Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-20706 |
|
Vulnerability in code.gitea.io/gitea (CVE-2026-20706)
vulnerability in code.gitea.io/gitea (CVE-2026-20706). Confidential information can be exposed externally. Exploitable via `GET /{owner}/{private-repo}/archive/main.tar.gz`. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-27783 |
|
Vulnerability in code.gitea.io/gitea (CVE-2026-27783)
vulnerability in code.gitea.io/gitea (CVE-2026-27783). Risk of unauthorized operations or information disclosure. Exploitable via `GET /repos/{owner}/{repo}/issue_templates`. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-25714 |
|
Vulnerability in code.gitea.io/gitea (CVE-2026-25714)
vulnerability in code.gitea.io/gitea (CVE-2026-25714). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-26231 |
|
Authorization Flaw in code.gitea.io/gitea (CVE-2026-26231)
vulnerability in code.gitea.io/gitea (CVE-2026-26231). Data can be tampered with by attackers. Exploitable via ``Read``. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-28699 |
|
Vulnerability in code.gitea.io/gitea (CVE-2026-28699)
vulnerability in code.gitea.io/gitea (CVE-2026-28699). Confidential information can be exposed externally. Exploitable via `PATCH /api/v1/user/settings`. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-52797 |
|
Path Traversal in gogs.io/gogs (CVE-2026-52797)
path traversal in gogs.io/gogs (CVE-2026-52797). Risk of unauthorized operations or information disclosure. Exploitable via ``treePath``. Mitigation: upgrade to `0.14.0` or later.
|
| CVE-2026-49980 |
|
Vulnerability in github.com/rclone/rclone (CVE-2026-49980)
vulnerability in github.com/rclone/rclone (CVE-2026-49980). Successful exploitation can lead to full system takeover. Exploitable via ``GET``. Mitigation: upgrade to `1.74.3` or later.
|
| CVE-2026-49468 |
|
Vulnerability in litellm (CVE-2026-49468)
vulnerability in litellm (CVE-2026-49468). Successful exploitation can lead to full system takeover. Exploitable via ``request.url.path``. Mitigation: upgrade to `1.84.0` or later.
|
| CVE-2026-28744 |
|
Authorization Flaw in code.gitea.io/gitea (CVE-2026-28744)
vulnerability in code.gitea.io/gitea (CVE-2026-28744). Confidential information can be exposed externally. Exploitable via ``ctx.IsBasicAuth``. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-54304 |
|
Information Disclosure in n8n (CVE-2026-54304)
vulnerability in n8n (CVE-2026-54304). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54309 |
|
Vulnerability in n8n (CVE-2026-54309)
vulnerability in n8n (CVE-2026-54309). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54305 |
|
Information Disclosure in n8n (CVE-2026-54305)
vulnerability in n8n (CVE-2026-54305). Confidential information can be exposed externally. Exploitable via ``N8N_ENV_FEAT_DYNAMIC_CREDENTIALS``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54307 |
|
Authorization Flaw in n8n (CVE-2026-54307)
vulnerability in n8n (CVE-2026-54307). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54302 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54302)
cross-site scripting in n8n (CVE-2026-54302). Risk of unauthorized operations or information disclosure. Exploitable via ``webhookId``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54303 |
|
Cross-Site Scripting (XSS) in n8n (CVE-2026-54303)
cross-site scripting in n8n (CVE-2026-54303). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-54312 |
|
Vulnerability in n8n (CVE-2026-54312)
vulnerability in n8n (CVE-2026-54312). Risk of unauthorized operations or information disclosure. Exploitable via ``Object.prototype``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-11890 |
|
Vulnerability in devolutions (CVE-2026-11890)
vulnerability in devolutions (CVE-2026-11890). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0147 |
|
Vulnerability in c (CVE-2026-0147)
vulnerability in c (CVE-2026-0147). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0146 |
|
Vulnerability in c (CVE-2026-0146)
vulnerability in c (CVE-2026-0146). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0149 |
|
Vulnerability in google (CVE-2026-0149)
vulnerability in google (CVE-2026-0149). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0153 |
|
Out-of-Bounds Write in google (CVE-2026-0153)
out-of-bounds write in google (CVE-2026-0153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0164 |
|
Vulnerability in google (CVE-2026-0164)
vulnerability in google (CVE-2026-0164). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0156 |
|
Vulnerability in cpp (CVE-2026-0156)
vulnerability in cpp (CVE-2026-0156). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12105 |
|
Vulnerability in devolutions (CVE-2026-12105)
vulnerability in devolutions (CVE-2026-12105). Confidential information can be exposed externally.
|
| CVE-2026-0158 |
|
Vulnerability in google (CVE-2026-0158)
vulnerability in google (CVE-2026-0158). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0145 |
|
Vulnerability in google (CVE-2026-0145)
vulnerability in google (CVE-2026-0145). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0152 |
|
Buffer Overflow in c (CVE-2026-0152)
vulnerability in c (CVE-2026-0152). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12117 |
|
Information Disclosure in devolutions (CVE-2026-12117)
vulnerability in devolutions (CVE-2026-12117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0160 |
|
Vulnerability in cpp (CVE-2026-0160)
vulnerability in cpp (CVE-2026-0160). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0144 |
|
Vulnerability in cpp (CVE-2026-0144)
vulnerability in cpp (CVE-2026-0144). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0154 |
|
Vulnerability in google (CVE-2026-0154)
vulnerability in google (CVE-2026-0154). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22312 |
|
Vulnerability in CVE-2026-22312 (CVE-2026-22312)
vulnerability in CVE-2026-22312 (CVE-2026-22312). Data can be tampered with by attackers.
|
| CVE-2026-10303 |
|
Vulnerability in path-traversal (CVE-2026-10303)
vulnerability in path-traversal (CVE-2026-10303). Confidential information can be exposed externally.
|
| CVE-2026-0162 |
|
Vulnerability in cpp (CVE-2026-0162)
vulnerability in cpp (CVE-2026-0162). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0143 |
|
Use-After-Free in c (CVE-2026-0143)
vulnerability in c (CVE-2026-0143). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46448 |
|
Vulnerability in nova (CVE-2026-46448)
vulnerability in nova (CVE-2026-46448). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22313 |
|
OS Command Injection in CVE-2026-22313 (CVE-2026-22313)
OS command injection in CVE-2026-22313 (CVE-2026-22313). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0161 |
|
Vulnerability in cpp (CVE-2026-0161)
vulnerability in cpp (CVE-2026-0161). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0151 |
|
Vulnerability in c (CVE-2026-0151)
vulnerability in c (CVE-2026-0151). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0148 |
|
Vulnerability in cpp (CVE-2026-0148)
vulnerability in cpp (CVE-2026-0148). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0150 |
|
Vulnerability in google (CVE-2026-0150)
vulnerability in google (CVE-2026-0150). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0165 |
|
Vulnerability in google (CVE-2026-0165)
vulnerability in google (CVE-2026-0165). Confidential information can be exposed externally.
|
| CVE-2026-0157 |
|
Vulnerability in google (CVE-2026-0157)
vulnerability in google (CVE-2026-0157). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0155 |
|
Vulnerability in google (CVE-2026-0155)
vulnerability in google (CVE-2026-0155). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12425 |
|
Cross-Site Scripting (XSS) in powerschool (CVE-2026-12425)
cross-site scripting in powerschool (CVE-2026-12425). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0137 |
|
Use-After-Free in c (CVE-2026-0137)
vulnerability in c (CVE-2026-0137). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0125 |
|
Use-After-Free in c (CVE-2026-0125)
vulnerability in c (CVE-2026-0125). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0141 |
|
Vulnerability in cpp (CVE-2026-0141)
vulnerability in cpp (CVE-2026-0141). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0136 |
|
Vulnerability in dos (CVE-2026-0136)
vulnerability in dos (CVE-2026-0136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0135 |
|
Out-of-Bounds Read in google (CVE-2026-0135)
vulnerability in google (CVE-2026-0135). Successful exploitation can lead to full system takeover.
|