Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-30950 |
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
|
| CVE-2026-27891 |
|
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
|
| CVE-2026-27964 |
|
Cross-Site Scripting (XSS) in facturascripts/facturascripts (CVE-2026-27964)
cross-site scripting in facturascripts/facturascripts (CVE-2026-27964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27892 |
|
Information Disclosure in facturascripts/facturascripts (CVE-2026-27892)
vulnerability in facturascripts/facturascripts (CVE-2026-27892). Confidential information can be exposed externally. Exploitable via ``exiftool``.
|
| CVE-2026-27737 |
|
Cross-Site Scripting (XSS) in CVE-2026-27737 (CVE-2026-27737)
cross-site scripting in CVE-2026-27737 (CVE-2026-27737). Data can be tampered with by attackers.
|
| CVE-2026-8851 |
|
SQL Injection in sqli (CVE-2026-8851)
SQL injection in sqli (CVE-2026-8851). Confidential information can be exposed externally.
|
| CVE-2026-47092 |
|
Vulnerability in jarrodwatts (CVE-2026-47092)
vulnerability in jarrodwatts (CVE-2026-47092). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45244 |
|
Vulnerability in @steipete/summarize (CVE-2026-45244)
vulnerability in @steipete/summarize (CVE-2026-45244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-21789 |
|
Authorization Flaw in CVE-2026-21789 (CVE-2026-21789)
vulnerability in CVE-2026-21789 (CVE-2026-21789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45245 |
|
SSRF (Server-Side Request Forgery) in @steipete/summarize (CVE-2026-45245)
SSRF in @steipete/summarize (CVE-2026-45245). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.1` or later.
|
| CVE-2026-47091 |
|
Path Traversal in path-traversal (CVE-2026-47091)
path traversal in path-traversal (CVE-2026-47091). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45246 |
|
Vulnerability in steipete (CVE-2026-45246)
vulnerability in steipete (CVE-2026-45246). Confidential information can be exposed externally.
|
| CVE-2026-27130 |
|
OS Command Injection in CVE-2026-27130 (CVE-2026-27130)
OS command injection in CVE-2026-27130 (CVE-2026-27130). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26978 |
|
Unsafe Deserialization in CVE-2026-26978 (CVE-2026-26978)
vulnerability in CVE-2026-26978 (CVE-2026-26978). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8838 |
|
Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
|
| CVE-2026-46559 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46523 |
|
ImageMagick: Use-After-Free in MSL decoder.
ImageMagick: Use-After-Free in MSL decoder.
|
| CVE-2026-46522 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46521 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-46520 |
|
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
|
| CVE-2026-45664 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45624 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45624)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45624). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45554 |
|
Vulnerability in nicegui (CVE-2026-45554)
vulnerability in nicegui (CVE-2026-45554). Risk of unauthorized operations or information disclosure. Exploitable via ``RuntimeError``. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45553 |
|
Information Disclosure in nicegui (CVE-2026-45553)
vulnerability in nicegui (CVE-2026-45553). Confidential information can be exposed externally. Exploitable via ``include``. Mitigation: upgrade to `3.12.0` or later.
|
| CVE-2026-45686 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45686)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45686). Risk of unauthorized operations or information disclosure. Exploitable via ``set``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45685 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45685)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45685). Risk of unauthorized operations or information disclosure. Exploitable via ``parseOpMessage``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45684 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45684)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45684). Risk of unauthorized operations or information disclosure. Exploitable via ``writev``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45682 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45682)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45682). Risk of unauthorized operations or information disclosure. Exploitable via ``CappedConcurrentHashMap``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45683 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45683)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45683). Risk of unauthorized operations or information disclosure. Exploitable via ``bpf_probe_read``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45681 |
|
Out-of-Bounds Read in go.opentelemetry.io/obi (CVE-2026-45681)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45681). Confidential information can be exposed externally. Exploitable via ``k_kprobes_http2_buf_size``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45680 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45680)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45680). Risk of unauthorized operations or information disclosure. Exploitable via ``probeMetrics``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45242 |
|
Vulnerability in @steipete/summarize (CVE-2026-45242)
vulnerability in @steipete/summarize (CVE-2026-45242). Data can be tampered with by attackers. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-45243 |
|
Vulnerability in @steipete/summarize (CVE-2026-45243)
vulnerability in @steipete/summarize (CVE-2026-45243). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.15.0` or later.
|
| CVE-2026-8836 |
|
Buffer Overflow in c (CVE-2026-8836)
vulnerability in c (CVE-2026-8836). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45231 |
|
Cross-Site Scripting (XSS) in CVE-2026-45231 (CVE-2026-45231)
cross-site scripting in CVE-2026-45231 (CVE-2026-45231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45731 |
|
Path Traversal in WWBN/AVideo (CVE-2026-45731)
path traversal in WWBN/AVideo (CVE-2026-45731). Confidential information can be exposed externally. Exploitable via `POST /view/update.php`.
|
| CVE-2026-45492 |
|
Vulnerability in microsoft (CVE-2026-45492)
vulnerability in microsoft (CVE-2026-45492). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45495 |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
| CVE-2026-45494 |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
| CVE-2026-29964 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29965 |
|
Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32849 |
|
Vulnerability in c (CVE-2026-32849)
vulnerability in c (CVE-2026-32849). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32848 |
|
Vulnerability in CVE-2026-32848 (CVE-2026-32848)
vulnerability in CVE-2026-32848 (CVE-2026-32848). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29962 |
|
Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
|
| CVE-2026-29963 |
|
Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
|
| CVE-2026-45230 |
|
Path Traversal in path-traversal (CVE-2026-45230)
path traversal in path-traversal (CVE-2026-45230). Data can be tampered with by attackers. Exploitable via `POST /api/delete-file`.
|
| CVE-2026-42822 |
|
Authentication Bypass in microsoft (CVE-2026-42822)
authentication bypass in microsoft (CVE-2026-42822). Successful exploitation can lead to full system takeover.
|
| CVE-2023-24215 |
|
Vulnerability in CVE-2023-24215 (CVE-2023-24215)
vulnerability in CVE-2023-24215 (CVE-2023-24215). Confidential information can be exposed externally.
|
| CVE-2026-45678 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45678)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45678). Risk of unauthorized operations or information disclosure. Exploitable via ``BIND``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45679 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45679)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45679). Risk of unauthorized operations or information disclosure. Exploitable via ``getRedisError``. Mitigation: upgrade to `0.9.0` or later.
|