Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9695 |
|
Authentication Bypass in CVE-2026-9695 (CVE-2026-9695)
authentication bypass in CVE-2026-9695 (CVE-2026-9695). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53483 |
|
Authentication Bypass in CVE-2026-53483 (CVE-2026-53483)
authentication bypass in CVE-2026-53483 (CVE-2026-53483). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40139 |
|
Authentication Bypass in beyondtrust (CVE-2026-40139)
authentication bypass in beyondtrust (CVE-2026-40139). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53913 |
|
Authentication Bypass in apache (CVE-2026-53913)
authentication bypass in apache (CVE-2026-53913). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52830 |
|
Path Traversal in fast-mcp-telegram (CVE-2026-52830)
path traversal in fast-mcp-telegram (CVE-2026-52830). Confidential information can be exposed externally. Exploitable via ``telegram``. Mitigation: upgrade to `0.19.1` or later.
|
| CVE-2026-11387 |
|
Authentication Bypass in wordpress (CVE-2026-11387)
authentication bypass in wordpress (CVE-2026-11387). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49869 |
|
OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-54089 |
|
Authentication Bypass in CVE-2026-54089 (CVE-2026-54089)
authentication bypass in CVE-2026-54089 (CVE-2026-54089). Confidential information can be exposed externally.
|
| CVE-2026-56237 |
|
Authentication Bypass in CVE-2026-56237 (CVE-2026-56237)
authentication bypass in CVE-2026-56237 (CVE-2026-56237). Confidential information can be exposed externally.
|
| CVE-2026-11374 |
|
Authentication Bypass in CVE-2026-11374 (CVE-2026-11374)
authentication bypass in CVE-2026-11374 (CVE-2026-11374). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7664 |
|
Authentication Bypass in langflow (CVE-2026-7664)
authentication bypass in langflow (CVE-2026-7664). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45480 |
|
Authentication Bypass in microsoft (CVE-2026-45480)
authentication bypass in microsoft (CVE-2026-45480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49454 |
|
Authentication Bypass in relyra (CVE-2026-49454)
authentication bypass in relyra (CVE-2026-49454). Confidential information can be exposed externally. Exploitable via ``SignatureValue``. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-46919 |
|
Vulnerability in c (CVE-2026-46919)
vulnerability in c (CVE-2026-46919). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46890 |
|
Vulnerability in c (CVE-2026-46890)
vulnerability in c (CVE-2026-46890). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46859 |
|
Authentication Bypass in c (CVE-2026-46859)
authentication bypass in c (CVE-2026-46859). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48114 |
|
SQL Injection in sqli (CVE-2026-48114)
SQL injection in sqli (CVE-2026-48114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12183 |
|
Authentication Bypass in CVE-2026-12183 (CVE-2026-12183)
authentication bypass in CVE-2026-12183 (CVE-2026-12183). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48611 |
|
Authentication Bypass in CVE-2026-48611 (CVE-2026-48611)
authentication bypass in CVE-2026-48611 (CVE-2026-48611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36727 |
|
Authentication Bypass in CVE-2026-36727 (CVE-2026-36727)
authentication bypass in CVE-2026-36727 (CVE-2026-36727). Confidential information can be exposed externally.
|
| CVE-2026-50751 KEV |
|
[KEV] Authentication Bypass in Check point checkpoint (CVE-2026-50751)
authentication bypass in Check point checkpoint (CVE-2026-50751). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2026-46389 |
|
Authentication Bypass in defenseunicorns (CVE-2026-46389)
authentication bypass in defenseunicorns (CVE-2026-46389). Successful exploitation can lead to full system takeover. Exploitable via ``client_secret``.
|
| CVE-2026-6274 |
|
Authentication Bypass in CVE-2026-6274 (CVE-2026-6274)
authentication bypass in CVE-2026-6274 (CVE-2026-6274). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49191 |
|
Authentication Bypass in acer (CVE-2026-49191)
authentication bypass in acer (CVE-2026-49191). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49186 |
|
Authentication Bypass in acer (CVE-2026-49186)
authentication bypass in acer (CVE-2026-49186). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49448 |
|
Authentication Bypass in authentik (CVE-2026-49448)
authentication bypass in authentik (CVE-2026-49448). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
|
| CVE-2026-5076 |
|
Authentication Bypass in wordpress (CVE-2026-5076)
authentication bypass in wordpress (CVE-2026-5076). Successful exploitation can lead to full system takeover. Exploitable via ``arm_reset_password_key``.
|
| CVE-2026-10611 |
|
Authentication Bypass in misp (CVE-2026-10611)
authentication bypass in misp (CVE-2026-10611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49197 |
|
Authentication Bypass in acer (CVE-2026-49197)
authentication bypass in acer (CVE-2026-49197). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-3655 |
|
Authentication Bypass in wordpress (CVE-2026-3655)
authentication bypass in wordpress (CVE-2026-3655). Successful exploitation can lead to full system takeover. Exploitable via ``lwp_ajax_register``.
|
| CVE-2026-46840 |
|
Vulnerability in c (CVE-2026-46840)
vulnerability in c (CVE-2026-46840). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46817 |
|
Privilege Escalation in c (CVE-2026-46817)
vulnerability in c (CVE-2026-46817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7876 |
|
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
|
| CVE-2026-47280 |
|
Authentication Bypass in microsoft (CVE-2026-47280)
authentication bypass in microsoft (CVE-2026-47280). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32253 |
|
Authentication Bypass in cpp (CVE-2026-32253)
authentication bypass in cpp (CVE-2026-32253). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36829 |
|
Path Traversal in path-traversal (CVE-2026-36829)
path traversal in path-traversal (CVE-2026-36829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45434 |
|
Authentication Bypass in apache (CVE-2026-45434)
authentication bypass in apache (CVE-2026-45434). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42822 |
|
Authentication Bypass in microsoft (CVE-2026-42822)
authentication bypass in microsoft (CVE-2026-42822). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5229 |
|
Authentication Bypass in wordpress (CVE-2026-5229)
authentication bypass in wordpress (CVE-2026-5229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20182 KEV |
|
[KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-8181 |
|
Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
|
| CVE-2026-44351 |
|
Vulnerability in fast-jwt (CVE-2026-44351)
vulnerability in fast-jwt (CVE-2026-44351). Confidential information can be exposed externally. Exploitable via ``Buffer``. Mitigation: upgrade to `6.2.4` or later.
|
| CVE-2026-44547 |
|
Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
|
| CVE-2026-33117 |
|
Authentication Bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117)
authentication bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117). Confidential information can be exposed externally. Mitigation: upgrade to `4.10.6` or later.
|
| CVE-2026-44196 |
|
Authentication Bypass in CVE-2026-44196 (CVE-2026-44196)
authentication bypass in CVE-2026-44196 (CVE-2026-44196). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.3` or later.
|
| CVE-2026-42869 |
|
Authentication Bypass in CVE-2026-42869 (CVE-2026-42869)
authentication bypass in CVE-2026-42869 (CVE-2026-42869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.1.57` or later.
|
| CVE-2026-42560 |
|
Authentication Bypass in oauth (CVE-2026-42560)
authentication bypass in oauth (CVE-2026-42560). Confidential information can be exposed externally. Exploitable via ``user.ID``.
|
| CVE-2026-44551 |
|
Authentication Bypass in open-webui (CVE-2026-44551)
authentication bypass in open-webui (CVE-2026-44551). Confidential information can be exposed externally. Exploitable via `POST /api/v1/auths/ldap`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-41070 |
|
Authentication Bypass in openvpn (CVE-2026-41070)
authentication bypass in openvpn (CVE-2026-41070). Confidential information can be exposed externally. Exploitable via ``plugin``.
|
| CVE-2026-41574 |
|
Authentication Bypass in github.com/nhost/nhost (CVE-2026-41574)
authentication bypass in github.com/nhost/nhost (CVE-2026-41574). Successful exploitation can lead to full system takeover. Exploitable via `GET /users/`. Mitigation: upgrade to `0.0.0-20260417112436-ec8dab3f2cf4` or later.
|