Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-35262 |
|
Vulnerability in c (CVE-2026-35262)
vulnerability in c (CVE-2026-35262). Confidential information can be exposed externally.
|
| CVE-2026-47774 |
|
Vulnerability in dos (CVE-2026-47774)
vulnerability in dos (CVE-2026-47774). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
|
| CVE-2026-28737 |
|
Cross-Site Scripting (XSS) in code.gitea.io/gitea (CVE-2026-28737)
cross-site scripting in code.gitea.io/gitea (CVE-2026-28737). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `1.26.0` or later.
|
| CVE-2026-54018 |
|
SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54018)
SSRF in open-webui (CVE-2026-54018). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-54017 |
|
Path Traversal in open-webui (CVE-2026-54017)
path traversal in open-webui (CVE-2026-54017). Confidential information can be exposed externally. Exploitable via `GET /api/v1/terminals/server1/..`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-9675 |
|
Vulnerability in undici (CVE-2026-9675)
vulnerability in undici (CVE-2026-9675). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-12151 |
|
Vulnerability in undici (CVE-2026-12151)
vulnerability in undici (CVE-2026-12151). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-20181 |
|
Path Traversal in Cisco dos (CVE-2026-20181)
path traversal in Cisco dos (CVE-2026-20181). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47103 |
|
Vulnerability in python-statemachine (CVE-2026-47103)
vulnerability in python-statemachine (CVE-2026-47103). Successful exploitation can lead to full system takeover. Exploitable via ``SCXMLProcessor``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-10641 |
|
Out-of-Bounds Write in c (CVE-2026-10641)
out-of-bounds write in c (CVE-2026-10641). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54014 |
|
Path Traversal in open-webui (CVE-2026-54014)
path traversal in open-webui (CVE-2026-54014). Risk of unauthorized operations or information disclosure. Exploitable via `GET /cache/{{path}}`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-54013 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-54013)
cross-site scripting in open-webui (CVE-2026-54013). Confidential information can be exposed externally. Exploitable via `GET /api/v1/models/model/profile/image`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-48788 |
|
Cross-Site Scripting (XSS) in github.com/umputun/remark42 (CVE-2026-48788)
cross-site scripting in github.com/umputun/remark42 (CVE-2026-48788). Confidential information can be exposed externally. Exploitable via ``http.DetectContentType``. Mitigation: upgrade to `1.16.0` or later.
|
| CVE-2026-48797 |
|
Vulnerability in backpropagate (CVE-2026-48797)
vulnerability in backpropagate (CVE-2026-48797). Risk of unauthorized operations or information disclosure. Exploitable via ``BACKPROPAGATE_UI_AUTH``. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-48055 |
|
Vulnerability in path-traversal (CVE-2026-48055)
vulnerability in path-traversal (CVE-2026-48055). Data can be tampered with by attackers.
|
| CVE-2026-54303 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54303)
cross-site scripting in n8n (CVE-2026-54303). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-12425 |
|
Cross-Site Scripting (XSS) in powerschool (CVE-2026-12425)
cross-site scripting in powerschool (CVE-2026-12425). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10303 |
|
Vulnerability in path-traversal (CVE-2026-10303)
vulnerability in path-traversal (CVE-2026-10303). Confidential information can be exposed externally.
|
| CVE-2026-0160 |
|
Vulnerability in cpp (CVE-2026-0160)
vulnerability in cpp (CVE-2026-0160). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0147 |
|
Vulnerability in c (CVE-2026-0147)
vulnerability in c (CVE-2026-0147). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0148 |
|
Vulnerability in cpp (CVE-2026-0148)
vulnerability in cpp (CVE-2026-0148). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0146 |
|
Vulnerability in c (CVE-2026-0146)
vulnerability in c (CVE-2026-0146). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0154 |
|
Vulnerability in google (CVE-2026-0154)
vulnerability in google (CVE-2026-0154). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0149 |
|
Vulnerability in google (CVE-2026-0149)
vulnerability in google (CVE-2026-0149). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0151 |
|
Vulnerability in c (CVE-2026-0151)
vulnerability in c (CVE-2026-0151). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0162 |
|
Vulnerability in cpp (CVE-2026-0162)
vulnerability in cpp (CVE-2026-0162). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0164 |
|
Vulnerability in google (CVE-2026-0164)
vulnerability in google (CVE-2026-0164). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0144 |
|
Vulnerability in cpp (CVE-2026-0144)
vulnerability in cpp (CVE-2026-0144). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0156 |
|
Vulnerability in cpp (CVE-2026-0156)
vulnerability in cpp (CVE-2026-0156). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0127 |
|
Out-of-Bounds Read in cpp (CVE-2026-0127)
vulnerability in cpp (CVE-2026-0127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0136 |
|
Vulnerability in dos (CVE-2026-0136)
vulnerability in dos (CVE-2026-0136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0126 |
|
Out-of-Bounds Write in google (CVE-2026-0126)
out-of-bounds write in google (CVE-2026-0126). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0135 |
|
Out-of-Bounds Read in google (CVE-2026-0135)
vulnerability in google (CVE-2026-0135). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0132 |
|
Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0139 |
|
Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52846 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846). Risk of unauthorized operations or information disclosure. Exploitable via ``stripHTML``. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-53755 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
|
| CVE-2026-53754 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
|
| CVE-2026-50133 |
|
Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (CVE-2026-50133)
cross-site scripting in github.com/gohugoio/hugo (CVE-2026-50133). Risk of unauthorized operations or information disclosure. Exploitable via ``security.allowContent``. Mitigation: upgrade to `0.162.0` or later.
|
| CVE-2026-53866 |
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
| CVE-2026-53865 |
|
Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53857 |
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
| CVE-2026-53854 |
|
Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53849 |
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-53847 |
|
Vulnerability in openclaw (CVE-2026-53847)
vulnerability in openclaw (CVE-2026-53847). Risk of unauthorized operations or information disclosure. Exploitable via ``operator.write``. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53846 |
|
Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53843 |
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
| CVE-2026-53841 |
|
Cross-Site Scripting (XSS) in openclaw (CVE-2026-53841)
cross-site scripting in openclaw (CVE-2026-53841). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-50656 |
|
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
|