Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-48818 SSRF (Server-Side Request Forgery) in starlette (CVE-2026-48818)
SSRF in starlette (CVE-2026-48818). Confidential information can be exposed externally. Exploitable via ``StaticFiles``. Mitigation: upgrade to `1.1.0` or later.
CVE-2026-50880 Code Injection in CVE-2026-50880 (CVE-2026-50880)
code injection in CVE-2026-50880 (CVE-2026-50880). Successful exploitation can lead to full system takeover.
CVE-2026-50878 Vulnerability in dos (CVE-2026-50878)
vulnerability in dos (CVE-2026-50878). Risk of unauthorized operations or information disclosure.
CVE-2026-50879 Vulnerability in dos (CVE-2026-50879)
vulnerability in dos (CVE-2026-50879). Risk of unauthorized operations or information disclosure.
CVE-2026-50873 Unrestricted File Upload in CVE-2026-50873 (CVE-2026-50873)
vulnerability in CVE-2026-50873 (CVE-2026-50873). Successful exploitation can lead to full system takeover.
CVE-2026-50870 Information Disclosure in CVE-2026-50870 (CVE-2026-50870)
vulnerability in CVE-2026-50870 (CVE-2026-50870). Confidential information can be exposed externally.
CVE-2026-49954 Vulnerability in path-traversal (CVE-2026-49954)
vulnerability in path-traversal (CVE-2026-49954). Successful exploitation can lead to full system takeover.
CVE-2026-50869 Path Traversal in path-traversal (CVE-2026-50869)
path traversal in path-traversal (CVE-2026-50869). Successful exploitation can lead to full system takeover.
CVE-2026-50871 Code Injection in CVE-2026-50871 (CVE-2026-50871)
code injection in CVE-2026-50871 (CVE-2026-50871). Successful exploitation can lead to full system takeover.
CVE-2026-50872 Code Injection in CVE-2026-50872 (CVE-2026-50872)
code injection in CVE-2026-50872 (CVE-2026-50872). Successful exploitation can lead to full system takeover.
CVE-2026-48114 SQL Injection in sqli (CVE-2026-48114)
SQL injection in sqli (CVE-2026-48114). Successful exploitation can lead to full system takeover.
CVE-2026-38812 SQL Injection in sqli (CVE-2026-38812)
SQL injection in sqli (CVE-2026-38812). Successful exploitation can lead to full system takeover.
CVE-2026-39196 SQL Injection in sqli (CVE-2026-39196)
SQL injection in sqli (CVE-2026-39196). Successful exploitation can lead to full system takeover.
CVE-2026-39006 Vulnerability in CVE-2026-39006 (CVE-2026-39006)
vulnerability in CVE-2026-39006 (CVE-2026-39006). Successful exploitation can lead to full system takeover.
CVE-2026-38329 Vulnerability in CVE-2026-38329 (CVE-2026-38329)
vulnerability in CVE-2026-38329 (CVE-2026-38329). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/files/{key}`.
CVE-2026-39197 Vulnerability in dos (CVE-2026-39197)
vulnerability in dos (CVE-2026-39197). Risk of unauthorized operations or information disclosure.
CVE-2026-41708 Vulnerability in dos (CVE-2026-41708)
vulnerability in dos (CVE-2026-41708). Risk of unauthorized operations or information disclosure.
CVE-2026-39007 Information Disclosure in CVE-2026-39007 (CVE-2026-39007)
vulnerability in CVE-2026-39007 (CVE-2026-39007). Confidential information can be exposed externally.
CVE-2026-39118 Privilege Escalation in CVE-2026-39118 (CVE-2026-39118)
vulnerability in CVE-2026-39118 (CVE-2026-39118). Successful exploitation can lead to full system takeover.
CVE-2026-36670 SQL Injection in sqli (CVE-2026-36670)
SQL injection in sqli (CVE-2026-36670). Successful exploitation can lead to full system takeover.
CVE-2026-38065 OS Command Injection in CVE-2026-38065 (CVE-2026-38065)
OS command injection in CVE-2026-38065 (CVE-2026-38065). Successful exploitation can lead to full system takeover.
CVE-2026-38064 OS Command Injection in CVE-2026-38064 (CVE-2026-38064)
OS command injection in CVE-2026-38064 (CVE-2026-38064). Successful exploitation can lead to full system takeover.
CVE-2026-38063 OS Command Injection in CVE-2026-38063 (CVE-2026-38063)
OS command injection in CVE-2026-38063 (CVE-2026-38063). Successful exploitation can lead to full system takeover.
CVE-2026-38062 OS Command Injection in CVE-2026-38062 (CVE-2026-38062)
OS command injection in CVE-2026-38062 (CVE-2026-38062). Successful exploitation can lead to full system takeover.
CVE-2026-38061 OS Command Injection in CVE-2026-38061 (CVE-2026-38061)
OS command injection in CVE-2026-38061 (CVE-2026-38061). Successful exploitation can lead to full system takeover.
CVE-2026-38060 OS Command Injection in CVE-2026-38060 (CVE-2026-38060)
OS command injection in CVE-2026-38060 (CVE-2026-38060). Successful exploitation can lead to full system takeover.
CVE-2026-37216 Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
Ruoyi 4.8.2 is vulnerable to Cross Site Scripting (XSS) at the interface /system/notice/add.
CVE-2026-36933 Vulnerability in CVE-2026-36933 (CVE-2026-36933)
vulnerability in CVE-2026-36933 (CVE-2026-36933). Successful exploitation can lead to full system takeover.
CVE-2026-30120 Code Injection in remotion (CVE-2026-30120)
code injection in remotion (CVE-2026-30120). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.410` or later.
CVE-2026-36213 Privilege Escalation in CVE-2026-36213 (CVE-2026-36213)
vulnerability in CVE-2026-36213 (CVE-2026-36213). Successful exploitation can lead to full system takeover.
CVE-2026-30121 Remotion: arbitrary file write vulnerability
Remotion: arbitrary file write vulnerability
CVE-2026-36537 Vulnerability in CVE-2026-36537 (CVE-2026-36537)
vulnerability in CVE-2026-36537 (CVE-2026-36537). Successful exploitation can lead to full system takeover.
CVE-2026-36521 Cross-Site Scripting (XSS) in CVE-2026-36521 (CVE-2026-36521)
cross-site scripting in CVE-2026-36521 (CVE-2026-36521). Risk of unauthorized operations or information disclosure.
CVE-2025-55650 Use-After-Free in c (CVE-2025-55650)
vulnerability in c (CVE-2025-55650). Risk of unauthorized operations or information disclosure.
CVE-2025-56814 Command Injection in CVE-2025-56814 (CVE-2025-56814)
command injection in CVE-2025-56814 (CVE-2025-56814). Successful exploitation can lead to full system takeover.
CVE-2025-55661 Vulnerability in dos (CVE-2025-55661)
vulnerability in dos (CVE-2025-55661). Risk of unauthorized operations or information disclosure.
CVE-2025-55652 Vulnerability in c (CVE-2025-55652)
vulnerability in c (CVE-2025-55652). Risk of unauthorized operations or information disclosure.
CVE-2025-55663 Vulnerability in c (CVE-2025-55663)
vulnerability in c (CVE-2025-55663). Risk of unauthorized operations or information disclosure.
CVE-2025-70102 Vulnerability in c (CVE-2025-70102)
vulnerability in c (CVE-2025-70102). Risk of unauthorized operations or information disclosure.
CVE-2025-55660 Vulnerability in c (CVE-2025-55660)
vulnerability in c (CVE-2025-55660). Risk of unauthorized operations or information disclosure.
CVE-2025-55644 Use-After-Free in c (CVE-2025-55644)
vulnerability in c (CVE-2025-55644). Risk of unauthorized operations or information disclosure.
CVE-2025-55647 Vulnerability in c (CVE-2025-55647)
vulnerability in c (CVE-2025-55647). Risk of unauthorized operations or information disclosure.
CVE-2025-55648 Vulnerability in c (CVE-2025-55648)
vulnerability in c (CVE-2025-55648). Risk of unauthorized operations or information disclosure.
CVE-2025-55645 Vulnerability in c (CVE-2025-55645)
vulnerability in c (CVE-2025-55645). Risk of unauthorized operations or information disclosure.
CVE-2025-55643 Vulnerability in c (CVE-2025-55643)
vulnerability in c (CVE-2025-55643). Risk of unauthorized operations or information disclosure.
CVE-2025-55649 Vulnerability in c (CVE-2025-55649)
vulnerability in c (CVE-2025-55649). Risk of unauthorized operations or information disclosure.
CVE-2025-55641 Vulnerability in c (CVE-2025-55641)
vulnerability in c (CVE-2025-55641). Risk of unauthorized operations or information disclosure.
CVE-2026-48817 Vulnerability in starlette (CVE-2026-48817)
vulnerability in starlette (CVE-2026-48817). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTPEndpoint``. Mitigation: upgrade to `1.1.0` or later.
CVE-2026-54271 Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-54270 Vulnerability in protobufjs (CVE-2026-54270)
vulnerability in protobufjs (CVE-2026-54270). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader``. Mitigation: upgrade to `8.5.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →