Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-917 Clear
ID Title
CVE-2026-57281 Vulnerability in jenkins (CVE-2026-57281)
vulnerability in jenkins (CVE-2026-57281). Successful exploitation can lead to full system takeover.
CVE-2026-11561 Vulnerability in CVE-2026-11561 (CVE-2026-11561)
vulnerability in CVE-2026-11561 (CVE-2026-11561). Successful exploitation can lead to full system takeover.
CVE-2026-40985 Vulnerability in CVE-2026-40985 (CVE-2026-40985)
vulnerability in CVE-2026-40985 (CVE-2026-40985). Confidential information can be exposed externally.
CVE-2026-41729 Vulnerability in vmware (CVE-2026-41729)
vulnerability in vmware (CVE-2026-41729). Confidential information can be exposed externally.
CVE-2026-41719 Vulnerability in CVE-2026-41719 (CVE-2026-41719)
vulnerability in CVE-2026-41719 (CVE-2026-41719). Confidential information can be exposed externally.
CVE-2026-41717 Vulnerability in vmware (CVE-2026-41717)
vulnerability in vmware (CVE-2026-41717). Successful exploitation can lead to full system takeover.
CVE-2026-8888 Vulnerability in dos (CVE-2026-8888)
vulnerability in dos (CVE-2026-8888). Risk of unauthorized operations or information disclosure.
CVE-2026-2586 Code Injection in org.glassfish.main.admingui:console-common (CVE-2026-2586)
code injection in org.glassfish.main.admingui:console-common (CVE-2026-2586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-2587 Vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587)
vulnerability in org.glassfish.main.admingui:admingui (CVE-2026-2587). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.0.2` or later.
CVE-2026-31380 Vulnerability in apache (CVE-2026-31380)
vulnerability in apache (CVE-2026-31380). Risk of unauthorized operations or information disclosure.
CVE-2026-26462 Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
CVE-2026-8759 Vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759)
vulnerability in com.ibeetl:beetl-spring-classic (CVE-2026-8759). Risk of unauthorized operations or information disclosure.
CVE-2026-41901 Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
CVE-2026-41705 Vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705)
vulnerability in org.springframework.ai:spring-ai-milvus-store (CVE-2026-41705). Confidential information can be exposed externally. Mitigation: upgrade to `1.1.6` or later.
CVE-2026-44209 Vulnerability in banks (CVE-2026-44209)
vulnerability in banks (CVE-2026-44209). Successful exploitation can lead to full system takeover. Exploitable via ``banks``. Mitigation: upgrade to `2.4.2` or later.
CVE-2026-41883 Vulnerability in org.omnifaces:omnifaces (CVE-2026-41883)
vulnerability in org.omnifaces:omnifaces (CVE-2026-41883). Successful exploitation can lead to full system takeover. Exploitable via ``CDNResourceHandler``. Mitigation: upgrade to `5.2.3` or later.
CVE-2026-42811 Vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811)
vulnerability in org.apache.polaris:polaris-core (CVE-2026-42811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.4.1` or later.
CVE-2026-40897 Vulnerability in mathjs (CVE-2026-40897)
vulnerability in mathjs (CVE-2026-40897). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
CVE-2026-40477 Vulnerability in thymeleaf (CVE-2026-40477)
vulnerability in thymeleaf (CVE-2026-40477). Successful exploitation can lead to full system takeover.
CVE-2026-40478 Vulnerability in thymeleaf (CVE-2026-40478)
vulnerability in thymeleaf (CVE-2026-40478). Successful exploitation can lead to full system takeover.
CVE-2026-34714 OS Command Injection in vim (CVE-2026-34714)
OS command injection in vim (CVE-2026-34714). Confidential information can be exposed externally.
CVE-2026-33943 Code Injection in capricorn86 (CVE-2026-33943)
code injection in capricorn86 (CVE-2026-33943). Successful exploitation can lead to full system takeover. Exploitable via ``ECMAScriptModuleCompiler``.
CVE-2026-33938 Code Injection in handlebarsjs (CVE-2026-33938)
code injection in handlebarsjs (CVE-2026-33938). Successful exploitation can lead to full system takeover.
CVE-2026-32695 Vulnerability in traefik (CVE-2026-32695)
vulnerability in traefik (CVE-2026-32695). Confidential information can be exposed externally. Exploitable via ``tenant.example.com``.
CVE-2026-22738 Vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738)
vulnerability in org.springframework.ai:spring-ai-vector-store (CVE-2026-22738). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.1.4` or later.
CVE-2026-24737 Vulnerability in parall (CVE-2026-24737)
vulnerability in parall (CVE-2026-24737). Confidential information can be exposed externally.
CVE-2021-45046 KEV [KEV] Vulnerability in Apache log4j2 (CVE-2021-45046)
vulnerability in Apache log4j2 (CVE-2021-45046). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-26134 KEV [KEV] Vulnerability in Atlassian confluence-serverdata-center (CVE-2022-26134)
vulnerability in Atlassian confluence-serverdata-center (CVE-2022-26134). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-10199 KEV [KEV] Vulnerability in Sonatype nexus-repository (CVE-2020-10199)
vulnerability in Sonatype nexus-repository (CVE-2020-10199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-26084 KEV [KEV] Vulnerability in Atlassian confluence-server-and-data-center (CVE-2021-26084)
vulnerability in Atlassian confluence-server-and-data-center (CVE-2021-26084). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-17530 KEV [KEV] Vulnerability in Apache struts (CVE-2020-17530)
vulnerability in Apache struts (CVE-2020-17530). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →