Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-0140 |
|
Out-of-Bounds Read in google (CVE-2026-0140)
vulnerability in google (CVE-2026-0140). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0128 |
|
Out-of-Bounds Read in google (CVE-2026-0128)
vulnerability in google (CVE-2026-0128). Confidential information can be exposed externally.
|
| CVE-2026-0130 |
|
Vulnerability in google (CVE-2026-0130)
vulnerability in google (CVE-2026-0130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0127 |
|
Out-of-Bounds Read in cpp (CVE-2026-0127)
vulnerability in cpp (CVE-2026-0127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0131 |
|
Out-of-Bounds Read in google (CVE-2026-0131)
vulnerability in google (CVE-2026-0131). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0142 |
|
Vulnerability in c (CVE-2026-0142)
vulnerability in c (CVE-2026-0142). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0132 |
|
Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0126 |
|
Out-of-Bounds Write in google (CVE-2026-0126)
out-of-bounds write in google (CVE-2026-0126). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0138 |
|
Vulnerability in c (CVE-2026-0138)
vulnerability in c (CVE-2026-0138). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0133 |
|
Vulnerability in c (CVE-2026-0133)
vulnerability in c (CVE-2026-0133). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0139 |
|
Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0129 |
|
Vulnerability in google (CVE-2026-0129)
vulnerability in google (CVE-2026-0129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0134 |
|
Vulnerability in cpp (CVE-2026-0134)
vulnerability in cpp (CVE-2026-0134). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54322 |
|
Vulnerability in github.com/daytonaio/daytona (CVE-2026-54322)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54322). Data can be tampered with by attackers. Mitigation: upgrade to `0.185.0` or later.
|
| CVE-2026-52846 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846). Risk of unauthorized operations or information disclosure. Exploitable via ``stripHTML``. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-52845 |
|
Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-52844 |
|
Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-50574 |
|
Vulnerability in yt-dlp (CVE-2026-50574)
vulnerability in yt-dlp (CVE-2026-50574). Successful exploitation can lead to full system takeover. Exploitable via ``title``. Mitigation: upgrade to `2026.6.9` or later.
|
| CVE-2026-54321 |
|
Vulnerability in github.com/daytonaio/daytona (CVE-2026-54321)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54321). Confidential information can be exposed externally. Mitigation: upgrade to `0.184.0` or later.
|
| CVE-2026-53622 |
|
Vulnerability in Traefik (CVE-2026-53622)
vulnerability in Traefik (CVE-2026-53622). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-53755 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
|
| CVE-2026-53754 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
|
| CVE-2026-50023 |
|
Vulnerability in yt-dlp (CVE-2026-50023)
vulnerability in yt-dlp (CVE-2026-50023). Successful exploitation can lead to full system takeover. Exploitable via ``master.m3u8``. Mitigation: upgrade to `2026.6.9` or later.
|
| CVE-2026-50019 |
|
Information Disclosure in yt-dlp (CVE-2026-50019)
vulnerability in yt-dlp (CVE-2026-50019). Confidential information can be exposed externally. Exploitable via ``curl``. Mitigation: upgrade to `2026.6.9` or later.
|
| CVE-2026-47747 |
|
Vulnerability in c (CVE-2026-47747)
vulnerability in c (CVE-2026-47747). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47750 |
|
Out-of-Bounds Write in c (CVE-2026-47750)
out-of-bounds write in c (CVE-2026-47750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54157 |
|
SSRF (Server-Side Request Forgery) in @lobehub/lobehub (CVE-2026-54157)
SSRF in @lobehub/lobehub (CVE-2026-54157). Confidential information can be exposed externally. Exploitable via `POST /webapi/proxy`. Mitigation: upgrade to `2.1.57` or later.
|
| CVE-2026-56266 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-53753 |
|
Code Injection in crawl4ai (CVE-2026-53753)
code injection in crawl4ai (CVE-2026-53753). Successful exploitation can lead to full system takeover. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-50135 |
|
Vulnerability in github.com/gohugoio/hugo (CVE-2026-50135)
vulnerability in github.com/gohugoio/hugo (CVE-2026-50135). Confidential information can be exposed externally. Exploitable via ``resources.Get``. Mitigation: upgrade to `0.162.0` or later.
|
| CVE-2026-50134 |
|
SSRF (Server-Side Request Forgery) in github.com/gohugoio/hugo (CVE-2026-50134)
SSRF in github.com/gohugoio/hugo (CVE-2026-50134). Risk of unauthorized operations or information disclosure. Exploitable via ``security.http.urls``. Mitigation: upgrade to `0.162.0` or later.
|
| CVE-2026-50133 |
|
Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (CVE-2026-50133)
cross-site scripting in github.com/gohugoio/hugo (CVE-2026-50133). Risk of unauthorized operations or information disclosure. Exploitable via ``security.allowContent``. Mitigation: upgrade to `0.162.0` or later.
|
| CVE-2026-53866 |
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
| CVE-2026-53865 |
|
Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53861 |
|
Vulnerability in openclaw (CVE-2026-53861)
vulnerability in openclaw (CVE-2026-53861). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53864 |
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
| CVE-2026-53856 |
|
Vulnerability in openclaw (CVE-2026-53856)
vulnerability in openclaw (CVE-2026-53856). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.24` or later.
|
| CVE-2026-53857 |
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
| CVE-2026-53858 |
|
Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53860 |
|
Authorization Flaw in openclaw (CVE-2026-53860)
vulnerability in openclaw (CVE-2026-53860). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.7` or later.
|
| CVE-2026-53859 |
|
Vulnerability in openclaw (CVE-2026-53859)
vulnerability in openclaw (CVE-2026-53859). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.26` or later.
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-53854 |
|
Authorization Flaw in openclaw (CVE-2026-53854)
vulnerability in openclaw (CVE-2026-53854). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53851 |
|
Vulnerability in openclaw (CVE-2026-53851)
vulnerability in openclaw (CVE-2026-53851). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-53850 |
|
Vulnerability in openclaw (CVE-2026-53850)
vulnerability in openclaw (CVE-2026-53850). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53853 |
|
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
|
| CVE-2026-53849 |
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
| CVE-2026-53842 |
|
Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53846 |
|
Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53848 |
|
OS Command Injection in openclaw (CVE-2026-53848)
OS command injection in openclaw (CVE-2026-53848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.26` or later.
|