Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2024-27199 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-5718 |
|
Unrestricted File Upload in wordpress (CVE-2026-5718)
vulnerability in wordpress (CVE-2026-5718). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41113 |
|
OS Command Injection in c (CVE-2026-41113)
OS command injection in c (CVE-2026-41113). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5426 |
|
Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
|
| CVE-2026-31843 |
|
Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-40316 |
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
|
| CVE-2026-30461 |
|
Command Injection in thedaylightstudio (CVE-2026-30461)
command injection in thedaylightstudio (CVE-2026-30461). Confidential information can be exposed externally.
|
| CVE-2009-0238 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0238)
code injection in Microsoft office (CVE-2009-0238). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2012-1854 KEV |
|
[KEV] Vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854)
vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-21529 KEV |
|
[KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2023-21529)
vulnerability in Microsoft exchange-server (CVE-2023-21529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-9715 KEV |
|
[KEV] Use-After-Free in Adobe acrobat (CVE-2020-9715)
vulnerability in Adobe acrobat (CVE-2020-9715). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21643 KEV |
|
[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2026-21643)
SQL injection in Fortinet forticlient-ems (CVE-2026-21643). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34621 KEV |
|
[KEV] Vulnerability in Adobe acrobat-and-reader (CVE-2026-34621)
vulnerability in Adobe acrobat-and-reader (CVE-2026-34621). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-32146 |
|
Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification
Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification
|
| CVE-2026-4154 |
|
Vulnerability in gimp (CVE-2026-4154)
vulnerability in gimp (CVE-2026-4154). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4153 |
|
Vulnerability in gimp (CVE-2026-4153)
vulnerability in gimp (CVE-2026-4153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4152 |
|
Vulnerability in gimp (CVE-2026-4152)
vulnerability in gimp (CVE-2026-4152). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4151 |
|
Vulnerability in gimp (CVE-2026-4151)
vulnerability in gimp (CVE-2026-4151). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4150 |
|
Vulnerability in gimp (CVE-2026-4150)
vulnerability in gimp (CVE-2026-4150). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40175 |
|
Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.
|
| CVE-2026-6068 |
|
Use-After-Free in nasm (CVE-2026-6068)
vulnerability in nasm (CVE-2026-6068). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6057 |
|
Path Traversal in path-traversal (CVE-2026-6057)
path traversal in path-traversal (CVE-2026-6057). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4837 |
|
Vulnerability in rapid7 (CVE-2026-4837)
vulnerability in rapid7 (CVE-2026-4837). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35585 |
|
OS Command Injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-35585)
OS command injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-35585). Successful exploitation can lead to full system takeover. Exploitable via ``os.Expand``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-30460 |
|
Code Injection in thedaylightstudio (CVE-2026-30460)
code injection in thedaylightstudio (CVE-2026-30460). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35029 |
|
Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
|
| CVE-2026-34977 |
|
OS Command Injection in c (CVE-2026-34977)
OS command injection in c (CVE-2026-34977). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-35616 KEV |
|
[KEV] Vulnerability in Fortinet forticlient-ems (CVE-2026-35616)
vulnerability in Fortinet forticlient-ems (CVE-2026-35616). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-0545 |
|
Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3502 KEV |
|
[KEV] Vulnerability in Trueconf client (CVE-2026-3502)
vulnerability in Trueconf client (CVE-2026-3502). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34545 |
|
Vulnerability in openexr (CVE-2026-34545)
vulnerability in openexr (CVE-2026-34545). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33943 |
|
Code Injection in capricorn86 (CVE-2026-33943)
code injection in capricorn86 (CVE-2026-33943). Successful exploitation can lead to full system takeover. Exploitable via ``ECMAScriptModuleCompiler``.
|
| CVE-2026-33937 |
|
Code Injection in handlebarsjs (CVE-2026-33937)
code injection in handlebarsjs (CVE-2026-33937). Successful exploitation can lead to full system takeover. Exploitable via ``value``.
|
| CVE-2026-27876 |
|
Code Injection in grafana (CVE-2026-27876)
code injection in grafana (CVE-2026-27876). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33728 |
|
Unsafe Deserialization in com.datadoghq:dd-java-agent (CVE-2026-33728)
vulnerability in com.datadoghq:dd-java-agent (CVE-2026-33728). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.60.3` or later.
|
| CVE-2026-33701 |
|
Unsafe Deserialization in linuxfoundation (CVE-2026-33701)
vulnerability in linuxfoundation (CVE-2026-33701). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27893 |
|
Vulnerability in vllm (CVE-2026-27893)
vulnerability in vllm (CVE-2026-27893). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53521 KEV |
|
[KEV] Vulnerability in F5 big-ip (CVE-2025-53521)
vulnerability in F5 big-ip (CVE-2025-53521). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-26213 |
|
OS Command Injection in thingino (CVE-2026-26213)
OS command injection in thingino (CVE-2026-26213). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1961 |
|
OS Command Injection in CVE-2026-1961 (CVE-2026-1961)
OS command injection in CVE-2026-1961 (CVE-2026-1961). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4809 |
|
Unrestricted File Upload in laravel (CVE-2026-4809)
vulnerability in laravel (CVE-2026-4809). Successful exploitation can lead to full system takeover.
|
| CVE-2024-51348 |
|
Vulnerability in CVE-2024-51348 (CVE-2024-51348)
vulnerability in CVE-2024-51348 (CVE-2024-51348). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33017 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2025-15031 |
|
Path Traversal in lfprojects (CVE-2025-15031)
path traversal in lfprojects (CVE-2025-15031). Confidential information can be exposed externally. Exploitable via ``tarfile.extractall``.
|
| CVE-2025-50881 |
|
Code Injection in CVE-2025-50881 (CVE-2025-50881)
code injection in CVE-2025-50881 (CVE-2025-50881). Successful exploitation can lead to full system takeover. Exploitable via ``action``.
|
| CVE-2026-3081 |
|
Vulnerability in gstreamer (CVE-2026-3081)
vulnerability in gstreamer (CVE-2026-3081). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3084 |
|
Vulnerability in gstreamer (CVE-2026-3084)
vulnerability in gstreamer (CVE-2026-3084). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3086 |
|
Out-of-Bounds Write in gstreamer (CVE-2026-3086)
out-of-bounds write in gstreamer (CVE-2026-3086). Successful exploitation can lead to full system takeover.
|