Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-94 Clear
ID Title
CVE-2026-50872 Code Injection in CVE-2026-50872 (CVE-2026-50872)
code injection in CVE-2026-50872 (CVE-2026-50872). Successful exploitation can lead to full system takeover.
CVE-2026-30120 Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
CVE-2026-54271 Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-52704 Code Injection in CVE-2026-52704 (CVE-2026-52704)
code injection in CVE-2026-52704 (CVE-2026-52704). Successful exploitation can lead to full system takeover.
CVE-2026-11860 Code Injection in deserialization (CVE-2026-11860)
code injection in deserialization (CVE-2026-11860). Risk of unauthorized operations or information disclosure.
CVE-2026-12202 Cross-Site Scripting (XSS) in CVE-2026-12202 (CVE-2026-12202)
cross-site scripting in CVE-2026-12202 (CVE-2026-12202). Risk of unauthorized operations or information disclosure.
CVE-2026-12208 Code Injection in CVE-2026-12208 (CVE-2026-12208)
code injection in CVE-2026-12208 (CVE-2026-12208). Risk of unauthorized operations or information disclosure.
CVE-2026-12209 Code Injection in CVE-2026-12209 (CVE-2026-12209)
code injection in CVE-2026-12209 (CVE-2026-12209). Risk of unauthorized operations or information disclosure.
CVE-2026-12176 Cross-Site Scripting (XSS) in CVE-2026-12176 (CVE-2026-12176)
cross-site scripting in CVE-2026-12176 (CVE-2026-12176). Risk of unauthorized operations or information disclosure.
CVE-2026-12130 Cross-Site Scripting (XSS) in CVE-2026-12130 (CVE-2026-12130)
cross-site scripting in CVE-2026-12130 (CVE-2026-12130). Risk of unauthorized operations or information disclosure.
CVE-2026-12129 Cross-Site Scripting (XSS) in CVE-2026-12129 (CVE-2026-12129)
cross-site scripting in CVE-2026-12129 (CVE-2026-12129). Risk of unauthorized operations or information disclosure.
CVE-2026-54057 Code Injection in kovidgoyal (CVE-2026-54057)
code injection in kovidgoyal (CVE-2026-54057). Successful exploitation can lead to full system takeover.
CVE-2026-42851 Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
CVE-2026-45833 Code Injection in trychroma (CVE-2026-45833)
code injection in trychroma (CVE-2026-45833). Successful exploitation can lead to full system takeover.
CVE-2026-54133 Vulnerability in jmespath (CVE-2026-54133)
vulnerability in jmespath (CVE-2026-54133). Successful exploitation can lead to full system takeover. Exploitable via ``JP_PHP_COMPILE``. Mitigation: upgrade to `2.9.1` or later.
CVE-2026-52858 Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
CVE-2026-52860 Code Injection in vim (CVE-2026-52860)
code injection in vim (CVE-2026-52860). Successful exploitation can lead to full system takeover.
CVE-2026-47162 Vulnerability in vim (CVE-2026-47162)
vulnerability in vim (CVE-2026-47162). Successful exploitation can lead to full system takeover.
CVE-2026-47167 Code Injection in vim (CVE-2026-47167)
code injection in vim (CVE-2026-47167). Risk of unauthorized operations or information disclosure.
CVE-2026-50223 Code Injection in apache (CVE-2026-50223)
code injection in apache (CVE-2026-50223). Successful exploitation can lead to full system takeover.
CVE-2026-45558 Vulnerability in c (CVE-2026-45558)
vulnerability in c (CVE-2026-45558). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/service/haproxy/`.
CVE-2026-47906 Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
CVE-2026-45583 Code Injection in microsoft (CVE-2026-45583)
code injection in microsoft (CVE-2026-45583). Successful exploitation can lead to full system takeover.
CVE-2026-0414 Code Injection in netgear (CVE-2026-0414)
code injection in netgear (CVE-2026-0414). Data can be tampered with by attackers.
CVE-2026-47292 Code Injection in microsoft (CVE-2026-47292)
code injection in microsoft (CVE-2026-47292). Successful exploitation can lead to full system takeover.
CVE-2017-20251 Code Injection in wordpress (CVE-2017-20251)
code injection in wordpress (CVE-2017-20251). Successful exploitation can lead to full system takeover.
CVE-2026-8795 Vulnerability in CVE-2026-8795 (CVE-2026-8795)
vulnerability in CVE-2026-8795 (CVE-2026-8795). Successful exploitation can lead to full system takeover.
CVE-2026-11688 Code Injection in google (CVE-2026-11688)
code injection in google (CVE-2026-11688). Successful exploitation can lead to full system takeover.
CVE-2026-11393 Code Injection in Amazon aws (CVE-2026-11393)
code injection in Amazon aws (CVE-2026-11393). Successful exploitation can lead to full system takeover.
CVE-2026-52778 Code Injection in dos (CVE-2026-52778)
code injection in dos (CVE-2026-52778). Successful exploitation can lead to full system takeover.
CVE-2026-42890 Code Injection in actual (CVE-2026-42890)
code injection in actual (CVE-2026-42890). Risk of unauthorized operations or information disclosure. Exploitable via ``actual``. Mitigation: upgrade to `26.5.0` or later.
CVE-2026-25856 Code Injection in c (CVE-2026-25856)
code injection in c (CVE-2026-25856). Successful exploitation can lead to full system takeover.
CVE-2026-11534 Cross-Site Scripting (XSS) in CVE-2026-11534 (CVE-2026-11534)
cross-site scripting in CVE-2026-11534 (CVE-2026-11534). Risk of unauthorized operations or information disclosure.
CVE-2026-11518 Cross-Site Scripting (XSS) in CVE-2026-11518 (CVE-2026-11518)
cross-site scripting in CVE-2026-11518 (CVE-2026-11518). Risk of unauthorized operations or information disclosure.
CVE-2026-11520 Cross-Site Scripting (XSS) in CVE-2026-11520 (CVE-2026-11520)
cross-site scripting in CVE-2026-11520 (CVE-2026-11520). Risk of unauthorized operations or information disclosure.
CVE-2026-11512 Cross-Site Scripting (XSS) in CVE-2026-11512 (CVE-2026-11512)
cross-site scripting in CVE-2026-11512 (CVE-2026-11512). Risk of unauthorized operations or information disclosure.
CVE-2026-11491 Cross-Site Scripting (XSS) in CVE-2026-11491 (CVE-2026-11491)
cross-site scripting in CVE-2026-11491 (CVE-2026-11491). Risk of unauthorized operations or information disclosure.
CVE-2026-11468 Cross-Site Scripting (XSS) in CVE-2026-11468 (CVE-2026-11468)
cross-site scripting in CVE-2026-11468 (CVE-2026-11468). Risk of unauthorized operations or information disclosure.
CVE-2026-11436 Cross-Site Scripting (XSS) in CVE-2026-11436 (CVE-2026-11436)
cross-site scripting in CVE-2026-11436 (CVE-2026-11436). Risk of unauthorized operations or information disclosure.
CVE-2026-11434 Cross-Site Scripting (XSS) in CVE-2026-11434 (CVE-2026-11434)
cross-site scripting in CVE-2026-11434 (CVE-2026-11434). Risk of unauthorized operations or information disclosure.
CVE-2026-11429 Path Traversal in path-traversal (CVE-2026-11429)
path traversal in path-traversal (CVE-2026-11429). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.1.1` or later.
CVE-2026-49493 Code Injection in CVE-2026-49493 (CVE-2026-49493)
code injection in CVE-2026-49493 (CVE-2026-49493). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
CVE-2026-11338 Cross-Site Scripting (XSS) in CVE-2026-11338 (CVE-2026-11338)
cross-site scripting in CVE-2026-11338 (CVE-2026-11338). Risk of unauthorized operations or information disclosure.
CVE-2026-11337 Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
CVE-2026-48017 Code Injection in dbgate-api (CVE-2026-48017)
code injection in dbgate-api (CVE-2026-48017). Successful exploitation can lead to full system takeover. Exploitable via `POST /runners/load-reader`. Mitigation: upgrade to `7.1.9` or later.
CVE-2026-11231 Code Injection in google (CVE-2026-11231)
code injection in google (CVE-2026-11231). Confidential information can be exposed externally.
CVE-2026-11218 Vulnerability in google (CVE-2026-11218)
vulnerability in google (CVE-2026-11218). Confidential information can be exposed externally.
CVE-2026-11157 Code Injection in google (CVE-2026-11157)
code injection in google (CVE-2026-11157). Risk of unauthorized operations or information disclosure.
CVE-2026-10928 Code Injection in google (CVE-2026-10928)
code injection in google (CVE-2026-10928). Successful exploitation can lead to full system takeover.
CVE-2026-10904 Vulnerability in google (CVE-2026-10904)
vulnerability in google (CVE-2026-10904). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →