Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48818 |
|
SSRF (Server-Side Request Forgery) in starlette (CVE-2026-48818)
SSRF in starlette (CVE-2026-48818). Confidential information can be exposed externally. Exploitable via ``StaticFiles``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-50880 |
|
Code Injection in CVE-2026-50880 (CVE-2026-50880)
code injection in CVE-2026-50880 (CVE-2026-50880). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50878 |
|
Vulnerability in dos (CVE-2026-50878)
vulnerability in dos (CVE-2026-50878). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50879 |
|
Vulnerability in dos (CVE-2026-50879)
vulnerability in dos (CVE-2026-50879). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50873 |
|
Unrestricted File Upload in CVE-2026-50873 (CVE-2026-50873)
vulnerability in CVE-2026-50873 (CVE-2026-50873). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50870 |
|
Information Disclosure in CVE-2026-50870 (CVE-2026-50870)
vulnerability in CVE-2026-50870 (CVE-2026-50870). Confidential information can be exposed externally.
|
| CVE-2026-49954 |
|
Vulnerability in path-traversal (CVE-2026-49954)
vulnerability in path-traversal (CVE-2026-49954). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50869 |
|
Path Traversal in path-traversal (CVE-2026-50869)
path traversal in path-traversal (CVE-2026-50869). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50871 |
|
Code Injection in CVE-2026-50871 (CVE-2026-50871)
code injection in CVE-2026-50871 (CVE-2026-50871). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50872 |
|
Code Injection in CVE-2026-50872 (CVE-2026-50872)
code injection in CVE-2026-50872 (CVE-2026-50872). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48114 |
|
SQL Injection in sqli (CVE-2026-48114)
SQL injection in sqli (CVE-2026-48114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38812 |
|
SQL Injection in sqli (CVE-2026-38812)
SQL injection in sqli (CVE-2026-38812). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39196 |
|
SQL Injection in sqli (CVE-2026-39196)
SQL injection in sqli (CVE-2026-39196). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39006 |
|
Vulnerability in CVE-2026-39006 (CVE-2026-39006)
vulnerability in CVE-2026-39006 (CVE-2026-39006). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38329 |
|
Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
|
| CVE-2026-39197 |
|
Vulnerability in dos (CVE-2026-39197)
vulnerability in dos (CVE-2026-39197). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41708 |
|
Vulnerability in dos (CVE-2026-41708)
vulnerability in dos (CVE-2026-41708). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39007 |
|
Information Disclosure in CVE-2026-39007 (CVE-2026-39007)
vulnerability in CVE-2026-39007 (CVE-2026-39007). Confidential information can be exposed externally.
|
| CVE-2026-39118 |
|
Privilege Escalation in CVE-2026-39118 (CVE-2026-39118)
vulnerability in CVE-2026-39118 (CVE-2026-39118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36670 |
|
SQL Injection in sqli (CVE-2026-36670)
SQL injection in sqli (CVE-2026-36670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38065 |
|
OS Command Injection in CVE-2026-38065 (CVE-2026-38065)
OS command injection in CVE-2026-38065 (CVE-2026-38065). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38064 |
|
OS Command Injection in CVE-2026-38064 (CVE-2026-38064)
OS command injection in CVE-2026-38064 (CVE-2026-38064). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38063 |
|
OS Command Injection in CVE-2026-38063 (CVE-2026-38063)
OS command injection in CVE-2026-38063 (CVE-2026-38063). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38062 |
|
OS Command Injection in CVE-2026-38062 (CVE-2026-38062)
OS command injection in CVE-2026-38062 (CVE-2026-38062). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38061 |
|
OS Command Injection in CVE-2026-38061 (CVE-2026-38061)
OS command injection in CVE-2026-38061 (CVE-2026-38061). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38060 |
|
OS Command Injection in CVE-2026-38060 (CVE-2026-38060)
OS command injection in CVE-2026-38060 (CVE-2026-38060). Successful exploitation can lead to full system takeover.
|
| CVE-2026-37216 |
|
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
|
| CVE-2026-36933 |
|
Vulnerability in CVE-2026-36933 (CVE-2026-36933)
vulnerability in CVE-2026-36933 (CVE-2026-36933). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30120 |
|
Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
|
| CVE-2026-36213 |
|
Privilege Escalation in CVE-2026-36213 (CVE-2026-36213)
vulnerability in CVE-2026-36213 (CVE-2026-36213). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30121 |
|
Remotion: arbitrary file write vulnerability
Remotion: arbitrary file write vulnerability
|
| CVE-2026-36537 |
|
Vulnerability in CVE-2026-36537 (CVE-2026-36537)
vulnerability in CVE-2026-36537 (CVE-2026-36537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36521 |
|
Cross-Site Scripting (XSS) in CVE-2026-36521 (CVE-2026-36521)
cross-site scripting in CVE-2026-36521 (CVE-2026-36521). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55650 |
|
Use-After-Free in c (CVE-2025-55650)
vulnerability in c (CVE-2025-55650). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56814 |
|
Command Injection in CVE-2025-56814 (CVE-2025-56814)
command injection in CVE-2025-56814 (CVE-2025-56814). Successful exploitation can lead to full system takeover.
|
| CVE-2025-55661 |
|
Vulnerability in dos (CVE-2025-55661)
vulnerability in dos (CVE-2025-55661). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55652 |
|
Vulnerability in c (CVE-2025-55652)
vulnerability in c (CVE-2025-55652). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55663 |
|
Vulnerability in c (CVE-2025-55663)
vulnerability in c (CVE-2025-55663). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70102 |
|
Vulnerability in c (CVE-2025-70102)
vulnerability in c (CVE-2025-70102). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55660 |
|
Vulnerability in c (CVE-2025-55660)
vulnerability in c (CVE-2025-55660). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55644 |
|
Use-After-Free in c (CVE-2025-55644)
vulnerability in c (CVE-2025-55644). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55647 |
|
Vulnerability in c (CVE-2025-55647)
vulnerability in c (CVE-2025-55647). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55648 |
|
Vulnerability in c (CVE-2025-55648)
vulnerability in c (CVE-2025-55648). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55645 |
|
Vulnerability in c (CVE-2025-55645)
vulnerability in c (CVE-2025-55645). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55643 |
|
Vulnerability in c (CVE-2025-55643)
vulnerability in c (CVE-2025-55643). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55649 |
|
Vulnerability in c (CVE-2025-55649)
vulnerability in c (CVE-2025-55649). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55641 |
|
Vulnerability in c (CVE-2025-55641)
vulnerability in c (CVE-2025-55641). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48817 |
|
Vulnerability in starlette (CVE-2026-48817)
vulnerability in starlette (CVE-2026-48817). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTPEndpoint``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-54271 |
|
Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
|
| CVE-2026-54270 |
|
Vulnerability in protobufjs (CVE-2026-54270)
vulnerability in protobufjs (CVE-2026-54270). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader``. Mitigation: upgrade to `8.5.0` or later.
|