Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-53815 Information Disclosure in openclaw (CVE-2026-53815)
vulnerability in openclaw (CVE-2026-53815). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.19` or later.
CVE-2026-53810 OS Command Injection in openclaw (CVE-2026-53810)
OS command injection in openclaw (CVE-2026-53810). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.18` or later.
CVE-2026-53811 Vulnerability in openclaw (CVE-2026-53811)
vulnerability in openclaw (CVE-2026-53811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.7` or later.
CVE-2026-53817 Vulnerability in openclaw (CVE-2026-53817)
vulnerability in openclaw (CVE-2026-53817). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.22` or later.
CVE-2026-53806 Vulnerability in openclaw (CVE-2026-53806)
vulnerability in openclaw (CVE-2026-53806). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-53809 Authorization Flaw in openclaw (CVE-2026-53809)
vulnerability in openclaw (CVE-2026-53809). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-48109 Vulnerability in MessagePack (CVE-2026-48109)
vulnerability in MessagePack (CVE-2026-48109). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
CVE-2025-27511 Vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511)
vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.27.0` or later.
CVE-2026-48089 Vulnerability in github.com/l3montree-dev/devguard (CVE-2026-48089)
vulnerability in github.com/l3montree-dev/devguard (CVE-2026-48089). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.2` or later.
CVE-2026-48059 Vulnerability in io.netty:netty-codec-haproxy (CVE-2026-48059)
vulnerability in io.netty:netty-codec-haproxy (CVE-2026-48059). Risk of unauthorized operations or information disclosure. Exploitable via ``PP2_TYPE_SSL``. Mitigation: upgrade to `4.1.135.Final` or later.
CVE-2026-53782 Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
CVE-2026-53781 Vulnerability in CVE-2026-53781 (CVE-2026-53781)
vulnerability in CVE-2026-53781 (CVE-2026-53781). Risk of unauthorized operations or information disclosure.
CVE-2026-49973 Vulnerability in CVE-2026-49973 (CVE-2026-49973)
vulnerability in CVE-2026-49973 (CVE-2026-49973). Confidential information can be exposed externally.
CVE-2026-49949 Vulnerability in CVE-2026-49949 (CVE-2026-49949)
vulnerability in CVE-2026-49949 (CVE-2026-49949). Confidential information can be exposed externally.
CVE-2026-46622 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a misconf...
CVE-2026-46489 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
CVE-2026-45175 Vulnerability in paloaltonetworks (CVE-2026-45175)
vulnerability in paloaltonetworks (CVE-2026-45175). Successful exploitation can lead to full system takeover.
CVE-2026-53702 Out-of-Bounds Write in CVE-2026-53702 (CVE-2026-53702)
out-of-bounds write in CVE-2026-53702 (CVE-2026-53702). Risk of unauthorized operations or information disclosure.
CVE-2026-53701 Out-of-Bounds Write in c (CVE-2026-53701)
out-of-bounds write in c (CVE-2026-53701). Risk of unauthorized operations or information disclosure.
CVE-2026-52858 Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
CVE-2026-52860 Code Injection in vim (CVE-2026-52860)
code injection in vim (CVE-2026-52860). Successful exploitation can lead to full system takeover.
CVE-2026-52859 Out-of-Bounds Read in c (CVE-2026-52859)
vulnerability in c (CVE-2026-52859). Risk of unauthorized operations or information disclosure.
CVE-2026-48547 OS Command Injection in CVE-2026-48547 (CVE-2026-48547)
OS command injection in CVE-2026-48547 (CVE-2026-48547). Confidential information can be exposed externally.
CVE-2026-47181 Vulnerability in CVE-2026-47181 (CVE-2026-47181)
vulnerability in CVE-2026-47181 (CVE-2026-47181). Risk of unauthorized operations or information disclosure.
CVE-2026-47177 Information Disclosure in CVE-2026-47177 (CVE-2026-47177)
vulnerability in CVE-2026-47177 (CVE-2026-47177). Risk of unauthorized operations or information disclosure.
CVE-2026-47188 Vulnerability in CVE-2026-47188 (CVE-2026-47188)
vulnerability in CVE-2026-47188 (CVE-2026-47188). Risk of unauthorized operations or information disclosure.
CVE-2026-47176 Information Disclosure in CVE-2026-47176 (CVE-2026-47176)
vulnerability in CVE-2026-47176 (CVE-2026-47176). Risk of unauthorized operations or information disclosure.
CVE-2026-47172 Vulnerability in CVE-2026-47172 (CVE-2026-47172)
vulnerability in CVE-2026-47172 (CVE-2026-47172). Risk of unauthorized operations or information disclosure.
CVE-2026-47174 Vulnerability in CVE-2026-47174 (CVE-2026-47174)
vulnerability in CVE-2026-47174 (CVE-2026-47174). Risk of unauthorized operations or information disclosure.
CVE-2026-47171 Vulnerability in CVE-2026-47171 (CVE-2026-47171)
vulnerability in CVE-2026-47171 (CVE-2026-47171). Risk of unauthorized operations or information disclosure.
CVE-2026-47173 Vulnerability in CVE-2026-47173 (CVE-2026-47173)
vulnerability in CVE-2026-47173 (CVE-2026-47173). Risk of unauthorized operations or information disclosure.
CVE-2026-47175 Vulnerability in CVE-2026-47175 (CVE-2026-47175)
vulnerability in CVE-2026-47175 (CVE-2026-47175). Risk of unauthorized operations or information disclosure.
CVE-2026-47170 Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HT...
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning,...
CVE-2026-47162 Vulnerability in vim (CVE-2026-47162)
vulnerability in vim (CVE-2026-47162). Successful exploitation can lead to full system takeover.
CVE-2026-47167 Code Injection in vim (CVE-2026-47167)
code injection in vim (CVE-2026-47167). Risk of unauthorized operations or information disclosure.
CVE-2026-47163 Vulnerability in CVE-2026-47163 (CVE-2026-47163)
vulnerability in CVE-2026-47163 (CVE-2026-47163). Risk of unauthorized operations or information disclosure.
CVE-2026-45178 Vulnerability in dos (CVE-2026-45178)
vulnerability in dos (CVE-2026-45178). Confidential information can be exposed externally.
CVE-2026-45177 Vulnerability in paloaltonetworks (CVE-2026-45177)
vulnerability in paloaltonetworks (CVE-2026-45177). Confidential information can be exposed externally.
CVE-2026-45176 Privilege Escalation in paloaltonetworks (CVE-2026-45176)
vulnerability in paloaltonetworks (CVE-2026-45176). Successful exploitation can lead to full system takeover.
CVE-2026-11774 An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
CVE-2025-46293 Vulnerability in apple (CVE-2025-46293)
vulnerability in apple (CVE-2025-46293). Confidential information can be exposed externally.
CVE-2025-46313 Vulnerability in apple (CVE-2025-46313)
vulnerability in apple (CVE-2025-46313). Confidential information can be exposed externally.
CVE-2025-46315 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
CVE-2025-46308 Vulnerability in apple (CVE-2025-46308)
vulnerability in apple (CVE-2025-46308). Risk of unauthorized operations or information disclosure.
CVE-2025-43339 Vulnerability in apple (CVE-2025-43339)
vulnerability in apple (CVE-2025-43339). Confidential information can be exposed externally.
CVE-2025-24268 Path Traversal in apple (CVE-2025-24268)
path traversal in apple (CVE-2025-24268). Confidential information can be exposed externally.
CVE-2025-24284 This issue was addressed with improved checks to prevent unauthorized actions. This issue is...
This issue was addressed with improved checks to prevent unauthorized actions. This issue is...
CVE-2025-30431 Vulnerability in apple (CVE-2025-30431)
vulnerability in apple (CVE-2025-30431). Confidential information can be exposed externally.
CVE-2025-31272 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app...
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app...
CVE-2025-24165 Vulnerability in apple (CVE-2025-24165)
vulnerability in apple (CVE-2025-24165). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →