Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-43909 Out-of-Bounds Read in openimageio (CVE-2026-43909)
vulnerability in openimageio (CVE-2026-43909). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43996 Out-of-Bounds Read in openimageio (CVE-2026-43996)
vulnerability in openimageio (CVE-2026-43996). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43905 Vulnerability in cpp (CVE-2026-43905)
vulnerability in cpp (CVE-2026-43905). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43907 Vulnerability in cpp (CVE-2026-43907)
vulnerability in cpp (CVE-2026-43907). Data can be tampered with by attackers. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43908 Vulnerability in openimageio (CVE-2026-43908)
vulnerability in openimageio (CVE-2026-43908). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43903 Out-of-Bounds Write in cpp (CVE-2026-43903)
out-of-bounds write in cpp (CVE-2026-43903). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43904 Out-of-Bounds Write in cpp (CVE-2026-43904)
out-of-bounds write in cpp (CVE-2026-43904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43906 Vulnerability in openimageio (CVE-2026-43906)
vulnerability in openimageio (CVE-2026-43906). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-45303 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45303)
cross-site scripting in open-webui (CVE-2026-45303). Confidential information can be exposed externally. Exploitable via ``High``. Mitigation: upgrade to `0.6.5` or later.
CVE-2026-45301 Vulnerability in open-webui (CVE-2026-45301)
vulnerability in open-webui (CVE-2026-45301). Confidential information can be exposed externally. Exploitable via ``user_id``. Mitigation: upgrade to `0.3.16` or later.
CVE-2026-45058 Vulnerability in electerm (CVE-2026-45058)
vulnerability in electerm (CVE-2026-45058). Risk of unauthorized operations or information disclosure.
CVE-2026-45299 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45299)
cross-site scripting in open-webui (CVE-2026-45299). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/users/{user_id}/profile/image`. Mitigation: upgrade to `>= 0.8.0` or later.
CVE-2026-8596 Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-8621 Authentication Bypass in github.com/openclaw/crabbox (CVE-2026-8621)
authentication bypass in github.com/openclaw/crabbox (CVE-2026-8621). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.12.0` or later.
CVE-2026-44592 Vulnerability in CVE-2026-44592 (CVE-2026-44592)
vulnerability in CVE-2026-44592 (CVE-2026-44592). Data can be tampered with by attackers. Mitigation: upgrade to `1.1.1` or later.
CVE-2026-44633 Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
CVE-2026-44589 SSRF (Server-Side Request Forgery) in nuxt-og-image (CVE-2026-44589)
SSRF in nuxt-og-image (CVE-2026-44589). Risk of unauthorized operations or information disclosure. Exploitable via ``isBlockedUrl``. Mitigation: upgrade to `6.4.9` or later.
CVE-2026-44522 Vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44522)
vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44522). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/notes/{noteID}/assets`. Mitigation: upgrade to `0.0.0-20260501152243-db3f72bff780` or later.
CVE-2026-44586 Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
cross-site scripting in CVE-2026-44586 (CVE-2026-44586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-44523 Vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44523)
vulnerability in github.com/enchant97/note-mark/backend (CVE-2026-44523). Confidential information can be exposed externally. Exploitable via ``JWT_SECRET``. Mitigation: upgrade to `0.0.0-20260501152247-18b587758667` or later.
CVE-2026-41315 OS Command Injection in midoks (CVE-2026-41315)
OS command injection in midoks (CVE-2026-41315). Successful exploitation can lead to full system takeover.
CVE-2026-27680 Vulnerability in sap (CVE-2026-27680)
vulnerability in sap (CVE-2026-27680). Risk of unauthorized operations or information disclosure.
CVE-2026-44541 Cross-Site Scripting (XSS) in ethyca-fides (CVE-2026-44541)
cross-site scripting in ethyca-fides (CVE-2026-44541). Risk of unauthorized operations or information disclosure. Exploitable via ``fides.js``. Mitigation: upgrade to `2.84.5` or later.
CVE-2026-42897 KEV [KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
cross-site scripting in Microsoft exchange-server (CVE-2026-42897). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2025-15024 Code Injection in CVE-2025-15024 (CVE-2025-15024)
code injection in CVE-2025-15024 (CVE-2025-15024). Successful exploitation can lead to full system takeover.
CVE-2025-15023 Authorization Flaw in CVE-2025-15023 (CVE-2025-15023)
vulnerability in CVE-2025-15023 (CVE-2025-15023). Successful exploitation can lead to full system takeover.
CVE-2026-41615 Information Disclosure in microsoft (CVE-2026-41615)
vulnerability in microsoft (CVE-2026-41615). Successful exploitation can lead to full system takeover.
CVE-2026-6332 Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
CVE-2026-45011 Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
CVE-2026-45013 Vulnerability in apostrophe (CVE-2026-45013)
vulnerability in apostrophe (CVE-2026-45013). Confidential information can be exposed externally. Exploitable via `POST /api/v1/login/reset-request`.
CVE-2026-45012 SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
CVE-2026-44990 Cross-Site Scripting (XSS) in sanitize-html (CVE-2026-44990)
cross-site scripting in sanitize-html (CVE-2026-44990). Confidential information can be exposed externally. Exploitable via ``xmp``. Mitigation: upgrade to `2.17.4` or later.
CVE-2026-44973 Path Traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973)
path traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973). Confidential information can be exposed externally. Exploitable via ``osfs.ChrootOS``. Mitigation: upgrade to `5.9.0` or later.
CVE-2026-44520 Open Redirect in docling-graph (CVE-2026-44520)
vulnerability in docling-graph (CVE-2026-44520). Confidential information can be exposed externally. Exploitable via ``URLInputHandler``. Mitigation: upgrade to `1.5.1` or later.
CVE-2026-44542 Path Traversal in github.com/gtsteffaniak/filebrowser (CVE-2026-44542)
path traversal in github.com/gtsteffaniak/filebrowser (CVE-2026-44542). Data can be tampered with by attackers. Exploitable via `DELETE /public/api/resources`. Mitigation: upgrade to `0.0.0-20260501183844-112740bdd41d` or later.
CVE-2026-42598 Path Traversal in c (CVE-2026-42598)
path traversal in c (CVE-2026-42598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.13.0` or later.
CVE-2026-41888 Authorization Flaw in github.com/distribution/distribution/v3 (CVE-2026-41888)
vulnerability in github.com/distribution/distribution/v3 (CVE-2026-41888). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /v2/`. Mitigation: upgrade to `3.1.1` or later.
CVE-2026-42572 Vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572)
vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572). Confidential information can be exposed externally. Exploitable via `GET /api/v1/stable/dags/tasks`. Mitigation: upgrade to `0.83.39` or later.
CVE-2026-44515 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44515)
SSRF in ssrf (CVE-2026-44515). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `28.3.0-beta.1` or later.
CVE-2026-45448 CWE-601 URL redirection to untrusted site ('open redirect')
CWE-601 URL redirection to untrusted site ('open redirect')
CVE-2026-44348 Vulnerability in c (CVE-2026-44348)
vulnerability in c (CVE-2026-44348). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.4` or later.
CVE-2026-42555 Code Injection in com.ritense.valtimo:document (CVE-2026-42555)
code injection in com.ritense.valtimo:document (CVE-2026-42555). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/management/v1/document-definition/migrate`. Mitigation: upgrade to `12.32.0` or later.
CVE-2026-20224 Vulnerability in cisco (CVE-2026-20224)
vulnerability in cisco (CVE-2026-20224). Confidential information can be exposed externally.
CVE-2025-62312 Vulnerability in CVE-2025-62312 (CVE-2025-62312)
vulnerability in CVE-2025-62312 (CVE-2025-62312). Risk of unauthorized operations or information disclosure.
CVE-2026-44899 Cross-Site Scripting (XSS) in mistune (CVE-2026-44899)
cross-site scripting in mistune (CVE-2026-44899). Risk of unauthorized operations or information disclosure. Exploitable via ``outline``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-44898 Cross-Site Scripting (XSS) in mistune (CVE-2026-44898)
cross-site scripting in mistune (CVE-2026-44898). Risk of unauthorized operations or information disclosure. Exploitable via ``text``. Mitigation: upgrade to `3.2.1` or later.
CVE-2026-45292 Vulnerability in io.opentelemetry:opentelemetry-api (CVE-2026-45292)
vulnerability in io.opentelemetry:opentelemetry-api (CVE-2026-45292). Risk of unauthorized operations or information disclosure. Exploitable via ``W3CBaggagePropagator``. Mitigation: upgrade to `1.62.0` or later.
CVE-2026-44884 Vulnerability in github.com/portainer/portainer (CVE-2026-44884)
vulnerability in github.com/portainer/portainer (CVE-2026-44884). Confidential information can be exposed externally. Exploitable via `GET /api/custom_templates/{id}/file`. Mitigation: upgrade to `2.39.1` or later.
CVE-2026-44849 Vulnerability in github.com/portainer/portainer (CVE-2026-44849)
vulnerability in github.com/portainer/portainer (CVE-2026-44849). Successful exploitation can lead to full system takeover. Exploitable via `POST /services/create`. Mitigation: upgrade to `2.41.0` or later.
CVE-2026-44882 Authorization Flaw in github.com/portainer/portainer (CVE-2026-44882)
vulnerability in github.com/portainer/portainer (CVE-2026-44882). Confidential information can be exposed externally. Exploitable via ``kubeClientMiddleware``. Mitigation: upgrade to `2.33.8` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →