Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54093 |
|
Path Traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54093)
path traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54093). Risk of unauthorized operations or information disclosure. Exploitable via ``filepath.ToSlash``. Mitigation: upgrade to `2.63.6` or later.
|
| CVE-2026-54094 |
|
Path Traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094)
path traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094). Confidential information can be exposed externally. Exploitable via `GET /api/raw/{path}`. Mitigation: upgrade to `2.63.14` or later.
|
| CVE-2026-54092 |
|
Vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54092)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54092). Risk of unauthorized operations or information disclosure. Exploitable via ``CheckPwd``. Mitigation: upgrade to `2.63.6` or later.
|
| CVE-2026-54394 |
|
Path Traversal in path-traversal (CVE-2026-54394)
path traversal in path-traversal (CVE-2026-54394). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54397 |
|
Authorization Flaw in CVE-2026-54397 (CVE-2026-54397)
vulnerability in CVE-2026-54397 (CVE-2026-54397). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54362 |
|
Authorization Flaw in CVE-2026-54362 (CVE-2026-54362)
vulnerability in CVE-2026-54362 (CVE-2026-54362). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54396 |
|
Information Disclosure in CVE-2026-54396 (CVE-2026-54396)
vulnerability in CVE-2026-54396 (CVE-2026-54396). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54393 |
|
Cross-Site Scripting (XSS) in CVE-2026-54393 (CVE-2026-54393)
cross-site scripting in CVE-2026-54393 (CVE-2026-54393). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54395 |
|
Cross-Site Scripting (XSS) in CVE-2026-54395 (CVE-2026-54395)
cross-site scripting in CVE-2026-54395 (CVE-2026-54395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12129 |
|
Cross-Site Scripting (XSS) in CVE-2026-12129 (CVE-2026-12129)
cross-site scripting in CVE-2026-12129 (CVE-2026-12129). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12130 |
|
Cross-Site Scripting (XSS) in CVE-2026-12130 (CVE-2026-12130)
cross-site scripting in CVE-2026-12130 (CVE-2026-12130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24618 |
|
Vulnerability in CVE-2026-24618 (CVE-2026-24618)
vulnerability in CVE-2026-24618 (CVE-2026-24618). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54056 |
|
Vulnerability in kovidgoyal (CVE-2026-54056)
vulnerability in kovidgoyal (CVE-2026-54056). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
|
| CVE-2026-53607 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-53607)
SSRF in ssrf (CVE-2026-53607). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``.
|
| CVE-2026-54057 |
|
Code Injection in kovidgoyal (CVE-2026-54057)
code injection in kovidgoyal (CVE-2026-54057). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53606 |
|
Cross-Site Scripting (XSS) in CVE-2026-53606 (CVE-2026-53606)
cross-site scripting in CVE-2026-53606 (CVE-2026-53606). Risk of unauthorized operations or information disclosure. Exploitable via ``allowedSchemesAppliedToAttributes``.
|
| CVE-2026-47263 |
|
Information Disclosure in discourse (CVE-2026-47263)
vulnerability in discourse (CVE-2026-47263). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47264 |
|
Information Disclosure in discourse (CVE-2026-47264)
vulnerability in discourse (CVE-2026-47264). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45775 |
|
Path Traversal in path-traversal (CVE-2026-45775)
path traversal in path-traversal (CVE-2026-45775). Confidential information can be exposed externally.
|
| CVE-2026-45085 |
|
Information Disclosure in discourse (CVE-2026-45085)
vulnerability in discourse (CVE-2026-45085). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45014 |
|
Cross-Site Scripting (XSS) in CVE-2026-45014 (CVE-2026-45014)
cross-site scripting in CVE-2026-45014 (CVE-2026-45014). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44784 |
|
Information Disclosure in discourse (CVE-2026-44784)
vulnerability in discourse (CVE-2026-44784). Confidential information can be exposed externally.
|
| CVE-2026-44785 |
|
Information Disclosure in discourse (CVE-2026-44785)
vulnerability in discourse (CVE-2026-44785). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44786 |
|
Information Disclosure in discourse (CVE-2026-44786)
vulnerability in discourse (CVE-2026-44786). Confidential information can be exposed externally.
|
| CVE-2026-44779 |
|
Information Disclosure in discourse (CVE-2026-44779)
vulnerability in discourse (CVE-2026-44779). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44780 |
|
Information Disclosure in discourse (CVE-2026-44780)
vulnerability in discourse (CVE-2026-44780). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44782 |
|
Information Disclosure in discourse (CVE-2026-44782)
vulnerability in discourse (CVE-2026-44782). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44783 |
|
Vulnerability in discourse (CVE-2026-44783)
vulnerability in discourse (CVE-2026-44783). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54096 |
|
Authorization Flaw in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/share/`. Mitigation: upgrade to `2.63.7` or later.
|
| CVE-2026-44311 |
|
Cross-Site Scripting (XSS) in fabric (CVE-2026-44311)
cross-site scripting in fabric (CVE-2026-44311). Risk of unauthorized operations or information disclosure. Exploitable via ``color``. Mitigation: upgrade to `7.4.0` or later.
|
| CVE-2026-54055 |
|
Vulnerability in privilege-escalation (CVE-2026-54055)
vulnerability in privilege-escalation (CVE-2026-54055). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
|
| CVE-2026-54359 |
|
Cross-Site Request Forgery (CSRF) in CVE-2026-54359 (CVE-2026-54359)
vulnerability in CVE-2026-54359 (CVE-2026-54359). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50552 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50552)
SSRF in ssrf (CVE-2026-50552). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/radio/stations`.
|
| CVE-2026-54358 |
|
Authorization Flaw in privilege-escalation (CVE-2026-54358)
vulnerability in privilege-escalation (CVE-2026-54358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54357 |
|
Vulnerability in CVE-2026-54357 (CVE-2026-54357)
vulnerability in CVE-2026-54357 (CVE-2026-54357). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43872 |
|
Path Traversal in path-traversal (CVE-2026-43872)
path traversal in path-traversal (CVE-2026-43872). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42851 |
|
Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
|
| CVE-2026-42604 |
|
Authorization Flaw in CVE-2026-42604 (CVE-2026-42604)
vulnerability in CVE-2026-42604 (CVE-2026-42604). Risk of unauthorized operations or information disclosure. Exploitable via `POST /openid/config`.
|
| CVE-2026-42850 |
|
Command Injection in kovidgoyal (CVE-2026-42850)
command injection in kovidgoyal (CVE-2026-42850). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53724 |
|
Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
|
| CVE-2026-53725 |
|
Information Disclosure in parse-server (CVE-2026-53725)
vulnerability in parse-server (CVE-2026-53725). Risk of unauthorized operations or information disclosure. Exploitable via ``get``. Mitigation: upgrade to `9.9.1-alpha.5` or later.
|
| CVE-2026-50008 |
|
Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
|
| CVE-2026-50244 |
|
Vulnerability in CVE-2026-50244 (CVE-2026-50244)
vulnerability in CVE-2026-50244 (CVE-2026-50244). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50108 |
|
Vulnerability in CVE-2026-50108 (CVE-2026-50108)
vulnerability in CVE-2026-50108 (CVE-2026-50108). Confidential information can be exposed externally.
|
| CVE-2026-47236 |
|
Authorization Flaw in CVE-2026-47236 (CVE-2026-47236)
vulnerability in CVE-2026-47236 (CVE-2026-47236). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28742 |
|
Vulnerability in CVE-2026-28742 (CVE-2026-28742)
vulnerability in CVE-2026-28742 (CVE-2026-28742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12143 |
|
Vulnerability in form-data (CVE-2026-12143)
vulnerability in form-data (CVE-2026-12143). Data can be tampered with by attackers. Exploitable via ``field``. Mitigation: upgrade to `4.0.6` or later.
|
| CVE-2026-10715 |
|
Vulnerability in CVE-2026-10715 (CVE-2026-10715)
vulnerability in CVE-2026-10715 (CVE-2026-10715). Risk of unauthorized operations or information disclosure. Exploitable via `POST /admin/post_type/`.
|
| CVE-2026-12043 |
|
Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48558 KEV |
|
[KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|