Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-11419 |
|
Path Traversal in path-traversal (CVE-2026-11419)
path traversal in path-traversal (CVE-2026-11419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5411 |
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
| CVE-2026-46394 |
|
OS Command Injection in CVE-2026-46394 (CVE-2026-46394)
OS command injection in CVE-2026-46394 (CVE-2026-46394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46392 |
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
| CVE-2026-45746 |
|
Vulnerability in termix (CVE-2026-45746)
vulnerability in termix (CVE-2026-45746). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10732 |
|
Vulnerability in path-traversal (CVE-2026-10732)
vulnerability in path-traversal (CVE-2026-10732). Data can be tampered with by attackers.
|
| CVE-2026-7763 |
|
Vulnerability in c (CVE-2026-7763)
vulnerability in c (CVE-2026-7763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7762 |
|
Vulnerability in dos (CVE-2026-7762)
vulnerability in dos (CVE-2026-7762). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25550 |
|
Vulnerability in csharp (CVE-2026-25550)
vulnerability in csharp (CVE-2026-25550). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8037 |
|
Command Injection in CVE-2026-8037 (CVE-2026-8037)
command injection in CVE-2026-8037 (CVE-2026-8037). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41065 |
|
Vulnerability in CVE-2026-41065 (CVE-2026-41065)
vulnerability in CVE-2026-41065 (CVE-2026-41065). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45431 |
|
OS Command Injection in CVE-2026-45431 (CVE-2026-45431)
OS command injection in CVE-2026-45431 (CVE-2026-45431). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41283 |
|
Authorization Flaw in CVE-2026-41283 (CVE-2026-41283)
vulnerability in CVE-2026-41283 (CVE-2026-41283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10777 |
|
A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
|
| CVE-2026-44016 |
|
Code Injection in docling (CVE-2026-44016)
code injection in docling (CVE-2026-44016). Confidential information can be exposed externally. Exploitable via ``enable_remote_fetch``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-44017 |
|
Path Traversal in docling (CVE-2026-44017)
path traversal in docling (CVE-2026-44017). Successful exploitation can lead to full system takeover. Exploitable via ``SecurityError``. Mitigation: upgrade to `2.91.0` or later.
|
| CVE-2026-5241 |
|
Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
|
| CVE-2026-49143 |
|
Code Injection in browserstack-runner (CVE-2026-49143)
code injection in browserstack-runner (CVE-2026-49143). Successful exploitation can lead to full system takeover. Exploitable via ``context``.
|
| CVE-2026-42211 |
|
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
|
| CVE-2026-1829 |
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
| CVE-2026-0611 |
|
Vulnerability in csharp (CVE-2026-0611)
vulnerability in csharp (CVE-2026-0611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47117 |
|
Code Injection in openmed (CVE-2026-47117)
code injection in openmed (CVE-2026-47117). Successful exploitation can lead to full system takeover. Exploitable via ``model_name``. Mitigation: upgrade to `1.5.2` or later.
|
| CVE-2026-7313 |
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
|
| CVE-2026-7195 |
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
|
| CVE-2026-39553 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2026-39552 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2025-68886 |
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
| CVE-2026-34906 |
|
Vulnerability in CVE-2026-34906 (CVE-2026-34906)
vulnerability in CVE-2026-34906 (CVE-2026-34906). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9330 |
|
Unsafe Deserialization in deserialization (CVE-2026-9330)
vulnerability in deserialization (CVE-2026-9330). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9311 |
|
Code Injection in ibm (CVE-2026-9311)
code injection in ibm (CVE-2026-9311). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9319 |
|
Unsafe Deserialization in deserialization (CVE-2026-9319)
vulnerability in deserialization (CVE-2026-9319). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7770 |
|
Vulnerability in CVE-2026-7770 (CVE-2026-7770)
vulnerability in CVE-2026-7770 (CVE-2026-7770). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49121 |
|
Unsafe Deserialization in amd (CVE-2026-49121)
vulnerability in amd (CVE-2026-49121). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8931 |
|
Code Injection in CVE-2026-8931 (CVE-2026-8931)
code injection in CVE-2026-8931 (CVE-2026-8931). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0826 |
|
Vulnerability in CVE-2026-0826 (CVE-2026-0826)
vulnerability in CVE-2026-0826 (CVE-2026-0826). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10532 |
|
Unsafe Deserialization in privilege-escalation (CVE-2026-10532)
vulnerability in privilege-escalation (CVE-2026-10532). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7858 |
|
Unsafe Deserialization in deserialization (CVE-2026-7858)
vulnerability in deserialization (CVE-2026-7858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42359 |
|
Unsafe Deserialization in apache-airflow (CVE-2026-42359)
vulnerability in apache-airflow (CVE-2026-42359). Successful exploitation can lead to full system takeover. Exploitable via `PATCH /api/v2/xcomEntries/{key}`. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2024-21182 KEV |
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
|
| CVE-2018-25412 |
|
Vulnerability in deltasql-project (CVE-2018-25412)
vulnerability in deltasql-project (CVE-2018-25412). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7465 |
|
Privilege Escalation in wordpress (CVE-2026-7465)
vulnerability in wordpress (CVE-2026-7465). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44421 |
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
|
| CVE-2026-49373 |
|
Vulnerability in jetbrains (CVE-2026-49373)
vulnerability in jetbrains (CVE-2026-49373). Confidential information can be exposed externally.
|
| CVE-2026-49367 |
|
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
|
| CVE-2026-45668 |
|
Path Traversal in path-traversal (CVE-2026-45668)
path traversal in path-traversal (CVE-2026-45668). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.102.2` or later.
|
| CVE-2026-45661 |
|
Path Traversal in path-traversal (CVE-2026-45661)
path traversal in path-traversal (CVE-2026-45661). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45632 |
|
OS Command Injection in CVE-2026-45632 (CVE-2026-45632)
OS command injection in CVE-2026-45632 (CVE-2026-45632). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39292 |
|
Unrestricted File Upload in CVE-2026-39292 (CVE-2026-39292)
vulnerability in CVE-2026-39292 (CVE-2026-39292). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10042 |
|
Unsafe Deserialization in deserialization (CVE-2026-10042)
vulnerability in deserialization (CVE-2026-10042). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45615 |
|
Vulnerability in c (CVE-2026-45615)
vulnerability in c (CVE-2026-45615). Risk of unauthorized operations or information disclosure. Exploitable via ``INTEGER_decode_oer``.
|