Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48775 |
|
Unsafe Deserialization in langgraph-checkpoint (CVE-2026-48775)
vulnerability in langgraph-checkpoint (CVE-2026-48775). Successful exploitation can lead to full system takeover. Exploitable via ``JsonPlusSerializer``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-47749 |
|
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to...
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
|
| CVE-2026-48746 |
|
Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-48519 |
|
Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-42867 |
|
Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-24228 |
|
Unsafe Deserialization in deserialization (CVE-2026-24228)
vulnerability in deserialization (CVE-2026-24228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10649 |
|
Vulnerability in dos (CVE-2026-10649)
vulnerability in dos (CVE-2026-10649). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-30476 |
|
Cross-Site Scripting (XSS) in CVE-2024-30476 (CVE-2024-30476)
cross-site scripting in CVE-2024-30476 (CVE-2024-30476). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-24909 |
|
Command Injection in CVE-2024-24909 (CVE-2024-24909)
command injection in CVE-2024-24909 (CVE-2024-24909). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12398 |
|
OS Command Injection in galaxy-ng (CVE-2026-12398)
OS command injection in galaxy-ng (CVE-2026-12398). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13036 |
|
Vulnerability in cisa (CVE-2025-13036)
vulnerability in cisa (CVE-2025-13036). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11317 |
|
Vulnerability in dos (CVE-2026-11317)
vulnerability in dos (CVE-2026-11317). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10638 |
|
Use-After-Free in c (CVE-2026-10638)
vulnerability in c (CVE-2026-10638). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10639 |
|
Use-After-Free in c (CVE-2026-10639)
vulnerability in c (CVE-2026-10639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10640 |
|
Use-After-Free in c (CVE-2026-10640)
vulnerability in c (CVE-2026-10640). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10636 |
|
Use-After-Free in c (CVE-2026-10636)
vulnerability in c (CVE-2026-10636). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10637 |
|
Use-After-Free in c (CVE-2026-10637)
vulnerability in c (CVE-2026-10637). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54293 |
|
Path Traversal in nltk (CVE-2026-54293)
path traversal in nltk (CVE-2026-54293). Confidential information can be exposed externally.
|
| CVE-2026-50146 |
|
Vulnerability in astro (CVE-2026-50146)
vulnerability in astro (CVE-2026-50146). Data can be tampered with by attackers. Exploitable via ``astro.config.mjs``. Mitigation: upgrade to `6.3.3` or later.
|
| CVE-2026-12289 |
|
Privilege Escalation in privilege-escalation (CVE-2026-12289)
vulnerability in privilege-escalation (CVE-2026-12289). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10829 |
|
Vulnerability in CVE-2026-10829 (CVE-2026-10829)
vulnerability in CVE-2026-10829 (CVE-2026-10829). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12225 |
|
Vulnerability in CVE-2026-12225 (CVE-2026-12225)
vulnerability in CVE-2026-12225 (CVE-2026-12225). Risk of unauthorized operations or information disclosure. Exploitable via `User-Agent header`.
|
| CVE-2026-8484 |
|
Vulnerability in dos (CVE-2026-8484)
vulnerability in dos (CVE-2026-8484). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8442 |
|
Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
|
| CVE-2026-54191 |
|
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions.
|
| CVE-2026-54198 |
|
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions.
|
| CVE-2026-8176 |
|
Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52715 |
|
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
Unauthenticated SQL Injection in GEO my WordPress <= 4.5.5 versions.
|
| CVE-2026-39574 |
|
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
Unauthenticated SQL Injection in InPost Gallery <= 2.1.4.6 versions.
|
| CVE-2026-39581 |
|
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
Subscriber SQL Injection in WP Sessions Time Monitoring Full Automatic <= 1.1.4 versions.
|
| CVE-2026-49772 |
|
SQL Injection in sqli (CVE-2026-49772)
SQL injection in sqli (CVE-2026-49772). Confidential information can be exposed externally.
|
| CVE-2026-52712 |
|
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.
|
| CVE-2026-39437 |
|
Cross-Site Scripting (XSS) in CVE-2026-39437 (CVE-2026-39437)
cross-site scripting in CVE-2026-39437 (CVE-2026-39437). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10093 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-10093)
cross-site scripting in wordpress (CVE-2026-10093). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9912 |
|
Privilege Escalation in privilege-escalation (CVE-2025-9912)
vulnerability in privilege-escalation (CVE-2025-9912). Data can be tampered with by attackers.
|
| CVE-2026-8444 |
|
SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5667 |
|
Vulnerability in jvn (CVE-2026-5667)
vulnerability in jvn (CVE-2026-5667). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10262 |
|
Vulnerability in privilege-escalation (CVE-2025-10262)
vulnerability in privilege-escalation (CVE-2025-10262). Data can be tampered with by attackers.
|
| CVE-2026-8443 |
|
SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6933 |
|
Unrestricted File Upload in wordpress (CVE-2026-6933)
vulnerability in wordpress (CVE-2026-6933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10635 |
|
Use-After-Free in c (CVE-2026-10635)
vulnerability in c (CVE-2026-10635). Data can be tampered with by attackers.
|
| CVE-2026-1765 |
|
Out-of-Bounds Read in dos (CVE-2026-1765)
vulnerability in dos (CVE-2026-1765). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1766 |
|
Vulnerability in dos (CVE-2026-1766)
vulnerability in dos (CVE-2026-1766). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1767 |
|
Vulnerability in dos (CVE-2026-1767)
vulnerability in dos (CVE-2026-1767). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1764 |
|
Out-of-Bounds Read in dos (CVE-2026-1764)
vulnerability in dos (CVE-2026-1764). Risk of unauthorized operations or information disclosure. Exploitable via ``extract_performers_tags``.
|
| CVE-2026-53430 |
|
Vulnerability in dos (CVE-2026-53430)
vulnerability in dos (CVE-2026-53430). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48853 |
|
Unsafe Deserialization in deserialization (CVE-2026-48853)
vulnerability in deserialization (CVE-2026-48853). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5064 |
|
Vulnerability in dos (CVE-2026-5064)
vulnerability in dos (CVE-2026-5064). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49773 |
|
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.
|
| CVE-2026-52702 |
|
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.
|