Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-15024 |
|
Code Injection in CVE-2025-15024 (CVE-2025-15024)
code injection in CVE-2025-15024 (CVE-2025-15024). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15023 |
|
Authorization Flaw in CVE-2025-15023 (CVE-2025-15023)
vulnerability in CVE-2025-15023 (CVE-2025-15023). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41615 |
|
Information Disclosure in microsoft (CVE-2026-41615)
vulnerability in microsoft (CVE-2026-41615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6332 |
|
Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
|
| CVE-2026-45011 |
|
Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
|
| CVE-2026-45013 |
|
Vulnerability in apostrophe (CVE-2026-45013)
vulnerability in apostrophe (CVE-2026-45013). Confidential information can be exposed externally. Exploitable via `POST /api/v1/login/reset-request`.
|
| CVE-2026-45012 |
|
SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
|
| CVE-2026-44990 |
|
Cross-Site Scripting (XSS) in sanitize-html (CVE-2026-44990)
cross-site scripting in sanitize-html (CVE-2026-44990). Confidential information can be exposed externally. Exploitable via ``xmp``. Mitigation: upgrade to `2.17.4` or later.
|
| CVE-2026-44973 |
|
Path Traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973)
path traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973). Confidential information can be exposed externally. Exploitable via ``osfs.ChrootOS``. Mitigation: upgrade to `5.9.0` or later.
|
| CVE-2026-44520 |
|
Open Redirect in docling-graph (CVE-2026-44520)
vulnerability in docling-graph (CVE-2026-44520). Confidential information can be exposed externally. Exploitable via ``URLInputHandler``. Mitigation: upgrade to `1.5.1` or later.
|
| CVE-2026-44542 |
|
Path Traversal in github.com/gtsteffaniak/filebrowser (CVE-2026-44542)
path traversal in github.com/gtsteffaniak/filebrowser (CVE-2026-44542). Data can be tampered with by attackers. Exploitable via `DELETE /public/api/resources`. Mitigation: upgrade to `0.0.0-20260501183844-112740bdd41d` or later.
|
| CVE-2026-42598 |
|
Path Traversal in c (CVE-2026-42598)
path traversal in c (CVE-2026-42598). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.13.0` or later.
|
| CVE-2026-41888 |
|
Authorization Flaw in github.com/distribution/distribution/v3 (CVE-2026-41888)
vulnerability in github.com/distribution/distribution/v3 (CVE-2026-41888). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /v2/`. Mitigation: upgrade to `3.1.1` or later.
|
| CVE-2026-42572 |
|
Vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572)
vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572). Confidential information can be exposed externally. Exploitable via `GET /api/v1/stable/dags/tasks`. Mitigation: upgrade to `0.83.39` or later.
|
| CVE-2026-44515 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44515)
SSRF in ssrf (CVE-2026-44515). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `28.3.0-beta.1` or later.
|
| CVE-2026-45448 |
|
CWE-601 URL redirection to untrusted site ('open redirect')
CWE-601 URL redirection to untrusted site ('open redirect')
|
| CVE-2026-44348 |
|
Vulnerability in c (CVE-2026-44348)
vulnerability in c (CVE-2026-44348). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.4` or later.
|
| CVE-2026-42555 |
|
Code Injection in com.ritense.valtimo:document (CVE-2026-42555)
code injection in com.ritense.valtimo:document (CVE-2026-42555). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/management/v1/document-definition/migrate`. Mitigation: upgrade to `12.32.0` or later.
|
| CVE-2026-20224 |
|
Vulnerability in cisco (CVE-2026-20224)
vulnerability in cisco (CVE-2026-20224). Confidential information can be exposed externally.
|
| CVE-2025-62312 |
|
Vulnerability in CVE-2025-62312 (CVE-2025-62312)
vulnerability in CVE-2025-62312 (CVE-2025-62312). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44899 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44899)
cross-site scripting in mistune (CVE-2026-44899). Risk of unauthorized operations or information disclosure. Exploitable via ``outline``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-44898 |
|
Cross-Site Scripting (XSS) in mistune (CVE-2026-44898)
cross-site scripting in mistune (CVE-2026-44898). Risk of unauthorized operations or information disclosure. Exploitable via ``text``. Mitigation: upgrade to `3.2.1` or later.
|
| CVE-2026-45292 |
|
Vulnerability in io.opentelemetry:opentelemetry-api (CVE-2026-45292)
vulnerability in io.opentelemetry:opentelemetry-api (CVE-2026-45292). Risk of unauthorized operations or information disclosure. Exploitable via ``W3CBaggagePropagator``. Mitigation: upgrade to `1.62.0` or later.
|
| CVE-2026-44884 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44884)
vulnerability in github.com/portainer/portainer (CVE-2026-44884). Confidential information can be exposed externally. Exploitable via `GET /api/custom_templates/{id}/file`. Mitigation: upgrade to `2.39.1` or later.
|
| CVE-2026-44849 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44849)
vulnerability in github.com/portainer/portainer (CVE-2026-44849). Successful exploitation can lead to full system takeover. Exploitable via `POST /services/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44882 |
|
Authorization Flaw in github.com/portainer/portainer (CVE-2026-44882)
vulnerability in github.com/portainer/portainer (CVE-2026-44882). Confidential information can be exposed externally. Exploitable via ``kubeClientMiddleware``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-44881 |
|
Information Disclosure in github.com/portainer/portainer (CVE-2026-44881)
vulnerability in github.com/portainer/portainer (CVE-2026-44881). Successful exploitation can lead to full system takeover. Exploitable via `GET /api/stacks/{id}/file`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44850 |
|
Authorization Flaw in github.com/portainer/portainer (CVE-2026-44850)
vulnerability in github.com/portainer/portainer (CVE-2026-44850). Confidential information can be exposed externally. Exploitable via `POST /containers/create`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-44885 |
|
Path Traversal in github.com/portainer/portainer (CVE-2026-44885)
path traversal in github.com/portainer/portainer (CVE-2026-44885). Data can be tampered with by attackers. Exploitable via ``ExtractTarGz``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-44848 |
|
Vulnerability in github.com/portainer/portainer (CVE-2026-44848)
vulnerability in github.com/portainer/portainer (CVE-2026-44848). Successful exploitation can lead to full system takeover. Exploitable via `POST /plugins/pull`. Mitigation: upgrade to `2.41.0` or later.
|
| CVE-2026-46444 |
|
Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-45076 |
|
Vulnerability in matrix-synapse (CVE-2026-45076)
vulnerability in matrix-synapse (CVE-2026-45076). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.152.1` or later.
|
| CVE-2026-45078 |
|
Vulnerability in matrix-synapse (CVE-2026-45078)
vulnerability in matrix-synapse (CVE-2026-45078). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.152.1` or later.
|
| CVE-2026-44792 |
|
SQL Injection in n8n (CVE-2026-44792)
SQL injection in n8n (CVE-2026-44792). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44791 |
|
Vulnerability in n8n (CVE-2026-44791)
vulnerability in n8n (CVE-2026-44791). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44790 |
|
Vulnerability in n8n (CVE-2026-44790)
vulnerability in n8n (CVE-2026-44790). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44789 |
|
Vulnerability in n8n (CVE-2026-44789)
vulnerability in n8n (CVE-2026-44789). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.
|
| CVE-2026-44503 |
|
Open Redirect in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503)
vulnerability in com.microsoft.kiota:microsoft-kiota-abstractions (CVE-2026-44503). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-44501 |
|
Unsafe Deserialization in react (CVE-2026-44501)
vulnerability in react (CVE-2026-44501). Risk of unauthorized operations or information disclosure. Exploitable via `GET /callback/oidc`. Mitigation: upgrade to `1.5.0.3` or later.
|
| CVE-2026-44504 |
|
Vulnerability in aegra-api (CVE-2026-44504)
vulnerability in aegra-api (CVE-2026-44504). Risk of unauthorized operations or information disclosure. Exploitable via `POST /threads/{thread_id}/runs`. Mitigation: upgrade to `0.9.7` or later.
|
| CVE-2026-42597 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42597)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42597). Confidential information can be exposed externally. Exploitable via ``AllowedFilePrefixes``. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42594 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42594). Risk of unauthorized operations or information disclosure. Exploitable via `GET /version`. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42591 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42591). Confidential information can be exposed externally. Exploitable via `GET /GOTENBERG_SSRF`.
|
| CVE-2026-42592 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42592)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42592). Risk of unauthorized operations or information disclosure. Exploitable via ``FilterOutboundURL``.
|
| CVE-2026-42596 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-42596). Confidential information can be exposed externally. Exploitable via `POST /upload`. Mitigation: upgrade to `8.32.0` or later.
|
| CVE-2026-42593 |
|
Path Traversal in github.com/gotenberg/gotenberg/v8 (CVE-2026-42593)
path traversal in github.com/gotenberg/gotenberg/v8 (CVE-2026-42593). Risk of unauthorized operations or information disclosure. Exploitable via ``stamp``.
|
| CVE-2026-42590 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590). Data can be tampered with by attackers. Exploitable via ``FileName``.
|
| CVE-2026-42283 |
|
Information Disclosure in github.com/loft-sh/devspace (CVE-2026-42283)
vulnerability in github.com/loft-sh/devspace (CVE-2026-42283). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.3.21` or later.
|
| CVE-2026-42281 |
|
SSRF (Server-Side Request Forgery) in magicmirror (CVE-2026-42281)
SSRF in magicmirror (CVE-2026-42281). Confidential information can be exposed externally. Exploitable via `GET /cors`. Mitigation: upgrade to `2.36.0` or later.
|
| CVE-2026-42589 |
|
OS Command Injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589)
OS command injection in github.com/gotenberg/gotenberg/v8 (CVE-2026-42589). Successful exploitation can lead to full system takeover. Exploitable via ``dangerousTags``.
|