Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-426 Clear
ID Title
CVE-2026-49145 Vulnerability in CVE-2026-49145 (CVE-2026-49145)
vulnerability in CVE-2026-49145 (CVE-2026-49145). Risk of unauthorized operations or information disclosure.
CVE-2026-6901 Vulnerability in CVE-2026-6901 (CVE-2026-6901)
vulnerability in CVE-2026-6901 (CVE-2026-6901). Confidential information can be exposed externally.
CVE-2026-57919 Vulnerability in privilege-escalation (CVE-2026-57919)
vulnerability in privilege-escalation (CVE-2026-57919). Successful exploitation can lead to full system takeover.
CVE-2026-46710 Vulnerability in privilege-escalation (CVE-2026-46710)
vulnerability in privilege-escalation (CVE-2026-46710). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6` or later.
CVE-2026-53865 Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53858 Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53846 Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53842 Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-54055 Vulnerability in privilege-escalation (CVE-2026-54055)
vulnerability in privilege-escalation (CVE-2026-54055). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
CVE-2026-53819 Vulnerability in openclaw (CVE-2026-53819)
vulnerability in openclaw (CVE-2026-53819). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.27` or later.
CVE-2026-48565 Vulnerability in microsoft (CVE-2026-48565)
vulnerability in microsoft (CVE-2026-48565). Successful exploitation can lead to full system takeover.
CVE-2026-47648 Vulnerability in microsoft (CVE-2026-47648)
vulnerability in microsoft (CVE-2026-47648). Successful exploitation can lead to full system takeover.
CVE-2026-24064 Vulnerability in privilege-escalation (CVE-2026-24064)
vulnerability in privilege-escalation (CVE-2026-24064). Successful exploitation can lead to full system takeover.
CVE-2026-11400 CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT Description: Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL. We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06 Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
CVE-2026-11401 AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
CVE-2026-45792 Vulnerability in rtk (CVE-2026-45792)
vulnerability in rtk (CVE-2026-45792). Data can be tampered with by attackers. Exploitable via ``strip_lines_matching``. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-45721 Vulnerability in github.com/xyproto/algernon (CVE-2026-45721)
vulnerability in github.com/xyproto/algernon (CVE-2026-45721). Successful exploitation can lead to full system takeover. Exploitable via ``DirPage``. Mitigation: upgrade to `1.17.7` or later.
CVE-2026-45772 Vulnerability in turbo (CVE-2026-45772)
vulnerability in turbo (CVE-2026-45772). Successful exploitation can lead to full system takeover. Exploitable via ``yarnPath``. Mitigation: upgrade to `2.9.14` or later.
CVE-2026-30906 Vulnerability in zoom (CVE-2026-30906)
vulnerability in zoom (CVE-2026-30906). Successful exploitation can lead to full system takeover.
CVE-2026-0251 Vulnerability in privilege-escalation (CVE-2026-0251)
vulnerability in privilege-escalation (CVE-2026-0251). Risk of unauthorized operations or information disclosure.
CVE-2026-42830 Vulnerability in microsoft (CVE-2026-42830)
vulnerability in microsoft (CVE-2026-42830). Data can be tampered with by attackers.
CVE-2026-44477 Vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477)
vulnerability in github.com/cloudnative-pg/cloudnative-pg (CVE-2026-44477). Successful exploitation can lead to full system takeover. Exploitable via ``postgres``. Mitigation: upgrade to `1.29.1` or later.
CVE-2012-1854 KEV [KEV] Vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854)
vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-39883 Vulnerability in opentelemetry (CVE-2026-39883)
vulnerability in opentelemetry (CVE-2026-39883). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.43.0` or later.
CVE-2026-24051 Vulnerability in opentelemetry (CVE-2026-24051)
vulnerability in opentelemetry (CVE-2026-24051). Successful exploitation can lead to full system takeover.
CVE-2024-53866 Vulnerability in pnpm (CVE-2024-53866)
vulnerability in pnpm (CVE-2024-53866). Successful exploitation can lead to full system takeover.
CVE-2023-4736 Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
CVE-2021-3305 Vulnerability in feishu (CVE-2021-3305)
vulnerability in feishu (CVE-2021-3305). Successful exploitation can lead to full system takeover.
CVE-2021-36666 Privilege Escalation in druva (CVE-2021-36666)
vulnerability in druva (CVE-2021-36666). Successful exploitation can lead to full system takeover.
CVE-2022-22047 KEV [KEV] Vulnerability in Microsoft windows (CVE-2022-22047)
vulnerability in Microsoft windows (CVE-2022-22047). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-17010 Vulnerability in sony (CVE-2017-17010)
vulnerability in sony (CVE-2017-17010). Successful exploitation can lead to full system takeover.
CVE-2017-10909 Vulnerability in sony (CVE-2017-10909)
vulnerability in sony (CVE-2017-10909). Successful exploitation can lead to full system takeover.
CVE-2017-17809 Vulnerability in goldenfrog (CVE-2017-17809)
vulnerability in goldenfrog (CVE-2017-17809). Successful exploitation can lead to full system takeover.
CVE-2017-16997 Vulnerability in c (CVE-2017-16997)
vulnerability in c (CVE-2017-16997). Successful exploitation can lead to full system takeover.
CVE-2017-11397 Vulnerability in trendmicro (CVE-2017-11397)
vulnerability in trendmicro (CVE-2017-11397). Successful exploitation can lead to full system takeover.
CVE-2017-16690 Vulnerability in sap (CVE-2017-16690)
vulnerability in sap (CVE-2017-16690). Successful exploitation can lead to full system takeover.
CVE-2014-8358 Vulnerability in huawei (CVE-2014-8358)
vulnerability in huawei (CVE-2014-8358). Successful exploitation can lead to full system takeover.
CVE-2017-13070 Vulnerability in qnap (CVE-2017-13070)
vulnerability in qnap (CVE-2017-13070). Successful exploitation can lead to full system takeover.
CVE-2017-10893 Vulnerability in j-lis (CVE-2017-10893)
vulnerability in j-lis (CVE-2017-10893). Successful exploitation can lead to full system takeover.
CVE-2017-17069 Vulnerability in amazon (CVE-2017-17069)
vulnerability in amazon (CVE-2017-17069). Successful exploitation can lead to full system takeover.
CVE-2017-10892 Vulnerability in sony (CVE-2017-10892)
vulnerability in sony (CVE-2017-10892). Successful exploitation can lead to full system takeover.
CVE-2017-10891 Vulnerability in sony (CVE-2017-10891)
vulnerability in sony (CVE-2017-10891). Successful exploitation can lead to full system takeover.
CVE-2017-8137 Vulnerability in huawei (CVE-2017-8137)
vulnerability in huawei (CVE-2017-8137). Successful exploitation can lead to full system takeover.
CVE-2017-4939 Vulnerability in vmware (CVE-2017-4939)
vulnerability in vmware (CVE-2017-4939). Successful exploitation can lead to full system takeover.
CVE-2017-10887 Vulnerability in bookwalker (CVE-2017-10887)
vulnerability in bookwalker (CVE-2017-10887). Successful exploitation can lead to full system takeover.
CVE-2017-12312 Vulnerability in cisco (CVE-2017-12312)
vulnerability in cisco (CVE-2017-12312). Successful exploitation can lead to full system takeover.
CVE-2017-12313 Vulnerability in cisco (CVE-2017-12313)
vulnerability in cisco (CVE-2017-12313). Successful exploitation can lead to full system takeover.
CVE-2017-10885 Vulnerability in sbisec (CVE-2017-10885)
vulnerability in sbisec (CVE-2017-10885). Successful exploitation can lead to full system takeover.
CVE-2016-6803 Vulnerability in apache (CVE-2016-6803)
vulnerability in apache (CVE-2016-6803). Successful exploitation can lead to full system takeover.
CVE-2017-10825 Vulnerability in flets-w (CVE-2017-10825)
vulnerability in flets-w (CVE-2017-10825). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →