Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-35262 Vulnerability in c (CVE-2026-35262)
vulnerability in c (CVE-2026-35262). Confidential information can be exposed externally.
CVE-2026-47774 Vulnerability in dos (CVE-2026-47774)
vulnerability in dos (CVE-2026-47774). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
CVE-2026-28737 Cross-Site Scripting (XSS) in code.gitea.io/gitea (CVE-2026-28737)
cross-site scripting in code.gitea.io/gitea (CVE-2026-28737). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `1.26.0` or later.
CVE-2026-54018 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54018)
SSRF in open-webui (CVE-2026-54018). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54017 Path Traversal in open-webui (CVE-2026-54017)
path traversal in open-webui (CVE-2026-54017). Confidential information can be exposed externally. Exploitable via `GET /api/v1/terminals/server1/..`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-9675 Vulnerability in undici (CVE-2026-9675)
vulnerability in undici (CVE-2026-9675). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-12151 Vulnerability in undici (CVE-2026-12151)
vulnerability in undici (CVE-2026-12151). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-20181 Path Traversal in Cisco dos (CVE-2026-20181)
path traversal in Cisco dos (CVE-2026-20181). Successful exploitation can lead to full system takeover.
CVE-2026-47103 Vulnerability in python-statemachine (CVE-2026-47103)
vulnerability in python-statemachine (CVE-2026-47103). Successful exploitation can lead to full system takeover. Exploitable via ``SCXMLProcessor``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-10641 Out-of-Bounds Write in c (CVE-2026-10641)
out-of-bounds write in c (CVE-2026-10641). Risk of unauthorized operations or information disclosure.
CVE-2026-54014 Path Traversal in open-webui (CVE-2026-54014)
path traversal in open-webui (CVE-2026-54014). Risk of unauthorized operations or information disclosure. Exploitable via `GET /cache/{{path}}`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54013 Cross-Site Scripting (XSS) in open-webui (CVE-2026-54013)
cross-site scripting in open-webui (CVE-2026-54013). Confidential information can be exposed externally. Exploitable via `GET /api/v1/models/model/profile/image`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-48788 Cross-Site Scripting (XSS) in github.com/umputun/remark42 (CVE-2026-48788)
cross-site scripting in github.com/umputun/remark42 (CVE-2026-48788). Confidential information can be exposed externally. Exploitable via ``http.DetectContentType``. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-48797 Vulnerability in backpropagate (CVE-2026-48797)
vulnerability in backpropagate (CVE-2026-48797). Risk of unauthorized operations or information disclosure. Exploitable via ``BACKPROPAGATE_UI_AUTH``. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-48055 Vulnerability in path-traversal (CVE-2026-48055)
vulnerability in path-traversal (CVE-2026-48055). Data can be tampered with by attackers.
CVE-2026-54303 Cross-Site Scripting (XSS) in n8n (CVE-2026-54303)
cross-site scripting in n8n (CVE-2026-54303). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-12425 Cross-Site Scripting (XSS) in powerschool (CVE-2026-12425)
cross-site scripting in powerschool (CVE-2026-12425). Risk of unauthorized operations or information disclosure.
CVE-2026-10303 Vulnerability in path-traversal (CVE-2026-10303)
vulnerability in path-traversal (CVE-2026-10303). Confidential information can be exposed externally.
CVE-2026-0160 Vulnerability in cpp (CVE-2026-0160)
vulnerability in cpp (CVE-2026-0160). Successful exploitation can lead to full system takeover.
CVE-2026-0147 Vulnerability in c (CVE-2026-0147)
vulnerability in c (CVE-2026-0147). Successful exploitation can lead to full system takeover.
CVE-2026-0148 Vulnerability in cpp (CVE-2026-0148)
vulnerability in cpp (CVE-2026-0148). Successful exploitation can lead to full system takeover.
CVE-2026-0146 Vulnerability in c (CVE-2026-0146)
vulnerability in c (CVE-2026-0146). Successful exploitation can lead to full system takeover.
CVE-2026-0154 Vulnerability in google (CVE-2026-0154)
vulnerability in google (CVE-2026-0154). Successful exploitation can lead to full system takeover.
CVE-2026-0149 Vulnerability in google (CVE-2026-0149)
vulnerability in google (CVE-2026-0149). Successful exploitation can lead to full system takeover.
CVE-2026-0151 Vulnerability in c (CVE-2026-0151)
vulnerability in c (CVE-2026-0151). Successful exploitation can lead to full system takeover.
CVE-2026-0162 Vulnerability in cpp (CVE-2026-0162)
vulnerability in cpp (CVE-2026-0162). Successful exploitation can lead to full system takeover.
CVE-2026-0164 Vulnerability in google (CVE-2026-0164)
vulnerability in google (CVE-2026-0164). Successful exploitation can lead to full system takeover.
CVE-2026-0144 Vulnerability in cpp (CVE-2026-0144)
vulnerability in cpp (CVE-2026-0144). Risk of unauthorized operations or information disclosure.
CVE-2026-0156 Vulnerability in cpp (CVE-2026-0156)
vulnerability in cpp (CVE-2026-0156). Risk of unauthorized operations or information disclosure.
CVE-2026-0127 Out-of-Bounds Read in cpp (CVE-2026-0127)
vulnerability in cpp (CVE-2026-0127). Risk of unauthorized operations or information disclosure.
CVE-2026-0136 Vulnerability in dos (CVE-2026-0136)
vulnerability in dos (CVE-2026-0136). Risk of unauthorized operations or information disclosure.
CVE-2026-0126 Out-of-Bounds Write in google (CVE-2026-0126)
out-of-bounds write in google (CVE-2026-0126). Successful exploitation can lead to full system takeover.
CVE-2026-0135 Out-of-Bounds Read in google (CVE-2026-0135)
vulnerability in google (CVE-2026-0135). Successful exploitation can lead to full system takeover.
CVE-2026-0132 Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
CVE-2026-0139 Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
CVE-2026-52846 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846). Risk of unauthorized operations or information disclosure. Exploitable via ``stripHTML``. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-53755 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
CVE-2026-53754 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
CVE-2026-50133 Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (CVE-2026-50133)
cross-site scripting in github.com/gohugoio/hugo (CVE-2026-50133). Risk of unauthorized operations or information disclosure. Exploitable via ``security.allowContent``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-53866 OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53865 Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53857 OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
CVE-2026-53854 Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53849 OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
CVE-2026-53855 OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
CVE-2026-53847 Vulnerability in openclaw (CVE-2026-53847)
vulnerability in openclaw (CVE-2026-53847). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-53846 Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53843 OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
CVE-2026-53841 Cross-Site Scripting (XSS) in openclaw (CVE-2026-53841)
cross-site scripting in openclaw (CVE-2026-53841). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-50656 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →