Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-54093 Path Traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54093)
path traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54093). Risk of unauthorized operations or information disclosure. Exploitable via ``filepath.ToSlash``. Mitigation: upgrade to `2.63.6` or later.
CVE-2026-54094 Path Traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094)
path traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094). Confidential information can be exposed externally. Exploitable via `GET /api/raw/{path}`. Mitigation: upgrade to `2.63.14` or later.
CVE-2026-54092 Vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54092)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54092). Risk of unauthorized operations or information disclosure. Exploitable via ``CheckPwd``. Mitigation: upgrade to `2.63.6` or later.
CVE-2026-54394 Path Traversal in path-traversal (CVE-2026-54394)
path traversal in path-traversal (CVE-2026-54394). Risk of unauthorized operations or information disclosure.
CVE-2026-54397 Authorization Flaw in CVE-2026-54397 (CVE-2026-54397)
vulnerability in CVE-2026-54397 (CVE-2026-54397). Risk of unauthorized operations or information disclosure.
CVE-2026-54362 Authorization Flaw in CVE-2026-54362 (CVE-2026-54362)
vulnerability in CVE-2026-54362 (CVE-2026-54362). Risk of unauthorized operations or information disclosure.
CVE-2026-54396 Information Disclosure in CVE-2026-54396 (CVE-2026-54396)
vulnerability in CVE-2026-54396 (CVE-2026-54396). Risk of unauthorized operations or information disclosure.
CVE-2026-54393 Cross-Site Scripting (XSS) in CVE-2026-54393 (CVE-2026-54393)
cross-site scripting in CVE-2026-54393 (CVE-2026-54393). Risk of unauthorized operations or information disclosure.
CVE-2026-54395 Cross-Site Scripting (XSS) in CVE-2026-54395 (CVE-2026-54395)
cross-site scripting in CVE-2026-54395 (CVE-2026-54395). Risk of unauthorized operations or information disclosure.
CVE-2026-12129 Cross-Site Scripting (XSS) in CVE-2026-12129 (CVE-2026-12129)
cross-site scripting in CVE-2026-12129 (CVE-2026-12129). Risk of unauthorized operations or information disclosure.
CVE-2026-12130 Cross-Site Scripting (XSS) in CVE-2026-12130 (CVE-2026-12130)
cross-site scripting in CVE-2026-12130 (CVE-2026-12130). Risk of unauthorized operations or information disclosure.
CVE-2026-24618 Vulnerability in CVE-2026-24618 (CVE-2026-24618)
vulnerability in CVE-2026-24618 (CVE-2026-24618). Risk of unauthorized operations or information disclosure.
CVE-2026-54056 Vulnerability in kovidgoyal (CVE-2026-54056)
vulnerability in kovidgoyal (CVE-2026-54056). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
CVE-2026-53607 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-53607)
SSRF in ssrf (CVE-2026-53607). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``.
CVE-2026-54057 Code Injection in kovidgoyal (CVE-2026-54057)
code injection in kovidgoyal (CVE-2026-54057). Successful exploitation can lead to full system takeover.
CVE-2026-53606 Cross-Site Scripting (XSS) in CVE-2026-53606 (CVE-2026-53606)
cross-site scripting in CVE-2026-53606 (CVE-2026-53606). Risk of unauthorized operations or information disclosure. Exploitable via ``allowedSchemesAppliedToAttributes``.
CVE-2026-47263 Information Disclosure in discourse (CVE-2026-47263)
vulnerability in discourse (CVE-2026-47263). Risk of unauthorized operations or information disclosure.
CVE-2026-47264 Information Disclosure in discourse (CVE-2026-47264)
vulnerability in discourse (CVE-2026-47264). Risk of unauthorized operations or information disclosure.
CVE-2026-45775 Path Traversal in path-traversal (CVE-2026-45775)
path traversal in path-traversal (CVE-2026-45775). Confidential information can be exposed externally.
CVE-2026-45085 Information Disclosure in discourse (CVE-2026-45085)
vulnerability in discourse (CVE-2026-45085). Risk of unauthorized operations or information disclosure.
CVE-2026-45014 Cross-Site Scripting (XSS) in CVE-2026-45014 (CVE-2026-45014)
cross-site scripting in CVE-2026-45014 (CVE-2026-45014). Risk of unauthorized operations or information disclosure.
CVE-2026-44784 Information Disclosure in discourse (CVE-2026-44784)
vulnerability in discourse (CVE-2026-44784). Confidential information can be exposed externally.
CVE-2026-44785 Information Disclosure in discourse (CVE-2026-44785)
vulnerability in discourse (CVE-2026-44785). Risk of unauthorized operations or information disclosure.
CVE-2026-44786 Information Disclosure in discourse (CVE-2026-44786)
vulnerability in discourse (CVE-2026-44786). Confidential information can be exposed externally.
CVE-2026-44779 Information Disclosure in discourse (CVE-2026-44779)
vulnerability in discourse (CVE-2026-44779). Risk of unauthorized operations or information disclosure.
CVE-2026-44780 Information Disclosure in discourse (CVE-2026-44780)
vulnerability in discourse (CVE-2026-44780). Risk of unauthorized operations or information disclosure.
CVE-2026-44782 Information Disclosure in discourse (CVE-2026-44782)
vulnerability in discourse (CVE-2026-44782). Risk of unauthorized operations or information disclosure.
CVE-2026-44783 Vulnerability in discourse (CVE-2026-44783)
vulnerability in discourse (CVE-2026-44783). Risk of unauthorized operations or information disclosure.
CVE-2026-54096 Authorization Flaw in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/share/`. Mitigation: upgrade to `2.63.7` or later.
CVE-2026-44311 Cross-Site Scripting (XSS) in fabric (CVE-2026-44311)
cross-site scripting in fabric (CVE-2026-44311). Risk of unauthorized operations or information disclosure. Exploitable via ``color``. Mitigation: upgrade to `7.4.0` or later.
CVE-2026-54055 Vulnerability in privilege-escalation (CVE-2026-54055)
vulnerability in privilege-escalation (CVE-2026-54055). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
CVE-2026-54359 Cross-Site Request Forgery (CSRF) in CVE-2026-54359 (CVE-2026-54359)
vulnerability in CVE-2026-54359 (CVE-2026-54359). Risk of unauthorized operations or information disclosure.
CVE-2026-50552 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50552)
SSRF in ssrf (CVE-2026-50552). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/radio/stations`.
CVE-2026-54358 Authorization Flaw in privilege-escalation (CVE-2026-54358)
vulnerability in privilege-escalation (CVE-2026-54358). Risk of unauthorized operations or information disclosure.
CVE-2026-54357 Vulnerability in CVE-2026-54357 (CVE-2026-54357)
vulnerability in CVE-2026-54357 (CVE-2026-54357). Risk of unauthorized operations or information disclosure.
CVE-2026-43872 Path Traversal in path-traversal (CVE-2026-43872)
path traversal in path-traversal (CVE-2026-43872). Risk of unauthorized operations or information disclosure.
CVE-2026-42851 Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
CVE-2026-42604 Authorization Flaw in CVE-2026-42604 (CVE-2026-42604)
vulnerability in CVE-2026-42604 (CVE-2026-42604). Risk of unauthorized operations or information disclosure. Exploitable via `POST /openid/config`.
CVE-2026-42850 Command Injection in kovidgoyal (CVE-2026-42850)
command injection in kovidgoyal (CVE-2026-42850). Successful exploitation can lead to full system takeover.
CVE-2026-53724 Cross-Site Scripting (XSS) in parse-server (CVE-2026-53724)
cross-site scripting in parse-server (CVE-2026-53724). Risk of unauthorized operations or information disclosure. Exploitable via ``poc.svg.``. Mitigation: upgrade to `8.6.79` or later.
CVE-2026-53725 Information Disclosure in parse-server (CVE-2026-53725)
vulnerability in parse-server (CVE-2026-53725). Risk of unauthorized operations or information disclosure. Exploitable via ``get``. Mitigation: upgrade to `9.9.1-alpha.5` or later.
CVE-2026-50008 Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
CVE-2026-50244 Vulnerability in CVE-2026-50244 (CVE-2026-50244)
vulnerability in CVE-2026-50244 (CVE-2026-50244). Risk of unauthorized operations or information disclosure.
CVE-2026-50108 Vulnerability in CVE-2026-50108 (CVE-2026-50108)
vulnerability in CVE-2026-50108 (CVE-2026-50108). Confidential information can be exposed externally.
CVE-2026-47236 Authorization Flaw in CVE-2026-47236 (CVE-2026-47236)
vulnerability in CVE-2026-47236 (CVE-2026-47236). Risk of unauthorized operations or information disclosure.
CVE-2026-28742 Vulnerability in CVE-2026-28742 (CVE-2026-28742)
vulnerability in CVE-2026-28742 (CVE-2026-28742). Successful exploitation can lead to full system takeover.
CVE-2026-12143 Vulnerability in form-data (CVE-2026-12143)
vulnerability in form-data (CVE-2026-12143). Data can be tampered with by attackers. Exploitable via ``field``. Mitigation: upgrade to `4.0.6` or later.
CVE-2026-10715 Vulnerability in CVE-2026-10715 (CVE-2026-10715)
vulnerability in CVE-2026-10715 (CVE-2026-10715). Risk of unauthorized operations or information disclosure. Exploitable via `POST /admin/post_type/`.
CVE-2026-12043 Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
CVE-2026-48558 KEV [KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →