVE-2026-34906 Vulnerability in CVE-2026-34906 (CVE-2026-34906)
vulnerability in CVE-2026-34906 (CVE-2026-34906). Risk of unauthorized operations or information disclosure.
CVE-2026-42252 Vulnerability in apache-airflow (CVE-2026-42252)
vulnerability in apache-airflow (CVE-2026-42252). Confidential information can be exposed externally. Exploitable via ``Dag.can_trigger``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-49382 Vulnerability in jetbrains (CVE-2026-49382)
vulnerability in jetbrains (CVE-2026-49382). Risk of unauthorized operations or information disclosure.
CVE-2026-45312 Vulnerability in CVE-2026-45312 (CVE-2026-45312)
vulnerability in CVE-2026-45312 (CVE-2026-45312). Successful exploitation can lead to full system takeover.
CVE-2026-9558 Vulnerability in mautic/core (CVE-2026-9558)
vulnerability in mautic/core (CVE-2026-9558). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2` or later.
CVE-2026-44723 OS Command Injection in vowpalwabbit (CVE-2026-44723)
OS command injection in vowpalwabbit (CVE-2026-44723). Risk of unauthorized operations or information disclosure.
CVE-2026-9498 Vulnerability in CVE-2026-9498 (CVE-2026-9498)
vulnerability in CVE-2026-9498 (CVE-2026-9498). Risk of unauthorized operations or information disclosure.
CVE-2025-40900 Vulnerability in angular (CVE-2025-40900)
vulnerability in angular (CVE-2025-40900). Risk of unauthorized operations or information disclosure.
CVE-2026-29207 Vulnerability in apache (CVE-2026-29207)
vulnerability in apache (CVE-2026-29207). Risk of unauthorized operations or information disclosure.
CVE-2026-45697 Vulnerability in verbb/formie (CVE-2026-45697)
vulnerability in verbb/formie (CVE-2026-45697). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.20` or later.
CVE-2026-8740 Vulnerability in CVE-2026-8740 (CVE-2026-8740)
vulnerability in CVE-2026-8740 (CVE-2026-8740). Risk of unauthorized operations or information disclosure.
CVE-2026-45714 Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-44377 Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-41901 Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
CVE-2026-41713 Vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713)
vulnerability in org.springframework.ai:spring-ai-client-chat (CVE-2026-41713). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.6` or later.
CVE-2026-44209 Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
CVE-2026-44129 Vulnerability in CVE-2026-44129 (CVE-2026-44129)
vulnerability in CVE-2026-44129 (CVE-2026-44129). Risk of unauthorized operations or information disclosure.
CVE-2026-44916 Vulnerability in CVE-2026-44916 (CVE-2026-44916)
vulnerability in CVE-2026-44916 (CVE-2026-44916). Risk of unauthorized operations or information disclosure.
CVE-2026-42203 Vulnerability in litellm (CVE-2026-42203)
vulnerability in litellm (CVE-2026-42203). Successful exploitation can lead to full system takeover. Exploitable via `POST /prompts/test`. Mitigation: upgrade to `1.83.7` or later.
CVE-2026-40477 Vulnerability in thymeleaf (CVE-2026-40477)
vulnerability in thymeleaf (CVE-2026-40477). Successful exploitation can lead to full system takeover.
CVE-2026-40478 Vulnerability in thymeleaf (CVE-2026-40478)
vulnerability in thymeleaf (CVE-2026-40478). Successful exploitation can lead to full system takeover.
CVE-2024-23692 KEV [KEV] Vulnerability in Rejetto http-file-server (CVE-2024-23692)
vulnerability in Rejetto http-file-server (CVE-2024-23692). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-4040 KEV [KEV] Vulnerability in crushftp (CVE-2024-4040)
vulnerability in crushftp (CVE-2024-4040). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →