Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2024-36333 Vulnerability in privilege-escalation (CVE-2024-36333)
vulnerability in privilege-escalation (CVE-2024-36333). Successful exploitation can lead to full system takeover.
CVE-2026-24662 Cross-Site Scripting (XSS) in jvn (CVE-2026-24662)
cross-site scripting in jvn (CVE-2026-24662). Risk of unauthorized operations or information disclosure.
CVE-2025-29944 Vulnerability in dos (CVE-2025-29944)
vulnerability in dos (CVE-2025-29944). Risk of unauthorized operations or information disclosure.
CVE-2025-48516 Vulnerability in dos (CVE-2025-48516)
vulnerability in dos (CVE-2025-48516). Risk of unauthorized operations or information disclosure.
CVE-2025-29938 Vulnerability in dos (CVE-2025-29938)
vulnerability in dos (CVE-2025-29938). Risk of unauthorized operations or information disclosure.
CVE-2025-54517 Out-of-Bounds Write in CVE-2025-54517 (CVE-2025-54517)
out-of-bounds write in CVE-2025-54517 (CVE-2025-54517). Risk of unauthorized operations or information disclosure.
CVE-2026-7373 Vulnerability in privilege-escalation (CVE-2026-7373)
vulnerability in privilege-escalation (CVE-2026-7373). Risk of unauthorized operations or information disclosure.
CVE-2025-29936 Vulnerability in privilege-escalation (CVE-2025-29936)
vulnerability in privilege-escalation (CVE-2025-29936). Risk of unauthorized operations or information disclosure.
CVE-2026-2652 Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
CVE-2024-36332 Vulnerability in dos (CVE-2024-36332)
vulnerability in dos (CVE-2024-36332). Risk of unauthorized operations or information disclosure.
CVE-2024-21962 Vulnerability in privilege-escalation (CVE-2024-21962)
vulnerability in privilege-escalation (CVE-2024-21962). Risk of unauthorized operations or information disclosure.
CVE-2026-0432 Vulnerability in privilege-escalation (CVE-2026-0432)
vulnerability in privilege-escalation (CVE-2026-0432). Risk of unauthorized operations or information disclosure.
CVE-2025-52540 Out-of-Bounds Write in privilege-escalation (CVE-2025-52540)
out-of-bounds write in privilege-escalation (CVE-2025-52540). Risk of unauthorized operations or information disclosure.
CVE-2025-0045 Vulnerability in dos (CVE-2025-0045)
vulnerability in dos (CVE-2025-0045). Risk of unauthorized operations or information disclosure.
CVE-2025-48519 Out-of-Bounds Write in privilege-escalation (CVE-2025-48519)
out-of-bounds write in privilege-escalation (CVE-2025-48519). Risk of unauthorized operations or information disclosure.
CVE-2025-48512 Vulnerability in privilege-escalation (CVE-2025-48512)
vulnerability in privilege-escalation (CVE-2025-48512). Risk of unauthorized operations or information disclosure.
CVE-2026-45248 Vulnerability in hedera (CVE-2026-45248)
vulnerability in hedera (CVE-2026-45248). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/demo/registered-users`.
CVE-2026-8629 Vulnerability in privilege-escalation (CVE-2026-8629)
vulnerability in privilege-escalation (CVE-2026-8629). Confidential information can be exposed externally.
CVE-2026-8557 Use-After-Free in privilege-escalation (CVE-2026-8557)
vulnerability in privilege-escalation (CVE-2026-8557). Successful exploitation can lead to full system takeover.
CVE-2026-8538 Vulnerability in dos (CVE-2026-8538)
vulnerability in dos (CVE-2026-8538). Risk of unauthorized operations or information disclosure.
CVE-2026-8547 Vulnerability in privilege-escalation (CVE-2026-8547)
vulnerability in privilege-escalation (CVE-2026-8547). Successful exploitation can lead to full system takeover.
CVE-2026-44661 SSRF (Server-Side Request Forgery) in utcp-http (CVE-2026-44661)
SSRF in utcp-http (CVE-2026-44661). Risk of unauthorized operations or information disclosure. Exploitable via ``tool_call_template.url``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-42847 SQL Injection in sqli (CVE-2026-42847)
SQL injection in sqli (CVE-2026-42847). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.5.3` or later.
CVE-2026-45366 SSRF (Server-Side Request Forgery) in @utcp/http (CVE-2026-45366)
SSRF in @utcp/http (CVE-2026-45366). Risk of unauthorized operations or information disclosure. Exploitable via ``toolCallTemplate.url``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-45288 Vulnerability in Marten (CVE-2026-45288)
vulnerability in Marten (CVE-2026-45288). Successful exploitation can lead to full system takeover. Exploitable via ``regConfig``. Mitigation: upgrade to `8.37.0` or later.
CVE-2026-45373 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45373)
SSRF in deepseek-tui (CVE-2026-45373). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.26` or later.
CVE-2026-45310 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45310)
SSRF in deepseek-tui (CVE-2026-45310). Confidential information can be exposed externally. Exploitable via ``fetch_url``. Mitigation: upgrade to `0.8.22` or later.
CVE-2026-42573 Cross-Site Scripting (XSS) in svelte (CVE-2026-42573)
cross-site scripting in svelte (CVE-2026-42573). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `5.55.7` or later.
CVE-2026-45665 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45665)
cross-site scripting in open-webui (CVE-2026-45665). Confidential information can be exposed externally. Exploitable via ``marked.parse``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-45400 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45400)
SSRF in open-webui (CVE-2026-45400). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45347 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45347)
SSRF in open-webui (CVE-2026-45347). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/utils/pdf`. Mitigation: upgrade to `0.5.11` or later.
CVE-2026-45346 Vulnerability in open-webui (CVE-2026-45346)
vulnerability in open-webui (CVE-2026-45346). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.31` or later.
CVE-2026-45338 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45338)
SSRF in open-webui (CVE-2026-45338). Confidential information can be exposed externally. Exploitable via ``picture``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45317 Vulnerability in open-webui (CVE-2026-45317)
vulnerability in open-webui (CVE-2026-45317). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.3` or later.
CVE-2026-45318 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45318)
cross-site scripting in open-webui (CVE-2026-45318). Risk of unauthorized operations or information disclosure. Exploitable via ``fileOfficeHtml``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-44638 Vulnerability in dos (CVE-2026-44638)
vulnerability in dos (CVE-2026-44638). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.7-r2` or later.
CVE-2026-43907 Vulnerability in cpp (CVE-2026-43907)
vulnerability in cpp (CVE-2026-43907). Data can be tampered with by attackers. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-45299 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45299)
cross-site scripting in open-webui (CVE-2026-45299). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/users/{user_id}/profile/image`. Mitigation: upgrade to `>= 0.8.0` or later.
CVE-2026-8621 Authentication Bypass in github.com/openclaw/crabbox (CVE-2026-8621)
authentication bypass in github.com/openclaw/crabbox (CVE-2026-8621). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.12.0` or later.
CVE-2026-44522 Vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44522)
vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44522). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/notes/{noteID}/assets`. Mitigation: upgrade to `0.0.0-20260501152243-db3f72bff780` or later.
CVE-2026-44586 Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
cross-site scripting in CVE-2026-44586 (CVE-2026-44586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-41315 OS Command Injection in midoks (CVE-2026-41315)
OS command injection in midoks (CVE-2026-41315). Successful exploitation can lead to full system takeover.
CVE-2026-44541 Cross-Site Scripting (XSS) in ethyca-fides (CVE-2026-44541)
cross-site scripting in ethyca-fides (CVE-2026-44541). Risk of unauthorized operations or information disclosure. Exploitable via ``fides.js``. Mitigation: upgrade to `2.84.5` or later.
CVE-2026-46470 Vulnerability in dos (CVE-2026-46470)
vulnerability in dos (CVE-2026-46470). Risk of unauthorized operations or information disclosure.
CVE-2026-46469 Vulnerability in dos (CVE-2026-46469)
vulnerability in dos (CVE-2026-46469). Risk of unauthorized operations or information disclosure.
CVE-2026-42897 KEV [KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
cross-site scripting in Microsoft exchange-server (CVE-2026-42897). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-45011 Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
CVE-2026-45012 SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
CVE-2026-44990 Cross-Site Scripting (XSS) in sanitize-html (CVE-2026-44990)
cross-site scripting in sanitize-html (CVE-2026-44990). Confidential information can be exposed externally. Exploitable via ``xmp``. Mitigation: upgrade to `2.17.4` or later.
CVE-2026-44973 Path Traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973)
path traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973). Confidential information can be exposed externally. Exploitable via ``osfs.ChrootOS``. Mitigation: upgrade to `5.9.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →