Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43633 |
|
Unsafe Deserialization in deserialization (CVE-2026-43633)
vulnerability in deserialization (CVE-2026-43633). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46725 |
|
Unsafe Deserialization in mmc/ceselector (CVE-2026-46725)
vulnerability in mmc/ceselector (CVE-2026-46725). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.3` or later.
|
| CVE-2026-8727 |
|
Unsafe Deserialization in tomasnorre/crawler (CVE-2026-8727)
vulnerability in tomasnorre/crawler (CVE-2026-8727). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `11.0.13` or later.
|
| CVE-2026-33233 |
|
Code Injection in deserialization (CVE-2026-33233)
code injection in deserialization (CVE-2026-33233). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26978 |
|
Unsafe Deserialization in CVE-2026-26978 (CVE-2026-26978)
vulnerability in CVE-2026-26978 (CVE-2026-26978). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45829 |
|
Code Injection in chromadb (CVE-2026-45829)
code injection in chromadb (CVE-2026-45829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7304 |
|
Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7301 |
|
Unsafe Deserialization in sglang (CVE-2026-7301)
vulnerability in sglang (CVE-2026-7301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8751 |
|
Vulnerability in deserialization (CVE-2026-8751)
vulnerability in deserialization (CVE-2026-8751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8735 |
|
Vulnerability in deserialization (CVE-2026-8735)
vulnerability in deserialization (CVE-2026-8735). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47952 |
|
Code Injection in deserialization (CVE-2021-47952)
code injection in deserialization (CVE-2021-47952). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8612 |
|
Unsafe Deserialization in oalders (CVE-2026-8612)
vulnerability in oalders (CVE-2026-8612). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44501 |
|
Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
|
| CVE-2026-1184 |
|
Unsafe Deserialization in gitlab (CVE-2026-1184)
vulnerability in gitlab (CVE-2026-1184). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.9.7, 18.10.6, 18.11.3` or later.
|
| CVE-2026-41957 |
|
Unsafe Deserialization in f5 (CVE-2026-41957)
vulnerability in f5 (CVE-2026-41957). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45134 |
|
Unsafe Deserialization in langsmith (CVE-2026-45134)
vulnerability in langsmith (CVE-2026-45134). Confidential information can be exposed externally. Exploitable via ``pull_prompt``. Mitigation: upgrade to `0.8.0` or later.
|
| CVE-2026-7635 |
|
Unsafe Deserialization in wordpress (CVE-2026-7635)
vulnerability in wordpress (CVE-2026-7635). Successful exploitation can lead to full system takeover. Exploitable via `User-Agent header`.
|
| CVE-2026-34659 |
|
Unsafe Deserialization in deserialization (CVE-2026-34659)
vulnerability in deserialization (CVE-2026-34659). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35439 |
|
Unsafe Deserialization in deserialization (CVE-2026-35439)
vulnerability in deserialization (CVE-2026-35439). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40368 |
|
Unsafe Deserialization in deserialization (CVE-2026-40368)
vulnerability in deserialization (CVE-2026-40368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40357 |
|
Unsafe Deserialization in deserialization (CVE-2026-40357)
vulnerability in deserialization (CVE-2026-40357). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33110 |
|
Unsafe Deserialization in deserialization (CVE-2026-33110)
vulnerability in deserialization (CVE-2026-33110). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33112 |
|
Unsafe Deserialization in deserialization (CVE-2026-33112)
vulnerability in deserialization (CVE-2026-33112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31237 |
|
Unsafe Deserialization in ludwig (CVE-2026-31237)
vulnerability in ludwig (CVE-2026-31237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31238 |
|
Unsafe Deserialization in ludwig (CVE-2026-31238)
vulnerability in ludwig (CVE-2026-31238). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31235 |
|
Unsafe Deserialization in imgaug (CVE-2026-31235)
vulnerability in imgaug (CVE-2026-31235). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31239 |
|
Unsafe Deserialization in mamba-ssm (CVE-2026-31239)
vulnerability in mamba-ssm (CVE-2026-31239). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31229 |
|
Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31234 |
|
Unsafe Deserialization in horovod (CVE-2026-31234)
vulnerability in horovod (CVE-2026-31234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31232 |
|
Unsafe Deserialization in deserialization (CVE-2026-31232)
vulnerability in deserialization (CVE-2026-31232). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31221 |
|
Unsafe Deserialization in pytorch-lightning (CVE-2026-31221)
vulnerability in pytorch-lightning (CVE-2026-31221). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31222 |
|
Unsafe Deserialization in snorkel (CVE-2026-31222)
vulnerability in snorkel (CVE-2026-31222). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31223 |
|
Unsafe Deserialization in snorkel (CVE-2026-31223)
vulnerability in snorkel (CVE-2026-31223). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31224 |
|
Unsafe Deserialization in snorkel (CVE-2026-31224)
vulnerability in snorkel (CVE-2026-31224). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31214 |
|
Unsafe Deserialization in deserialization (CVE-2026-31214)
vulnerability in deserialization (CVE-2026-31214). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31218 |
|
Unsafe Deserialization in deserialization (CVE-2026-31218)
vulnerability in deserialization (CVE-2026-31218). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31219 |
|
Unsafe Deserialization in deserialization (CVE-2026-31219)
vulnerability in deserialization (CVE-2026-31219). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3048 |
|
Unsafe Deserialization in CVE-2026-3048 (CVE-2026-3048)
vulnerability in CVE-2026-3048 (CVE-2026-3048). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31249 |
|
Unsafe Deserialization in deserialization (CVE-2026-31249)
vulnerability in deserialization (CVE-2026-31249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31250 |
|
Unsafe Deserialization in deserialization (CVE-2026-31250)
vulnerability in deserialization (CVE-2026-31250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31253 |
|
Code Injection in flash_attn (CVE-2026-31253)
code injection in flash_attn (CVE-2026-31253). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7818 |
|
Unsafe Deserialization in pgadmin4 (CVE-2026-7818)
vulnerability in pgadmin4 (CVE-2026-7818). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-44843 |
|
Unsafe Deserialization in langchain-core (CVE-2026-44843)
vulnerability in langchain-core (CVE-2026-44843). Confidential information can be exposed externally. Exploitable via ``RunnableWithMessageHistory``. Mitigation: upgrade to `0.3.85` or later.
|
| CVE-2026-41486 |
|
Code Injection in ray (CVE-2026-41486)
code injection in ray (CVE-2026-41486). Successful exploitation can lead to full system takeover. Exploitable via ``ray.data.arrow_tensor``. Mitigation: upgrade to `2.55.0` or later.
|
| CVE-2026-44126 |
|
Unsafe Deserialization in CVE-2026-44126 (CVE-2026-44126)
vulnerability in CVE-2026-44126 (CVE-2026-44126). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5127 |
|
Unsafe Deserialization in wordpress (CVE-2026-5127)
vulnerability in wordpress (CVE-2026-5127). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69690 |
|
Unsafe Deserialization in deserialization (CVE-2025-69690)
vulnerability in deserialization (CVE-2025-69690). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69691 |
|
Vulnerability in pfsense (CVE-2025-69691)
vulnerability in pfsense (CVE-2025-69691). Successful exploitation can lead to full system takeover.
|
| CVE-2024-53326 |
|
Unsafe Deserialization in deserialization (CVE-2024-53326)
vulnerability in deserialization (CVE-2024-53326). Successful exploitation can lead to full system takeover.
|
| CVE-2022-21549 |
|
Unsafe Deserialization in java (CVE-2022-21549)
vulnerability in java (CVE-2022-21549). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.0.4` or later.
|