Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42555 |
|
Code Injection in com.ritense.valtimo:document (CVE-2026-42555)
code injection in com.ritense.valtimo:document (CVE-2026-42555). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/management/v1/document-definition/migrate`. Mitigation: upgrade to `12.32.0` or later.
|
| CVE-2026-44791 |
|
Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44789 |
|
Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2025-69443 |
|
Code Injection in CVE-2025-69443 (CVE-2025-69443)
code injection in CVE-2025-69443 (CVE-2025-69443). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46442 |
|
Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-41249 |
|
Code Injection in coreshop/core-shop (CVE-2026-41249)
code injection in coreshop/core-shop (CVE-2026-41249). Confidential information can be exposed externally. Exploitable via ``pull_request_target``.
|
| CVE-2026-24000 |
|
Vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000)
vulnerability in github.com/fleetdm/fleet/v4 (CVE-2026-24000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.80.1` or later.
|
| CVE-2026-6271 |
|
Unrestricted File Upload in wordpress (CVE-2026-6271)
vulnerability in wordpress (CVE-2026-6271). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8500 |
|
OS Command Injection in CVE-2026-8500 (CVE-2026-8500)
OS command injection in CVE-2026-8500 (CVE-2026-8500). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45158 |
|
Vulnerability in opnsense (CVE-2026-45158)
vulnerability in opnsense (CVE-2026-45158). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
|
| CVE-2026-44193 |
|
Vulnerability in opnsense (CVE-2026-44193)
vulnerability in opnsense (CVE-2026-44193). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.7` or later.
|
| CVE-2026-44194 |
|
OS Command Injection in opnsense (CVE-2026-44194)
OS command injection in opnsense (CVE-2026-44194). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
|
| CVE-2026-45714 |
|
Code Injection in CVE-2026-45714 (CVE-2026-45714)
code injection in CVE-2026-45714 (CVE-2026-45714). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-45053 |
|
Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-44377 |
|
Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
|
| CVE-2026-22599 |
|
SQL Injection in @strapi/content-type-builder (CVE-2026-22599)
SQL injection in @strapi/content-type-builder (CVE-2026-22599). Successful exploitation can lead to full system takeover. Exploitable via ``column.defaultTo``. Mitigation: upgrade to `5.33.2` or later.
|
| CVE-2026-43998 |
|
Vulnerability in vm2 (CVE-2026-43998)
vulnerability in vm2 (CVE-2026-43998). Successful exploitation can lead to full system takeover. Exploitable via ``require.root``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-43999 |
|
Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-41957 |
|
Unsafe Deserialization in f5 (CVE-2026-41957)
vulnerability in f5 (CVE-2026-41957). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43680 |
|
Code Injection in claris (CVE-2026-43680)
code injection in claris (CVE-2026-43680). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42288 |
|
Code Injection in CVE-2026-42288 (CVE-2026-42288)
code injection in CVE-2026-42288 (CVE-2026-42288). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-43685 |
|
OS Command Injection in claris (CVE-2026-43685)
OS command injection in claris (CVE-2026-43685). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42854 |
|
Vulnerability in espressif (CVE-2026-42854)
vulnerability in espressif (CVE-2026-42854). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.3.8` or later.
|
| CVE-2026-44403 |
|
Code Injection in wftpserver (CVE-2026-44403)
code injection in wftpserver (CVE-2026-44403). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44854 |
|
Command Injection in arubanetworks (CVE-2026-44854)
command injection in arubanetworks (CVE-2026-44854). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44853 |
|
Command Injection in arubanetworks (CVE-2026-44853)
command injection in arubanetworks (CVE-2026-44853). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44852 |
|
Vulnerability in arubanetworks (CVE-2026-44852)
vulnerability in arubanetworks (CVE-2026-44852). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23827 |
|
Vulnerability in dos (CVE-2026-23827)
vulnerability in dos (CVE-2026-23827). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8430 |
|
Code Injection in nginx (CVE-2026-8430)
code injection in nginx (CVE-2026-8430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8429 |
|
Code Injection in CVE-2026-8429 (CVE-2026-8429)
code injection in CVE-2026-8429 (CVE-2026-8429). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31233 |
|
Code Injection in guardrails-ai (CVE-2026-31233)
code injection in guardrails-ai (CVE-2026-31233). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31232 |
|
Unsafe Deserialization in deserialization (CVE-2026-31232)
vulnerability in deserialization (CVE-2026-31232). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31234 |
|
Unsafe Deserialization in horovod (CVE-2026-31234)
vulnerability in horovod (CVE-2026-31234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31229 |
|
Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31231 |
|
Code Injection in CVE-2026-31231 (CVE-2026-31231)
code injection in CVE-2026-31231 (CVE-2026-31231). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43892 |
|
Cross-Site Scripting (XSS) in CVE-2026-43892 (CVE-2026-43892)
cross-site scripting in CVE-2026-43892 (CVE-2026-43892). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.16` or later.
|
| CVE-2026-20887 |
|
Vulnerability in dos (CVE-2026-20887)
vulnerability in dos (CVE-2026-20887). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31228 |
|
Code Injection in CVE-2026-31228 (CVE-2026-31228)
code injection in CVE-2026-31228 (CVE-2026-31228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31226 |
|
OS Command Injection in CVE-2026-31226 (CVE-2026-31226)
OS command injection in CVE-2026-31226 (CVE-2026-31226). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31225 |
|
Code Injection in superduper-framework (CVE-2026-31225)
code injection in superduper-framework (CVE-2026-31225). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31220 |
|
Code Injection in syft (CVE-2026-31220)
code injection in syft (CVE-2026-31220). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8111 |
|
SQL Injection in sqli (CVE-2026-8111)
SQL injection in sqli (CVE-2026-8111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8051 |
|
OS Command Injection in ivanti (CVE-2026-8051)
OS command injection in ivanti (CVE-2026-8051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5029 |
|
Vulnerability in CVE-2026-5029 (CVE-2026-5029)
vulnerability in CVE-2026-5029 (CVE-2026-5029). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40947 |
|
OS Command Injection in siemens (CVE-2025-40947)
OS command injection in siemens (CVE-2025-40947). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43899 |
|
Vulnerability in CVE-2026-43899 (CVE-2026-43899)
vulnerability in CVE-2026-43899 (CVE-2026-43899). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.4-beta.1` or later.
|
| CVE-2026-43893 |
|
Vulnerability in exiftool-vendored (CVE-2026-43893)
vulnerability in exiftool-vendored (CVE-2026-43893). Data can be tampered with by attackers. Exploitable via ``WriteTask``. Mitigation: upgrade to `35.19.0` or later.
|
| CVE-2026-42046 |
|
Vulnerability in CVE-2026-42046 (CVE-2026-42046)
vulnerability in CVE-2026-42046 (CVE-2026-42046). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2614 |
|
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
|
| CVE-2026-39850 |
|
Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.
|