Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49492 |
|
OS Command Injection in CVE-2026-49492 (CVE-2026-49492)
OS command injection in CVE-2026-49492 (CVE-2026-49492). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
|
| CVE-2026-49493 |
|
Code Injection in CVE-2026-49493 (CVE-2026-49493)
code injection in CVE-2026-49493 (CVE-2026-49493). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.28` or later.
|
| CVE-2026-45750 |
|
OS Command Injection in termix (CVE-2026-45750)
OS command injection in termix (CVE-2026-45750). Successful exploitation can lead to full system takeover. Exploitable via `GET /ssh/file_manager/ssh/resolvePath`.
|
| CVE-2026-45748 |
|
OS Command Injection in termix (CVE-2026-45748)
OS command injection in termix (CVE-2026-45748). Successful exploitation can lead to full system takeover. Exploitable via `POST /ssh/tunnel/connect`.
|
| CVE-2026-45746 |
|
Vulnerability in termix (CVE-2026-45746)
vulnerability in termix (CVE-2026-45746). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45745 |
|
Vulnerability in termix (CVE-2026-45745)
vulnerability in termix (CVE-2026-45745). Confidential information can be exposed externally.
|
| CVE-2026-45744 |
|
OS Command Injection in termix (CVE-2026-45744)
OS command injection in termix (CVE-2026-45744). Successful exploitation can lead to full system takeover. Exploitable via `GET /ssh/file_manager/ssh/resolvePath`.
|
| CVE-2026-45291 |
|
Vulnerability in CVE-2026-45291 (CVE-2026-45291)
vulnerability in CVE-2026-45291 (CVE-2026-45291). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45290 |
|
Vulnerability in CVE-2026-45290 (CVE-2026-45290)
vulnerability in CVE-2026-45290 (CVE-2026-45290). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36500 |
|
Path Traversal in path-traversal (CVE-2026-36500)
path traversal in path-traversal (CVE-2026-36500). Confidential information can be exposed externally.
|
| CVE-2026-36501 |
|
Vulnerability in dos (CVE-2026-36501)
vulnerability in dos (CVE-2026-36501). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11342 |
|
Vulnerability in sqli (CVE-2026-11342)
vulnerability in sqli (CVE-2026-11342). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11341 |
|
Command Injection in CVE-2026-11341 (CVE-2026-11341)
command injection in CVE-2026-11341 (CVE-2026-11341). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11344 |
|
Vulnerability in CVE-2026-11344 (CVE-2026-11344)
vulnerability in CVE-2026-11344 (CVE-2026-11344). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71318 |
|
Vulnerability in CVE-2025-71318 (CVE-2025-71318)
vulnerability in CVE-2025-71318 (CVE-2025-71318). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71317 |
|
Vulnerability in CVE-2025-71317 (CVE-2025-71317)
vulnerability in CVE-2025-71317 (CVE-2025-71317). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8714 |
|
Vulnerability in tp-link (CVE-2026-8714)
vulnerability in tp-link (CVE-2026-8714). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48112 |
|
Out-of-Bounds Read in 7-zip (CVE-2026-48112)
vulnerability in 7-zip (CVE-2026-48112). Confidential information can be exposed externally.
|
| CVE-2026-48103 |
|
Out-of-Bounds Read in cpp (CVE-2026-48103)
vulnerability in cpp (CVE-2026-48103). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48104 |
|
Out-of-Bounds Read in dos (CVE-2026-48104)
vulnerability in dos (CVE-2026-48104). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48111 |
|
Out-of-Bounds Read in cpp (CVE-2026-48111)
vulnerability in cpp (CVE-2026-48111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11339 |
|
Vulnerability in c (CVE-2026-11339)
vulnerability in c (CVE-2026-11339). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11338 |
|
Cross-Site Scripting (XSS) in CVE-2026-11338 (CVE-2026-11338)
cross-site scripting in CVE-2026-11338 (CVE-2026-11338). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11337 |
|
Cross-Site Scripting (XSS) in CVE-2026-11337 (CVE-2026-11337)
cross-site scripting in CVE-2026-11337 (CVE-2026-11337). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5089 |
|
Vulnerability in dos (CVE-2025-5089)
vulnerability in dos (CVE-2025-5089). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5090 |
|
Vulnerability in dos (CVE-2025-5090)
vulnerability in dos (CVE-2025-5090). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5088 |
|
Privilege Escalation in CVE-2025-5088 (CVE-2025-5088)
vulnerability in CVE-2025-5088 (CVE-2025-5088). Confidential information can be exposed externally.
|
| CVE-2026-54533 |
|
Vulnerability in vantage6 (CVE-2026-54533)
vulnerability in vantage6 (CVE-2026-54533). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.0` or later.
|
| CVE-2026-54445 |
|
Vulnerability in vantage6 (CVE-2026-54445)
vulnerability in vantage6 (CVE-2026-54445). Risk of unauthorized operations or information disclosure. Exploitable via ``root``. Mitigation: upgrade to `5.0.0` or later.
|
| CVE-2026-48017 |
|
Code Injection in dbgate-api (CVE-2026-48017)
code injection in dbgate-api (CVE-2026-48017). Successful exploitation can lead to full system takeover. Exploitable via `POST /runners/load-reader`. Mitigation: upgrade to `7.1.9` or later.
|
| CVE-2026-47684 |
|
SSRF (Server-Side Request Forgery) in @sync-in/server (CVE-2026-47684)
SSRF in @sync-in/server (CVE-2026-47684). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.0` or later.
|
| CVE-2026-47387 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-47387)
cross-site scripting in nocodb (CVE-2026-47387). Risk of unauthorized operations or information disclosure. Exploitable via ``redirect_url``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47386 |
|
Vulnerability in nocodb (CVE-2026-47386)
vulnerability in nocodb (CVE-2026-47386). Risk of unauthorized operations or information disclosure. Exploitable via ``is_used``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47385 |
|
Path Traversal in nocodb (CVE-2026-47385)
path traversal in nocodb (CVE-2026-47385). Risk of unauthorized operations or information disclosure. Exploitable via ``fs.exists``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47384 |
|
SQL Injection in nocodb (CVE-2026-47384)
SQL injection in nocodb (CVE-2026-47384). Risk of unauthorized operations or information disclosure. Exploitable via ``column_name``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47383 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-47383)
cross-site scripting in nocodb (CVE-2026-47383). Risk of unauthorized operations or information disclosure. Exploitable via ``localStorage``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47382 |
|
SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-47382)
SSRF in nocodb (CVE-2026-47382). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-48101 |
|
Vulnerability in 7-zip (CVE-2026-48101)
vulnerability in 7-zip (CVE-2026-48101). Confidential information can be exposed externally.
|
| CVE-2026-11336 |
|
Vulnerability in CVE-2026-11336 (CVE-2026-11336)
vulnerability in CVE-2026-11336 (CVE-2026-11336). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11362 |
|
Vulnerability in binary (CVE-2026-11362)
vulnerability in binary (CVE-2026-11362). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9270 |
|
Vulnerability in binary (CVE-2026-9270)
vulnerability in binary (CVE-2026-9270). Confidential information can be exposed externally.
|
| CVE-2026-48102 |
|
Out-of-Bounds Read in cpp (CVE-2026-48102)
vulnerability in cpp (CVE-2026-48102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47381 |
|
Vulnerability in nocodb (CVE-2026-47381)
vulnerability in nocodb (CVE-2026-47381). Risk of unauthorized operations or information disclosure. Exploitable via ``testConnection``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47380 |
|
Vulnerability in nocodb (CVE-2026-47380)
vulnerability in nocodb (CVE-2026-47380). Risk of unauthorized operations or information disclosure. Exploitable via ``auth.service.ts``. Mitigation: upgrade to `2026.04.1` or later.
|
| CVE-2026-47379 |
|
Information Disclosure in nocodb (CVE-2026-47379)
vulnerability in nocodb (CVE-2026-47379). Risk of unauthorized operations or information disclosure. Exploitable via ``View.ts``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47377 |
|
Open Redirect in nocodb (CVE-2026-47377)
vulnerability in nocodb (CVE-2026-47377). Risk of unauthorized operations or information disclosure. Exploitable via ``hashRedirect``. Mitigation: upgrade to `2026.04.1` or later.
|
| CVE-2026-47376 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-47376)
cross-site scripting in nocodb (CVE-2026-47376). Risk of unauthorized operations or information disclosure. Exploitable via ``dataset.token``. Mitigation: upgrade to `2026.04.1` or later.
|
| CVE-2026-47375 |
|
SQL Injection in nocodb (CVE-2026-47375)
SQL injection in nocodb (CVE-2026-47375). Risk of unauthorized operations or information disclosure. Exploitable via ``columnAdd``. Mitigation: upgrade to `2026.04.1` or later.
|
| CVE-2026-47279 |
|
Vulnerability in nocodb (CVE-2026-47279)
vulnerability in nocodb (CVE-2026-47279). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v2/public/shared-view/`. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-47250 |
|
Vulnerability in mcp-server-kubernetes (CVE-2026-47250)
vulnerability in mcp-server-kubernetes (CVE-2026-47250). Confidential information can be exposed externally. Exploitable via ``kubectl_generic``. Mitigation: upgrade to `3.7.0` or later.
|