Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-45676 |
|
Vulnerability in go.opentelemetry.io/obi (CVE-2026-45676)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45676). Risk of unauthorized operations or information disclosure. Exploitable via ``GetCStringUnsafe``. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-45031 |
|
Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-42306 |
|
Vulnerability in github.com/docker/docker (CVE-2026-42306)
vulnerability in github.com/docker/docker (CVE-2026-42306). Data can be tampered with by attackers. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
|
| CVE-2026-41568 |
|
Vulnerability in github.com/docker/docker (CVE-2026-41568)
vulnerability in github.com/docker/docker (CVE-2026-41568). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
|
| CVE-2026-45727 |
|
Path Traversal in cloakbrowser (CVE-2026-45727)
path traversal in cloakbrowser (CVE-2026-45727). Risk of unauthorized operations or information disclosure. Exploitable via ``cloakserve``. Mitigation: upgrade to `0.3.28` or later.
|
| CVE-2026-45358 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45358)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45358). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45359 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45359)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45359). Confidential information can be exposed externally. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-45719 |
|
Code Injection in @budibase/server (CVE-2026-45719)
code injection in @budibase/server (CVE-2026-45719). Confidential information can be exposed externally. Exploitable via `POST /api/views`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-41567 |
|
Vulnerability in github.com/moby/moby/v2 (CVE-2026-41567)
vulnerability in github.com/moby/moby/v2 (CVE-2026-41567). Confidential information can be exposed externally. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
|
| CVE-2026-45718 |
|
Authorization Flaw in budibase (CVE-2026-45718)
vulnerability in budibase (CVE-2026-45718). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/tables/`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-45716 |
|
Privilege Escalation in @budibase/worker (CVE-2026-45716)
vulnerability in @budibase/worker (CVE-2026-45716). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/global/users/onboard`. Mitigation: upgrade to `3.38.1` or later.
|
| CVE-2026-45707 |
|
Vulnerability in n8n-mcp (CVE-2026-45707)
vulnerability in n8n-mcp (CVE-2026-45707). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.51.2` or later.
|
| CVE-2026-45697 |
|
Vulnerability in verbb/formie (CVE-2026-45697)
vulnerability in verbb/formie (CVE-2026-45697). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.20` or later.
|
| CVE-2026-45327 |
|
Vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327)
vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327). Data can be tampered with by attackers. Exploitable via `POST /webrtc/source-offer`. Mitigation: upgrade to `2.5.0` or later.
|
| CVE-2026-45829 |
|
Code Injection in chromadb (CVE-2026-45829)
code injection in chromadb (CVE-2026-45829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38719 |
|
Out-of-Bounds Read in c (CVE-2026-38719)
vulnerability in c (CVE-2026-38719). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41085 |
|
Privilege Escalation in privilege-escalation (CVE-2026-41085)
vulnerability in privilege-escalation (CVE-2026-41085). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45302 |
|
Vulnerability in parse-nested-form-data (CVE-2026-45302)
vulnerability in parse-nested-form-data (CVE-2026-45302). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-45300 |
|
Information Disclosure in org.asynchttpclient:async-http-client (CVE-2026-45300)
vulnerability in org.asynchttpclient:async-http-client (CVE-2026-45300). Confidential information can be exposed externally. Exploitable via ``Cookie``. Mitigation: upgrade to `2.15.0` or later.
|
| CVE-2026-45298 |
|
SSRF (Server-Side Request Forgery) in github.com/amir20/dozzle (CVE-2026-45298)
SSRF in github.com/amir20/dozzle (CVE-2026-45298). Confidential information can be exposed externally. Exploitable via `POST /api/notifications/test-webhook`.
|
| CVE-2026-46385 |
|
Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader.ReadBlockHeader``. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2026-46384 |
|
Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384). Risk of unauthorized operations or information disclosure. Exploitable via ``int``. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2026-45149 |
|
Vulnerability in brace-expansion (CVE-2026-45149)
vulnerability in brace-expansion (CVE-2026-45149). Risk of unauthorized operations or information disclosure. Exploitable via ``max``. Mitigation: upgrade to `5.0.6` or later.
|
| CVE-2025-56352 |
|
Vulnerability in dos (CVE-2025-56352)
vulnerability in dos (CVE-2025-56352). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-57282 |
|
ngrok is Vulnerable to Command Injection
ngrok is Vulnerable to Command Injection
|
| CVE-2026-20685 |
|
Vulnerability in apple (CVE-2026-20685)
vulnerability in apple (CVE-2026-20685). Confidential information can be exposed externally.
|
| CVE-2026-45660 |
|
SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
|
| CVE-2026-42326 |
|
Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-42326)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-42326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
|
| CVE-2026-39079 |
|
Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
|
| CVE-2026-41948 |
|
Vulnerability in path-traversal (CVE-2026-41948)
vulnerability in path-traversal (CVE-2026-41948). Confidential information can be exposed externally.
|
| CVE-2026-26462 |
|
Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33637 |
|
SSRF (Server-Side Request Forgery) in faraday (CVE-2026-33637)
SSRF in faraday (CVE-2026-33637). Risk of unauthorized operations or information disclosure. Exploitable via ``URI``. Mitigation: upgrade to `2.14.2` or later.
|
| CVE-2026-45577 |
|
Vulnerability in neotoma (CVE-2026-45577)
vulnerability in neotoma (CVE-2026-45577). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.11.1` or later.
|
| CVE-2026-45627 |
|
Cross-Site Scripting (XSS) in github.com/getarcaneapp/arcane/backend (CVE-2026-45627)
cross-site scripting in github.com/getarcaneapp/arcane/backend (CVE-2026-45627). Confidential information can be exposed externally. Exploitable via `GET /api/app-images/logo`. Mitigation: upgrade to `1.19.0` or later.
|
| CVE-2026-45626 |
|
OS Command Injection in github.com/getarcaneapp/arcane/backend (CVE-2026-45626)
OS command injection in github.com/getarcaneapp/arcane/backend (CVE-2026-45626). Risk of unauthorized operations or information disclosure. Exploitable via `GET /environments/{id}/volumes/{volumeName}/browse`.
|
| CVE-2026-45625 |
|
Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625). Successful exploitation can lead to full system takeover. Exploitable via `PUT /customize/git-repositories/{id}`. Mitigation: upgrade to `1.19.0` or later.
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45620 |
|
Vulnerability in WWBN/AVideo (CVE-2026-45620)
vulnerability in WWBN/AVideo (CVE-2026-45620). Risk of unauthorized operations or information disclosure. Exploitable via ``d9cdc7024``.
|
| CVE-2026-45609 |
|
SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
SSRF in org.springaicommunity:mcp-client-security (CVE-2026-45609). Risk of unauthorized operations or information disclosure. Exploitable via ``McpOAuth2ClientManager``. Mitigation: upgrade to `0.1.9` or later.
|
| CVE-2026-46510 |
|
Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-7304 |
|
Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7301 |
|
Unsafe Deserialization in sglang (CVE-2026-7301)
vulnerability in sglang (CVE-2026-7301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7302 |
|
Vulnerability in sglang (CVE-2026-7302)
vulnerability in sglang (CVE-2026-7302). Data can be tampered with by attackers.
|
| CVE-2026-4320 |
|
Vulnerability in privilege-escalation (CVE-2026-4320)
vulnerability in privilege-escalation (CVE-2026-4320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8802 |
|
Path Traversal in path-traversal (CVE-2026-8802)
path traversal in path-traversal (CVE-2026-8802). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41119 |
|
Vulnerability in CVE-2026-41119 (CVE-2026-41119)
vulnerability in CVE-2026-41119 (CVE-2026-41119). Confidential information can be exposed externally.
|
| CVE-2026-6902 |
|
Code Injection in CVE-2026-6902 (CVE-2026-6902)
code injection in CVE-2026-6902 (CVE-2026-6902). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3117 |
|
Vulnerability in mattermost (CVE-2026-3117)
vulnerability in mattermost (CVE-2026-3117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5163 |
|
Vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-5163)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-5163). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.0-20260401090745-f4d1abe7e8f5` or later.
|
| CVE-2026-4286 |
|
Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-4286)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-4286). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.11.14` or later.
|