Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-94 Clear
ID Title
CVE-2026-14749 Vulnerability in CVE-2026-14749 (CVE-2026-14749)
vulnerability in CVE-2026-14749 (CVE-2026-14749). Risk of unauthorized operations or information disclosure.
CVE-2026-14722 Vulnerability in CVE-2026-14722 (CVE-2026-14722)
vulnerability in CVE-2026-14722 (CVE-2026-14722). Risk of unauthorized operations or information disclosure.
CVE-2026-12252 Code Injection in nltk (CVE-2026-12252)
code injection in nltk (CVE-2026-12252). Successful exploitation can lead to full system takeover.
CVE-2026-14407 Code Injection in google (CVE-2026-14407)
code injection in google (CVE-2026-14407). Successful exploitation can lead to full system takeover.
CVE-2026-14383 Code Injection in google (CVE-2026-14383)
code injection in google (CVE-2026-14383). Successful exploitation can lead to full system takeover.
CVE-2026-58454 Code Injection in CVE-2026-58454 (CVE-2026-58454)
code injection in CVE-2026-58454 (CVE-2026-58454). Successful exploitation can lead to full system takeover.
CVE-2026-24249 Code Injection in deserialization (CVE-2026-24249)
code injection in deserialization (CVE-2026-24249). Successful exploitation can lead to full system takeover.
CVE-2026-24248 Code Injection in nvidia (CVE-2026-24248)
code injection in nvidia (CVE-2026-24248). Successful exploitation can lead to full system takeover.
CVE-2026-56264 Code Injection in kidocode (CVE-2026-56264)
code injection in kidocode (CVE-2026-56264). Successful exploitation can lead to full system takeover.
CVE-2026-13749 Code Injection in snowflake (CVE-2026-13749)
code injection in snowflake (CVE-2026-13749). Successful exploitation can lead to full system takeover.
CVE-2026-13500 Vulnerability in CVE-2026-13500 (CVE-2026-13500)
vulnerability in CVE-2026-13500 (CVE-2026-13500). Risk of unauthorized operations or information disclosure.
CVE-2026-57315 Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.
CVE-2026-50741 Code Injection in revive-adserver (CVE-2026-50741)
code injection in revive-adserver (CVE-2026-50741). Successful exploitation can lead to full system takeover. Exploitable via ``type``.
CVE-2026-57456 Code Injection in vim (CVE-2026-57456)
code injection in vim (CVE-2026-57456). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.2.0699` or later.
CVE-2026-55895 OS Command Injection in vim (CVE-2026-55895)
OS command injection in vim (CVE-2026-55895). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.2.0663` or later.
CVE-2026-56049 Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
CVE-2026-12242 Code Injection in wordpress (CVE-2026-12242)
code injection in wordpress (CVE-2026-12242). Successful exploitation can lead to full system takeover.
CVE-2026-55441 OS Command Injection in mise (CVE-2026-55441)
OS command injection in mise (CVE-2026-55441). Successful exploitation can lead to full system takeover. Exploitable via ``mise.toml``. Mitigation: upgrade to `2026.6.4` or later.
CVE-2026-44959 Code Injection in CVE-2026-44959 (CVE-2026-44959)
code injection in CVE-2026-44959 (CVE-2026-44959). Successful exploitation can lead to full system takeover.
CVE-2026-34916 Code Injection in CVE-2026-34916 (CVE-2026-34916)
code injection in CVE-2026-34916 (CVE-2026-34916). Successful exploitation can lead to full system takeover.
CVE-2026-9072 Code Injection in dos (CVE-2026-9072)
code injection in dos (CVE-2026-9072). Successful exploitation can lead to full system takeover.
CVE-2026-8858 Code Injection in dos (CVE-2026-8858)
code injection in dos (CVE-2026-8858). Successful exploitation can lead to full system takeover.
CVE-2026-50178 Cross-Site Scripting (XSS) in angular (CVE-2026-50178)
cross-site scripting in angular (CVE-2026-50178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
CVE-2026-49241 Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
cross-site scripting in angular (CVE-2026-49241). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
CVE-2026-56446 Code Injection in misp-project (CVE-2026-56446)
code injection in misp-project (CVE-2026-56446). Successful exploitation can lead to full system takeover.
CVE-2026-56382 Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
CVE-2026-54074 Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
CVE-2026-55388 Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
CVE-2026-54816 Code Injection in CVE-2026-54816 (CVE-2026-54816)
code injection in CVE-2026-54816 (CVE-2026-54816). Successful exploitation can lead to full system takeover.
CVE-2026-49113 Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.
CVE-2026-46851 Code Injection in c (CVE-2026-46851)
code injection in c (CVE-2026-46851). Successful exploitation can lead to full system takeover.
CVE-2026-41523 Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-24155 Code Injection in nvidia (CVE-2026-24155)
code injection in nvidia (CVE-2026-24155). Successful exploitation can lead to full system takeover.
CVE-2026-54271 Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-54057 Code Injection in kovidgoyal (CVE-2026-54057)
code injection in kovidgoyal (CVE-2026-54057). Successful exploitation can lead to full system takeover.
CVE-2026-42851 Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
CVE-2026-45833 Code Injection in trychroma (CVE-2026-45833)
code injection in trychroma (CVE-2026-45833). Successful exploitation can lead to full system takeover.
CVE-2026-52860 Code Injection in vim (CVE-2026-52860)
code injection in vim (CVE-2026-52860). Successful exploitation can lead to full system takeover.
CVE-2026-52858 Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
CVE-2026-47162 Vulnerability in vim (CVE-2026-47162)
vulnerability in vim (CVE-2026-47162). Successful exploitation can lead to full system takeover.
CVE-2026-50223 Code Injection in apache (CVE-2026-50223)
code injection in apache (CVE-2026-50223). Successful exploitation can lead to full system takeover.
CVE-2026-47906 Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
CVE-2026-45583 Code Injection in microsoft (CVE-2026-45583)
code injection in microsoft (CVE-2026-45583). Successful exploitation can lead to full system takeover.
CVE-2026-47292 Code Injection in microsoft (CVE-2026-47292)
code injection in microsoft (CVE-2026-47292). Successful exploitation can lead to full system takeover.
CVE-2026-8795 Vulnerability in CVE-2026-8795 (CVE-2026-8795)
vulnerability in CVE-2026-8795 (CVE-2026-8795). Successful exploitation can lead to full system takeover.
CVE-2026-11688 Code Injection in google (CVE-2026-11688)
code injection in google (CVE-2026-11688). Successful exploitation can lead to full system takeover.
CVE-2026-25856 Code Injection in c (CVE-2026-25856)
code injection in c (CVE-2026-25856). Successful exploitation can lead to full system takeover.
CVE-2026-49493 Code Injection in CVE-2026-49493 (CVE-2026-49493)
code injection in CVE-2026-49493 (CVE-2026-49493). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
CVE-2026-48017 Code Injection in dbgate-api (CVE-2026-48017)
code injection in dbgate-api (CVE-2026-48017). Successful exploitation can lead to full system takeover. Exploitable via `POST /runners/load-reader`. Mitigation: upgrade to `7.1.9` or later.
CVE-2026-11231 Code Injection in google (CVE-2026-11231)
code injection in google (CVE-2026-11231). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →