Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-30950 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijack...
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions 0.6.36 through 0.6.50 are vulnerable to Authenticated Session Hijacking via IDOR. If an authenticated attacker can determine the session_id of another user's session, t...
CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the f...
FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the Plugins::add() function. The system fails to properly validate the file paths within uploaded ZIP archives. This allows an attacker to perform a Zip Slip attack, leadin...
CVE-2026-27964 Cross-Site Scripting (XSS) in facturascripts/facturascripts (CVE-2026-27964)
cross-site scripting in facturascripts/facturascripts (CVE-2026-27964). Risk of unauthorized operations or information disclosure.
CVE-2026-27892 Information Disclosure in facturascripts/facturascripts (CVE-2026-27892)
vulnerability in facturascripts/facturascripts (CVE-2026-27892). Confidential information can be exposed externally. Exploitable via ``exiftool``.
CVE-2026-27737 Cross-Site Scripting (XSS) in CVE-2026-27737 (CVE-2026-27737)
cross-site scripting in CVE-2026-27737 (CVE-2026-27737). Data can be tampered with by attackers.
CVE-2026-8851 SQL Injection in sqli (CVE-2026-8851)
SQL injection in sqli (CVE-2026-8851). Confidential information can be exposed externally.
CVE-2026-47092 Vulnerability in jarrodwatts (CVE-2026-47092)
vulnerability in jarrodwatts (CVE-2026-47092). Successful exploitation can lead to full system takeover.
CVE-2026-45244 Vulnerability in @steipete/summarize (CVE-2026-45244)
vulnerability in @steipete/summarize (CVE-2026-45244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.15.0` or later.
CVE-2026-21789 Authorization Flaw in CVE-2026-21789 (CVE-2026-21789)
vulnerability in CVE-2026-21789 (CVE-2026-21789). Risk of unauthorized operations or information disclosure.
CVE-2026-45245 SSRF (Server-Side Request Forgery) in @steipete/summarize (CVE-2026-45245)
SSRF in @steipete/summarize (CVE-2026-45245). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.1` or later.
CVE-2026-47091 Path Traversal in path-traversal (CVE-2026-47091)
path traversal in path-traversal (CVE-2026-47091). Risk of unauthorized operations or information disclosure.
CVE-2026-45246 Vulnerability in steipete (CVE-2026-45246)
vulnerability in steipete (CVE-2026-45246). Confidential information can be exposed externally.
CVE-2026-27130 OS Command Injection in CVE-2026-27130 (CVE-2026-27130)
OS command injection in CVE-2026-27130 (CVE-2026-27130). Successful exploitation can lead to full system takeover.
CVE-2026-26978 Unsafe Deserialization in CVE-2026-26978 (CVE-2026-26978)
vulnerability in CVE-2026-26978 (CVE-2026-26978). Risk of unauthorized operations or information disclosure.
CVE-2026-8838 Code Injection in Amazon redshift-connector (CVE-2026-8838)
code injection in Amazon redshift-connector (CVE-2026-8838). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.1.14` or later.
CVE-2026-46559 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46559). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46523 ImageMagick: Use-After-Free in MSL decoder.
ImageMagick: Use-After-Free in MSL decoder.
CVE-2026-46522 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46522). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46521 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-46521). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-46520 ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
ImageMagick: Heap Buffer Over-Write in IPL decoder when reading multiple images of different dimensions
CVE-2026-45664 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45664). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45624 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45624)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45624). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45554 Vulnerability in nicegui (CVE-2026-45554)
vulnerability in nicegui (CVE-2026-45554). Risk of unauthorized operations or information disclosure. Exploitable via ``RuntimeError``. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-45553 Information Disclosure in nicegui (CVE-2026-45553)
vulnerability in nicegui (CVE-2026-45553). Confidential information can be exposed externally. Exploitable via ``include``. Mitigation: upgrade to `3.12.0` or later.
CVE-2026-45686 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45686)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45686). Risk of unauthorized operations or information disclosure. Exploitable via ``set``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45685 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45685)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45685). Risk of unauthorized operations or information disclosure. Exploitable via ``parseOpMessage``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45684 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45684)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45684). Risk of unauthorized operations or information disclosure. Exploitable via ``writev``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45682 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45682)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45682). Risk of unauthorized operations or information disclosure. Exploitable via ``CappedConcurrentHashMap``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45683 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45683)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45683). Risk of unauthorized operations or information disclosure. Exploitable via ``bpf_probe_read``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45681 Out-of-Bounds Read in go.opentelemetry.io/obi (CVE-2026-45681)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45681). Confidential information can be exposed externally. Exploitable via ``k_kprobes_http2_buf_size``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45680 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45680)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45680). Risk of unauthorized operations or information disclosure. Exploitable via ``probeMetrics``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45242 Vulnerability in @steipete/summarize (CVE-2026-45242)
vulnerability in @steipete/summarize (CVE-2026-45242). Data can be tampered with by attackers. Mitigation: upgrade to `0.15.0` or later.
CVE-2026-45243 Vulnerability in @steipete/summarize (CVE-2026-45243)
vulnerability in @steipete/summarize (CVE-2026-45243). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.15.0` or later.
CVE-2026-8836 Buffer Overflow in c (CVE-2026-8836)
vulnerability in c (CVE-2026-8836). Successful exploitation can lead to full system takeover.
CVE-2026-45231 Cross-Site Scripting (XSS) in CVE-2026-45231 (CVE-2026-45231)
cross-site scripting in CVE-2026-45231 (CVE-2026-45231). Risk of unauthorized operations or information disclosure.
CVE-2026-45731 Path Traversal in WWBN/AVideo (CVE-2026-45731)
path traversal in WWBN/AVideo (CVE-2026-45731). Confidential information can be exposed externally. Exploitable via `POST /view/update.php`.
CVE-2026-45492 Vulnerability in microsoft (CVE-2026-45492)
vulnerability in microsoft (CVE-2026-45492). Risk of unauthorized operations or information disclosure.
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-45494 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-29964 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29964)
cross-site scripting in hsclabs (CVE-2026-29964). Risk of unauthorized operations or information disclosure.
CVE-2026-29965 Cross-Site Scripting (XSS) in hsclabs (CVE-2026-29965)
cross-site scripting in hsclabs (CVE-2026-29965). Risk of unauthorized operations or information disclosure.
CVE-2026-32849 Vulnerability in c (CVE-2026-32849)
vulnerability in c (CVE-2026-32849). Risk of unauthorized operations or information disclosure.
CVE-2026-32848 Vulnerability in CVE-2026-32848 (CVE-2026-32848)
vulnerability in CVE-2026-32848 (CVE-2026-32848). Risk of unauthorized operations or information disclosure.
CVE-2026-29962 Vulnerability in path-traversal (CVE-2026-29962)
vulnerability in path-traversal (CVE-2026-29962). Confidential information can be exposed externally.
CVE-2026-29963 Path Traversal in path-traversal (CVE-2026-29963)
path traversal in path-traversal (CVE-2026-29963). Confidential information can be exposed externally.
CVE-2026-45230 Path Traversal in path-traversal (CVE-2026-45230)
path traversal in path-traversal (CVE-2026-45230). Data can be tampered with by attackers. Exploitable via `POST /api/delete-file`.
CVE-2026-42822 Authentication Bypass in microsoft (CVE-2026-42822)
authentication bypass in microsoft (CVE-2026-42822). Successful exploitation can lead to full system takeover.
CVE-2023-24215 Vulnerability in CVE-2023-24215 (CVE-2023-24215)
vulnerability in CVE-2023-24215 (CVE-2023-24215). Confidential information can be exposed externally.
CVE-2026-45678 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45678)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45678). Risk of unauthorized operations or information disclosure. Exploitable via ``BIND``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45679 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45679)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45679). Risk of unauthorized operations or information disclosure. Exploitable via ``getRedisError``. Mitigation: upgrade to `0.9.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →