Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-40368 |
|
Unsafe Deserialization in deserialization (CVE-2026-40368)
vulnerability in deserialization (CVE-2026-40368). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40357 |
|
Unsafe Deserialization in deserialization (CVE-2026-40357)
vulnerability in deserialization (CVE-2026-40357). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40365 |
|
Vulnerability in microsoft (CVE-2026-40365)
vulnerability in microsoft (CVE-2026-40365). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33110 |
|
Unsafe Deserialization in deserialization (CVE-2026-33110)
vulnerability in deserialization (CVE-2026-33110). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33112 |
|
Unsafe Deserialization in deserialization (CVE-2026-33112)
vulnerability in deserialization (CVE-2026-33112). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31237 |
|
Unsafe Deserialization in ludwig (CVE-2026-31237)
vulnerability in ludwig (CVE-2026-31237). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31238 |
|
Unsafe Deserialization in ludwig (CVE-2026-31238)
vulnerability in ludwig (CVE-2026-31238). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31235 |
|
Unsafe Deserialization in imgaug (CVE-2026-31235)
vulnerability in imgaug (CVE-2026-31235). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31239 |
|
Unsafe Deserialization in mamba-ssm (CVE-2026-31239)
vulnerability in mamba-ssm (CVE-2026-31239). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31243 |
|
Vulnerability in dos (CVE-2026-31243)
vulnerability in dos (CVE-2026-31243). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /memories`.
|
| CVE-2026-31242 |
|
Vulnerability in dos (CVE-2026-31242)
vulnerability in dos (CVE-2026-31242). Data can be tampered with by attackers. Exploitable via `DELETE /memories`.
|
| CVE-2026-31241 |
|
Vulnerability in mem0ai (CVE-2026-31241)
vulnerability in mem0ai (CVE-2026-31241). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /memories`.
|
| CVE-2026-31244 |
|
Vulnerability in dos (CVE-2026-31244)
vulnerability in dos (CVE-2026-31244). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /memories/{memory_id}`.
|
| CVE-2026-31231 |
|
Code Injection in CVE-2026-31231 (CVE-2026-31231)
code injection in CVE-2026-31231 (CVE-2026-31231). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31229 |
|
Unsafe Deserialization in deserialization (CVE-2026-31229)
vulnerability in deserialization (CVE-2026-31229). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31234 |
|
Unsafe Deserialization in horovod (CVE-2026-31234)
vulnerability in horovod (CVE-2026-31234). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31232 |
|
Unsafe Deserialization in deserialization (CVE-2026-31232)
vulnerability in deserialization (CVE-2026-31232). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31233 |
|
Code Injection in guardrails-ai (CVE-2026-31233)
code injection in guardrails-ai (CVE-2026-31233). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53681 |
|
SQL Injection in sqli (CVE-2025-53681)
SQL injection in sqli (CVE-2025-53681). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25088 |
|
SQL Injection in sqli (CVE-2026-25088)
SQL injection in sqli (CVE-2026-25088). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44196 |
|
Authentication Bypass in CVE-2026-44196 (CVE-2026-44196)
authentication bypass in CVE-2026-44196 (CVE-2026-44196). Confidential information can be exposed externally. Mitigation: upgrade to `1.16.3` or later.
|
| CVE-2026-44204 |
|
Vulnerability in sqli (CVE-2026-44204)
vulnerability in sqli (CVE-2026-44204). Confidential information can be exposed externally. Mitigation: upgrade to `1.20.1` or later.
|
| CVE-2026-43892 |
|
Cross-Site Scripting (XSS) in CVE-2026-43892 (CVE-2026-43892)
cross-site scripting in CVE-2026-43892 (CVE-2026-43892). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.16` or later.
|
| CVE-2026-43929 |
|
Vulnerability in ssrfcheck (CVE-2026-43929)
vulnerability in ssrfcheck (CVE-2026-43929). Confidential information can be exposed externally. Exploitable via ``ssrfcheck``.
|
| CVE-2026-42175 |
|
SSRF (Server-Side Request Forgery) in requests-hardened (CVE-2026-42175)
SSRF in requests-hardened (CVE-2026-42175). Confidential information can be exposed externally. Mitigation: upgrade to `1.2.1` or later.
|
| CVE-2026-42048 |
|
Path Traversal in langflow (CVE-2026-42048)
path traversal in langflow (CVE-2026-42048). Data can be tampered with by attackers. Exploitable via `DELETE /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-41612 |
|
Path Traversal in path-traversal (CVE-2026-41612)
path traversal in path-traversal (CVE-2026-41612). Confidential information can be exposed externally.
|
| CVE-2026-42141 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-42141)
SSRF in ssrf (CVE-2026-42141). Confidential information can be exposed externally. Mitigation: upgrade to `4.4.1` or later.
|
| CVE-2026-42045 |
|
Cross-Site Scripting (XSS) in @lobehub/lobehub (CVE-2026-42045)
cross-site scripting in @lobehub/lobehub (CVE-2026-42045). Confidential information can be exposed externally. Exploitable via ``runCommand``.
|
| CVE-2026-41610 |
|
Vulnerability in microsoft (CVE-2026-41610)
vulnerability in microsoft (CVE-2026-41610). Confidential information can be exposed externally.
|
| CVE-2026-41611 |
|
Command Injection in microsoft (CVE-2026-41611)
command injection in microsoft (CVE-2026-41611). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43993 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-43993)
SSRF in ssrf (CVE-2026-43993). Confidential information can be exposed externally. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-20887 |
|
Vulnerability in dos (CVE-2026-20887)
vulnerability in dos (CVE-2026-20887). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20914 |
|
Vulnerability in dos (CVE-2026-20914)
vulnerability in dos (CVE-2026-20914). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20905 |
|
Vulnerability in dos (CVE-2026-20905)
vulnerability in dos (CVE-2026-20905). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20881 |
|
Vulnerability in dos (CVE-2026-20881)
vulnerability in dos (CVE-2026-20881). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20879 |
|
Out-of-Bounds Write in dos (CVE-2026-20879)
out-of-bounds write in dos (CVE-2026-20879). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20793 |
|
Vulnerability in dos (CVE-2026-20793)
vulnerability in dos (CVE-2026-20793). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20782 |
|
Vulnerability in dos (CVE-2026-20782)
vulnerability in dos (CVE-2026-20782). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20771 |
|
Vulnerability in dos (CVE-2026-20771)
vulnerability in dos (CVE-2026-20771). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20754 |
|
Vulnerability in dos (CVE-2026-20754)
vulnerability in dos (CVE-2026-20754). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20751 |
|
Out-of-Bounds Read in dos (CVE-2026-20751)
vulnerability in dos (CVE-2026-20751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20717 |
|
Vulnerability in dos (CVE-2026-20717)
vulnerability in dos (CVE-2026-20717). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36510 |
|
Buffer Overflow in dos (CVE-2025-36510)
vulnerability in dos (CVE-2025-36510). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-27723 |
|
Use-After-Free in dos (CVE-2025-27723)
vulnerability in dos (CVE-2025-27723). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43512 |
|
Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
|
| CVE-2026-31225 |
|
Code Injection in superduper-framework (CVE-2026-31225)
code injection in superduper-framework (CVE-2026-31225). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31226 |
|
OS Command Injection in CVE-2026-31226 (CVE-2026-31226)
OS command injection in CVE-2026-31226 (CVE-2026-31226). Successful exploitation can lead to full system takeover.
|
| CVE-2026-31228 |
|
Code Injection in CVE-2026-31228 (CVE-2026-31228)
code injection in CVE-2026-31228 (CVE-2026-31228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34187 |
|
SQL Injection in sqli (CVE-2026-34187)
SQL injection in sqli (CVE-2026-34187). Successful exploitation can lead to full system takeover.
|