Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-95 Clear
ID Title
CVE-2026-14380 Vulnerability in CVE-2026-14380 (CVE-2026-14380)
vulnerability in CVE-2026-14380 (CVE-2026-14380). Risk of unauthorized operations or information disclosure.
CVE-2026-45406 Vulnerability in dokku (CVE-2026-45406)
vulnerability in dokku (CVE-2026-45406). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.38.2` or later.
CVE-2026-44939 Vulnerability in github.com/rancher/rancher (CVE-2026-44939)
vulnerability in github.com/rancher/rancher (CVE-2026-44939). Risk of unauthorized operations or information disclosure. Exploitable via ``authImage``. Mitigation: upgrade to `0.0.0-20260617231817-2aa77eb283e7` or later.
CVE-2026-53875 Vulnerability in picklescan (CVE-2026-53875)
vulnerability in picklescan (CVE-2026-53875). Risk of unauthorized operations or information disclosure. Exploitable via ``scan_pytorch``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-47103 Vulnerability in python-statemachine (CVE-2026-47103)
vulnerability in python-statemachine (CVE-2026-47103). Successful exploitation can lead to full system takeover. Exploitable via ``SCXMLProcessor``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-52858 Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
CVE-2026-47167 Code Injection in vim (CVE-2026-47167)
code injection in vim (CVE-2026-47167). Risk of unauthorized operations or information disclosure.
CVE-2026-11422 Vulnerability in CVE-2026-11422 (CVE-2026-11422)
vulnerability in CVE-2026-11422 (CVE-2026-11422). Confidential information can be exposed externally.
CVE-2026-50733 Vulnerability in CVE-2026-50733 (CVE-2026-50733)
vulnerability in CVE-2026-50733 (CVE-2026-50733). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
CVE-2026-8914 Vulnerability in CVE-2026-8914 (CVE-2026-8914)
vulnerability in CVE-2026-8914 (CVE-2026-8914). Risk of unauthorized operations or information disclosure.
CVE-2026-48962 Vulnerability in CVE-2026-48962 (CVE-2026-48962)
vulnerability in CVE-2026-48962 (CVE-2026-48962). Risk of unauthorized operations or information disclosure.
CVE-2026-46586 Code Injection in apache (CVE-2026-46586)
code injection in apache (CVE-2026-46586). Successful exploitation can lead to full system takeover.
CVE-2026-31254 Vulnerability in CVE-2026-31254 (CVE-2026-31254)
vulnerability in CVE-2026-31254 (CVE-2026-31254). Risk of unauthorized operations or information disclosure.
CVE-2026-42603 Code Injection in CVE-2026-42603 (CVE-2026-42603)
code injection in CVE-2026-42603 (CVE-2026-42603). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.2` or later.
CVE-2026-44643 Vulnerability in angular-expressions (CVE-2026-44643)
vulnerability in angular-expressions (CVE-2026-44643). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.2` or later.
CVE-2026-44128 Vulnerability in CVE-2026-44128 (CVE-2026-44128)
vulnerability in CVE-2026-44128 (CVE-2026-44128). Risk of unauthorized operations or information disclosure.
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
CVE-2026-4837 Vulnerability in rapid7 (CVE-2026-4837)
vulnerability in rapid7 (CVE-2026-4837). Successful exploitation can lead to full system takeover.
CVE-2026-33017 KEV [KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-29091 Vulnerability in locutus (CVE-2026-29091)
vulnerability in locutus (CVE-2026-29091). Successful exploitation can lead to full system takeover.
CVE-2025-65530 Vulnerability in cloudlinux (CVE-2025-65530)
vulnerability in cloudlinux (CVE-2025-65530). Successful exploitation can lead to full system takeover.
CVE-2025-24893 KEV [KEV] Vulnerability in Xwiki platform (CVE-2025-24893)
vulnerability in Xwiki platform (CVE-2025-24893). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-71361 Vulnerability in picklescan (CVE-2025-71361)
vulnerability in picklescan (CVE-2025-71361). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.29` or later.
CVE-2024-36401 KEV [KEV] Vulnerability in Osgeo geoserver (CVE-2024-36401)
vulnerability in Osgeo geoserver (CVE-2024-36401). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-7101 KEV [KEV] Vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101)
vulnerability in Spreadsheet::parseexcel spreadsheetparseexcel (CVE-2023-7101). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22204 KEV [KEV] Vulnerability in Perl exiftool (CVE-2021-22204)
vulnerability in Perl exiftool (CVE-2021-22204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2021-22205 KEV [KEV] Vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205)
vulnerability in Gitlab community-and-enterprise-editions (CVE-2021-22205). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →