Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-0140 Out-of-Bounds Read in google (CVE-2026-0140)
vulnerability in google (CVE-2026-0140). Risk of unauthorized operations or information disclosure.
CVE-2026-0128 Out-of-Bounds Read in google (CVE-2026-0128)
vulnerability in google (CVE-2026-0128). Confidential information can be exposed externally.
CVE-2026-0130 Vulnerability in google (CVE-2026-0130)
vulnerability in google (CVE-2026-0130). Risk of unauthorized operations or information disclosure.
CVE-2026-0127 Out-of-Bounds Read in cpp (CVE-2026-0127)
vulnerability in cpp (CVE-2026-0127). Risk of unauthorized operations or information disclosure.
CVE-2026-0131 Out-of-Bounds Read in google (CVE-2026-0131)
vulnerability in google (CVE-2026-0131). Successful exploitation can lead to full system takeover.
CVE-2026-0142 Vulnerability in c (CVE-2026-0142)
vulnerability in c (CVE-2026-0142). Risk of unauthorized operations or information disclosure.
CVE-2026-0132 Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
CVE-2026-0126 Out-of-Bounds Write in google (CVE-2026-0126)
out-of-bounds write in google (CVE-2026-0126). Successful exploitation can lead to full system takeover.
CVE-2026-0138 Vulnerability in c (CVE-2026-0138)
vulnerability in c (CVE-2026-0138). Successful exploitation can lead to full system takeover.
CVE-2026-0133 Vulnerability in c (CVE-2026-0133)
vulnerability in c (CVE-2026-0133). Successful exploitation can lead to full system takeover.
CVE-2026-0139 Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
CVE-2026-0129 Vulnerability in google (CVE-2026-0129)
vulnerability in google (CVE-2026-0129). Risk of unauthorized operations or information disclosure.
CVE-2026-0134 Vulnerability in cpp (CVE-2026-0134)
vulnerability in cpp (CVE-2026-0134). Risk of unauthorized operations or information disclosure.
CVE-2026-54322 Vulnerability in github.com/daytonaio/daytona (CVE-2026-54322)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54322). Data can be tampered with by attackers. Mitigation: upgrade to `0.185.0` or later.
CVE-2026-52846 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846). Risk of unauthorized operations or information disclosure. Exploitable via ``stripHTML``. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-52845 Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-52844 Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-50574 Vulnerability in yt-dlp (CVE-2026-50574)
vulnerability in yt-dlp (CVE-2026-50574). Successful exploitation can lead to full system takeover. Exploitable via ``title``. Mitigation: upgrade to `2026.6.9` or later.
CVE-2026-54321 Vulnerability in github.com/daytonaio/daytona (CVE-2026-54321)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54321). Confidential information can be exposed externally. Mitigation: upgrade to `0.184.0` or later.
CVE-2026-53622 Vulnerability in Traefik (CVE-2026-53622)
vulnerability in Traefik (CVE-2026-53622). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-53755 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
CVE-2026-53754 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
CVE-2026-50023 Vulnerability in yt-dlp (CVE-2026-50023)
vulnerability in yt-dlp (CVE-2026-50023). Successful exploitation can lead to full system takeover. Exploitable via ``master.m3u8``. Mitigation: upgrade to `2026.6.9` or later.
CVE-2026-50019 Information Disclosure in yt-dlp (CVE-2026-50019)
vulnerability in yt-dlp (CVE-2026-50019). Confidential information can be exposed externally. Exploitable via ``curl``. Mitigation: upgrade to `2026.6.9` or later.
CVE-2026-47747 Vulnerability in c (CVE-2026-47747)
vulnerability in c (CVE-2026-47747). Successful exploitation can lead to full system takeover.
CVE-2026-47750 Out-of-Bounds Write in c (CVE-2026-47750)
out-of-bounds write in c (CVE-2026-47750). Successful exploitation can lead to full system takeover.
CVE-2026-54157 SSRF (Server-Side Request Forgery) in @lobehub/lobehub (CVE-2026-54157)
SSRF in @lobehub/lobehub (CVE-2026-54157). Confidential information can be exposed externally. Exploitable via `POST /webapi/proxy`. Mitigation: upgrade to `2.1.57` or later.
CVE-2026-56266 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-53753 Code Injection in crawl4ai (CVE-2026-53753)
code injection in crawl4ai (CVE-2026-53753). Successful exploitation can lead to full system takeover. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-50135 Vulnerability in github.com/gohugoio/hugo (CVE-2026-50135)
vulnerability in github.com/gohugoio/hugo (CVE-2026-50135). Confidential information can be exposed externally. Exploitable via ``resources.Get``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-50134 SSRF (Server-Side Request Forgery) in github.com/gohugoio/hugo (CVE-2026-50134)
SSRF in github.com/gohugoio/hugo (CVE-2026-50134). Risk of unauthorized operations or information disclosure. Exploitable via ``security.http.urls``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-50133 Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (CVE-2026-50133)
cross-site scripting in github.com/gohugoio/hugo (CVE-2026-50133). Risk of unauthorized operations or information disclosure. Exploitable via ``security.allowContent``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-53866 OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53865 Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53861 Vulnerability in openclaw (CVE-2026-53861)
vulnerability in openclaw (CVE-2026-53861). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53856 Vulnerability in openclaw (CVE-2026-53856)
vulnerability in openclaw (CVE-2026-53856). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.24` or later.
CVE-2026-53857 OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
CVE-2026-53858 Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53860 Authorization Flaw in openclaw (CVE-2026-53860)
vulnerability in openclaw (CVE-2026-53860). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.7` or later.
CVE-2026-53859 Vulnerability in openclaw (CVE-2026-53859)
vulnerability in openclaw (CVE-2026-53859). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.26` or later.
CVE-2026-53855 OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
CVE-2026-53854 Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53851 Vulnerability in openclaw (CVE-2026-53851)
vulnerability in openclaw (CVE-2026-53851). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53850 Vulnerability in openclaw (CVE-2026-53850)
vulnerability in openclaw (CVE-2026-53850). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53853 OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-53849 OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
CVE-2026-53842 Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53846 Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53848 OS Command Injection in openclaw (CVE-2026-53848)
OS command injection in openclaw (CVE-2026-53848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.26` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →