Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12046 |
|
Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
|
| CVE-2026-43994 |
|
Vulnerability in coturn-project (CVE-2026-43994)
vulnerability in coturn-project (CVE-2026-43994). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8461 |
|
Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54223 |
|
Path Traversal in path-traversal (CVE-2026-54223)
path traversal in path-traversal (CVE-2026-54223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44727 |
|
Cross-Site Scripting (XSS) in jupyter-server (CVE-2026-44727)
cross-site scripting in jupyter-server (CVE-2026-44727). Risk of unauthorized operations or information disclosure. Exploitable via ``nbconvert.HTMLExporter``. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-12565 |
|
Path Traversal in bbot (CVE-2026-12565)
path traversal in bbot (CVE-2026-12565). Data can be tampered with by attackers. Exploitable via ``unarchive``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12569 KEV |
|
[KEV] Vulnerability in Ptc deserialization (CVE-2026-12569)
vulnerability in Ptc deserialization (CVE-2026-12569). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-55200 |
|
Vulnerability in libssh2 (CVE-2026-55200)
vulnerability in libssh2 (CVE-2026-55200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11407 |
|
Vulnerability in pimcore/pimcore (CVE-2026-11407)
vulnerability in pimcore/pimcore (CVE-2026-11407). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53805 |
|
Unsafe Deserialization in CVE-2026-53805 (CVE-2026-53805)
vulnerability in CVE-2026-53805 (CVE-2026-53805). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53872 |
|
Path Traversal in picklescan (CVE-2026-53872)
path traversal in picklescan (CVE-2026-53872). Confidential information can be exposed externally. Exploitable via ``picklescan``. Mitigation: upgrade to `0.0.35` or later.
|
| CVE-2026-3490 |
|
Vulnerability in picklescan (CVE-2026-3490)
vulnerability in picklescan (CVE-2026-3490). Successful exploitation can lead to full system takeover. Exploitable via ``pkgutil.resolve_name``. Mitigation: upgrade to `1.0.4` or later.
|
| CVE-2026-36418 |
|
Code Injection in CVE-2026-36418 (CVE-2026-36418)
code injection in CVE-2026-36418 (CVE-2026-36418). Confidential information can be exposed externally.
|
| CVE-2026-55743 |
|
OS Command Injection in CVE-2026-55743 (CVE-2026-55743)
OS command injection in CVE-2026-55743 (CVE-2026-55743). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71323 |
|
Vulnerability in picklescan (CVE-2025-71323)
vulnerability in picklescan (CVE-2025-71323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2025-71321 |
|
Unsafe Deserialization in picklescan (CVE-2025-71321)
vulnerability in picklescan (CVE-2025-71321). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-40783 |
|
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
|
| CVE-2026-47103 |
|
Vulnerability in python-statemachine (CVE-2026-47103)
vulnerability in python-statemachine (CVE-2026-47103). Successful exploitation can lead to full system takeover. Exploitable via ``SCXMLProcessor``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-0149 |
|
Vulnerability in google (CVE-2026-0149)
vulnerability in google (CVE-2026-0149). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0154 |
|
Vulnerability in google (CVE-2026-0154)
vulnerability in google (CVE-2026-0154). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0164 |
|
Vulnerability in google (CVE-2026-0164)
vulnerability in google (CVE-2026-0164). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0162 |
|
Vulnerability in cpp (CVE-2026-0162)
vulnerability in cpp (CVE-2026-0162). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0146 |
|
Vulnerability in c (CVE-2026-0146)
vulnerability in c (CVE-2026-0146). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0147 |
|
Vulnerability in c (CVE-2026-0147)
vulnerability in c (CVE-2026-0147). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0151 |
|
Vulnerability in c (CVE-2026-0151)
vulnerability in c (CVE-2026-0151). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0148 |
|
Vulnerability in cpp (CVE-2026-0148)
vulnerability in cpp (CVE-2026-0148). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0160 |
|
Vulnerability in cpp (CVE-2026-0160)
vulnerability in cpp (CVE-2026-0160). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0135 |
|
Out-of-Bounds Read in google (CVE-2026-0135)
vulnerability in google (CVE-2026-0135). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0126 |
|
Out-of-Bounds Write in google (CVE-2026-0126)
out-of-bounds write in google (CVE-2026-0126). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0132 |
|
Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0139 |
|
Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53866 |
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
| CVE-2026-53857 |
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-48519 |
|
Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2024-24909 |
|
Command Injection in CVE-2024-24909 (CVE-2024-24909)
command injection in CVE-2024-24909 (CVE-2024-24909). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12398 |
|
OS Command Injection in galaxy-ng (CVE-2026-12398)
OS command injection in galaxy-ng (CVE-2026-12398). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10829 |
|
Vulnerability in CVE-2026-10829 (CVE-2026-10829)
vulnerability in CVE-2026-10829 (CVE-2026-10829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8442 |
|
Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
|
| CVE-2026-6933 |
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48853 |
|
Unsafe Deserialization in deserialization (CVE-2026-48853)
vulnerability in deserialization (CVE-2026-48853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48836 |
|
Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.
Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions.
|
| CVE-2026-39465 |
|
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
|
| CVE-2026-53705 |
|
Vulnerability in CVE-2026-53705 (CVE-2026-53705)
vulnerability in CVE-2026-53705 (CVE-2026-53705). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52720 |
|
Vulnerability in CVE-2026-52720 (CVE-2026-52720)
vulnerability in CVE-2026-52720 (CVE-2026-52720). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47835 |
|
Vulnerability in CVE-2026-47835 (CVE-2026-47835)
vulnerability in CVE-2026-47835 (CVE-2026-47835). Confidential information can be exposed externally.
|
| CVE-2026-38329 |
|
Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
|
| CVE-2026-30120 |
|
Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
|