Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-45676 Vulnerability in go.opentelemetry.io/obi (CVE-2026-45676)
vulnerability in go.opentelemetry.io/obi (CVE-2026-45676). Risk of unauthorized operations or information disclosure. Exploitable via ``GetCStringUnsafe``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45031 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45031). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-42306 Vulnerability in github.com/docker/docker (CVE-2026-42306)
vulnerability in github.com/docker/docker (CVE-2026-42306). Data can be tampered with by attackers. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-41568 Vulnerability in github.com/docker/docker (CVE-2026-41568)
vulnerability in github.com/docker/docker (CVE-2026-41568). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-45727 Path Traversal in cloakbrowser (CVE-2026-45727)
path traversal in cloakbrowser (CVE-2026-45727). Risk of unauthorized operations or information disclosure. Exploitable via ``cloakserve``. Mitigation: upgrade to `0.3.28` or later.
CVE-2026-45358 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45358)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45358). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45359 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-45359)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-45359). Confidential information can be exposed externally. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-45719 Code Injection in @budibase/server (CVE-2026-45719)
code injection in @budibase/server (CVE-2026-45719). Confidential information can be exposed externally. Exploitable via `POST /api/views`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-41567 Vulnerability in github.com/moby/moby/v2 (CVE-2026-41567)
vulnerability in github.com/moby/moby/v2 (CVE-2026-41567). Confidential information can be exposed externally. Exploitable via `PUT /containers/{id}/archive`. Mitigation: upgrade to `2.0.0-beta.14` or later.
CVE-2026-45718 Authorization Flaw in budibase (CVE-2026-45718)
vulnerability in budibase (CVE-2026-45718). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/tables/`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-45716 Privilege Escalation in @budibase/worker (CVE-2026-45716)
vulnerability in @budibase/worker (CVE-2026-45716). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/global/users/onboard`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-45707 Vulnerability in n8n-mcp (CVE-2026-45707)
vulnerability in n8n-mcp (CVE-2026-45707). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.51.2` or later.
CVE-2026-45697 Vulnerability in verbb/formie (CVE-2026-45697)
vulnerability in verbb/formie (CVE-2026-45697). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.20` or later.
CVE-2026-45327 Vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327)
vulnerability in github.com/DatanoiseTV/tinyice (CVE-2026-45327). Data can be tampered with by attackers. Exploitable via `POST /webrtc/source-offer`. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-45829 Code Injection in chromadb (CVE-2026-45829)
code injection in chromadb (CVE-2026-45829). Successful exploitation can lead to full system takeover.
CVE-2026-38719 Out-of-Bounds Read in c (CVE-2026-38719)
vulnerability in c (CVE-2026-38719). Risk of unauthorized operations or information disclosure.
CVE-2026-41085 Privilege Escalation in privilege-escalation (CVE-2026-41085)
vulnerability in privilege-escalation (CVE-2026-41085). Successful exploitation can lead to full system takeover.
CVE-2026-45302 Vulnerability in parse-nested-form-data (CVE-2026-45302)
vulnerability in parse-nested-form-data (CVE-2026-45302). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-45300 Information Disclosure in org.asynchttpclient:async-http-client (CVE-2026-45300)
vulnerability in org.asynchttpclient:async-http-client (CVE-2026-45300). Confidential information can be exposed externally. Exploitable via ``Cookie``. Mitigation: upgrade to `2.15.0` or later.
CVE-2026-45298 SSRF (Server-Side Request Forgery) in github.com/amir20/dozzle (CVE-2026-45298)
SSRF in github.com/amir20/dozzle (CVE-2026-45298). Confidential information can be exposed externally. Exploitable via `POST /api/notifications/test-webhook`.
CVE-2026-46385 Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46385). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader.ReadBlockHeader``. Mitigation: upgrade to `2.33.0` or later.
CVE-2026-46384 Vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384)
vulnerability in github.com/iskorotkov/avro/v2 (CVE-2026-46384). Risk of unauthorized operations or information disclosure. Exploitable via ``int``. Mitigation: upgrade to `2.33.0` or later.
CVE-2026-45149 Vulnerability in brace-expansion (CVE-2026-45149)
vulnerability in brace-expansion (CVE-2026-45149). Risk of unauthorized operations or information disclosure. Exploitable via ``max``. Mitigation: upgrade to `5.0.6` or later.
CVE-2025-56352 Vulnerability in dos (CVE-2025-56352)
vulnerability in dos (CVE-2025-56352). Risk of unauthorized operations or information disclosure.
CVE-2025-57282 ngrok is Vulnerable to Command Injection
ngrok is Vulnerable to Command Injection
CVE-2026-20685 Vulnerability in apple (CVE-2026-20685)
vulnerability in apple (CVE-2026-20685). Confidential information can be exposed externally.
CVE-2026-45660 SSRF (Server-Side Request Forgery) in statamic/cms (CVE-2026-45660)
SSRF in statamic/cms (CVE-2026-45660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.22` or later.
CVE-2026-42326 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-42326)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-42326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.13.1` or later.
CVE-2026-39079 Information Disclosure in CVE-2026-39079 (CVE-2026-39079)
vulnerability in CVE-2026-39079 (CVE-2026-39079). Confidential information can be exposed externally.
CVE-2026-41948 Vulnerability in path-traversal (CVE-2026-41948)
vulnerability in path-traversal (CVE-2026-41948). Confidential information can be exposed externally.
CVE-2026-26462 Vulnerability in CVE-2026-26462 (CVE-2026-26462)
vulnerability in CVE-2026-26462 (CVE-2026-26462). Risk of unauthorized operations or information disclosure.
CVE-2026-33637 SSRF (Server-Side Request Forgery) in faraday (CVE-2026-33637)
SSRF in faraday (CVE-2026-33637). Risk of unauthorized operations or information disclosure. Exploitable via ``URI``. Mitigation: upgrade to `2.14.2` or later.
CVE-2026-45577 Vulnerability in neotoma (CVE-2026-45577)
vulnerability in neotoma (CVE-2026-45577). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.11.1` or later.
CVE-2026-45627 Cross-Site Scripting (XSS) in github.com/getarcaneapp/arcane/backend (CVE-2026-45627)
cross-site scripting in github.com/getarcaneapp/arcane/backend (CVE-2026-45627). Confidential information can be exposed externally. Exploitable via `GET /api/app-images/logo`. Mitigation: upgrade to `1.19.0` or later.
CVE-2026-45626 OS Command Injection in github.com/getarcaneapp/arcane/backend (CVE-2026-45626)
OS command injection in github.com/getarcaneapp/arcane/backend (CVE-2026-45626). Risk of unauthorized operations or information disclosure. Exploitable via `GET /environments/{id}/volumes/{volumeName}/browse`.
CVE-2026-45625 Vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625)
vulnerability in github.com/getarcaneapp/arcane/backend (CVE-2026-45625). Successful exploitation can lead to full system takeover. Exploitable via `PUT /customize/git-repositories/{id}`. Mitigation: upgrade to `1.19.0` or later.
CVE-2026-45135 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
CVE-2026-45620 Vulnerability in WWBN/AVideo (CVE-2026-45620)
vulnerability in WWBN/AVideo (CVE-2026-45620). Risk of unauthorized operations or information disclosure. Exploitable via ``d9cdc7024``.
CVE-2026-45609 SSRF (Server-Side Request Forgery) in org.springaicommunity:mcp-client-security (CVE-2026-45609)
SSRF in org.springaicommunity:mcp-client-security (CVE-2026-45609). Risk of unauthorized operations or information disclosure. Exploitable via ``McpOAuth2ClientManager``. Mitigation: upgrade to `0.1.9` or later.
CVE-2026-46510 Vulnerability in form-data-objectizer (CVE-2026-46510)
vulnerability in form-data-objectizer (CVE-2026-46510). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.1` or later.
CVE-2026-7304 Unsafe Deserialization in sglang (CVE-2026-7304)
vulnerability in sglang (CVE-2026-7304). Successful exploitation can lead to full system takeover.
CVE-2026-7301 Unsafe Deserialization in sglang (CVE-2026-7301)
vulnerability in sglang (CVE-2026-7301). Successful exploitation can lead to full system takeover.
CVE-2026-7302 Vulnerability in sglang (CVE-2026-7302)
vulnerability in sglang (CVE-2026-7302). Data can be tampered with by attackers.
CVE-2026-4320 Vulnerability in privilege-escalation (CVE-2026-4320)
vulnerability in privilege-escalation (CVE-2026-4320). Risk of unauthorized operations or information disclosure.
CVE-2026-8802 Path Traversal in path-traversal (CVE-2026-8802)
path traversal in path-traversal (CVE-2026-8802). Risk of unauthorized operations or information disclosure.
CVE-2026-41119 Vulnerability in CVE-2026-41119 (CVE-2026-41119)
vulnerability in CVE-2026-41119 (CVE-2026-41119). Confidential information can be exposed externally.
CVE-2026-6902 Code Injection in CVE-2026-6902 (CVE-2026-6902)
code injection in CVE-2026-6902 (CVE-2026-6902). Risk of unauthorized operations or information disclosure.
CVE-2026-3117 Vulnerability in mattermost (CVE-2026-3117)
vulnerability in mattermost (CVE-2026-3117). Risk of unauthorized operations or information disclosure.
CVE-2026-5163 Vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-5163)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-5163). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.0-20260401090745-f4d1abe7e8f5` or later.
CVE-2026-4286 Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-4286)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-4286). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.11.14` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →