Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-14380 |
|
Vulnerability in CVE-2026-14380 (CVE-2026-14380)
vulnerability in CVE-2026-14380 (CVE-2026-14380). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45406 |
|
Vulnerability in dokku (CVE-2026-45406)
vulnerability in dokku (CVE-2026-45406). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
|
| CVE-2026-44939 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-44939)
vulnerability in github.com/rancher/rancher (CVE-2026-44939). Risk of unauthorized operations or information disclosure. Exploitable via ``authImage``. Mitigation: upgrade to `0.0.0-20260617231817-2aa77eb283e7` or later.
|
| CVE-2026-53875 |
|
Vulnerability in picklescan (CVE-2026-53875)
vulnerability in picklescan (CVE-2026-53875). Risk of unauthorized operations or information disclosure. Exploitable via ``scan_pytorch``. Mitigation: upgrade to `1.0.3` or later.
|
| CVE-2026-47103 |
|
Vulnerability in python-statemachine (CVE-2026-47103)
vulnerability in python-statemachine (CVE-2026-47103). Successful exploitation can lead to full system takeover. Exploitable via ``SCXMLProcessor``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-52858 |
|
Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47167 |
|
Code Injection in vim (CVE-2026-47167)
code injection in vim (CVE-2026-47167). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11422 |
|
Vulnerability in CVE-2026-11422 (CVE-2026-11422)
vulnerability in CVE-2026-11422 (CVE-2026-11422). Confidential information can be exposed externally.
|
| CVE-2026-50733 |
|
Vulnerability in CVE-2026-50733 (CVE-2026-50733)
vulnerability in CVE-2026-50733 (CVE-2026-50733). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
|
| CVE-2026-8914 |
|
Vulnerability in CVE-2026-8914 (CVE-2026-8914)
vulnerability in CVE-2026-8914 (CVE-2026-8914). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48962 |
|
Vulnerability in CVE-2026-48962 (CVE-2026-48962)
vulnerability in CVE-2026-48962 (CVE-2026-48962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46586 |
|
Code Injection in apache (CVE-2026-46586)
code injection in apache (CVE-2026-46586). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31254 |
|
Vulnerability in CVE-2026-31254 (CVE-2026-31254)
vulnerability in CVE-2026-31254 (CVE-2026-31254). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42603 |
|
Code Injection in CVE-2026-42603 (CVE-2026-42603)
code injection in CVE-2026-42603 (CVE-2026-42603). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.2` or later.
|
| CVE-2026-44643 |
|
Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-44128 |
|
Vulnerability in CVE-2026-44128 (CVE-2026-44128)
vulnerability in CVE-2026-44128 (CVE-2026-44128). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40316 |
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
|
| CVE-2026-4837 |
|
Vulnerability in rapid7 (CVE-2026-4837)
vulnerability in rapid7 (CVE-2026-4837). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33017 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-29091 |
|
Vulnerability in locutus (CVE-2026-29091)
vulnerability in locutus (CVE-2026-29091). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65530 |
|
Vulnerability in cloudlinux (CVE-2025-65530)
vulnerability in cloudlinux (CVE-2025-65530). Successful exploitation can lead to full system takeover.
|
| CVE-2025-24893 KEV |
|
[KEV] Vulnerability in Xwiki platform (CVE-2025-24893)
vulnerability in Xwiki platform (CVE-2025-24893). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-71361 |
|
Vulnerability in picklescan (CVE-2025-71361)
vulnerability in picklescan (CVE-2025-71361). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.29` or later.
|
| CVE-2024-36401 KEV |
|
[KEV] Vulnerability in Osgeo geoserver (CVE-2024-36401)
vulnerability in Osgeo geoserver (CVE-2024-36401). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-7101 KEV |
|
[KEV] Vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101)
vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22204 KEV |
|
[KEV] Vulnerability in Perl exiftool (CVE-2021-22204)
vulnerability in Perl exiftool (CVE-2021-22204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22205 KEV |
|
[KEV] Vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205)
vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|