Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-41897 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-41897)
cross-site scripting in mantisbt/mantisbt (CVE-2026-41897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-41159 Code Injection in mermaid (CVE-2026-41159)
code injection in mermaid (CVE-2026-41159). Risk of unauthorized operations or information disclosure. Exploitable via ``fontFamily``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-41150 Vulnerability in mermaid (CVE-2026-41150)
vulnerability in mermaid (CVE-2026-41150). Risk of unauthorized operations or information disclosure. Exploitable via ``excludes``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-41149 Code Injection in mermaid (CVE-2026-41149)
code injection in mermaid (CVE-2026-41149). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-41148 Code Injection in mermaid (CVE-2026-41148)
code injection in mermaid (CVE-2026-41148). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-39960 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-39960)
cross-site scripting in mantisbt/mantisbt (CVE-2026-39960). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-39850 Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.
CVE-2026-34970 Information Disclosure in mantisbt/mantisbt (CVE-2026-34970)
vulnerability in mantisbt/mantisbt (CVE-2026-34970). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34754 Vulnerability in mantisbt/mantisbt (CVE-2026-34754)
vulnerability in mantisbt/mantisbt (CVE-2026-34754). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34744 Information Disclosure in mantisbt/mantisbt (CVE-2026-34744)
vulnerability in mantisbt/mantisbt (CVE-2026-34744). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34579 Information Disclosure in mantisbt/mantisbt (CVE-2026-34579)
vulnerability in mantisbt/mantisbt (CVE-2026-34579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34463 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-34463)
cross-site scripting in mantisbt/mantisbt (CVE-2026-34463). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34390 Vulnerability in mantisbt/mantisbt (CVE-2026-34390)
vulnerability in mantisbt/mantisbt (CVE-2026-34390). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /project/{id}/users`. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-7790 Vulnerability in cowlib (CVE-2026-7790)
vulnerability in cowlib (CVE-2026-7790). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.16.1` or later.
CVE-2026-8318 Vulnerability in CVE-2026-8318 (CVE-2026-8318)
vulnerability in CVE-2026-8318 (CVE-2026-8318). Risk of unauthorized operations or information disclosure.
CVE-2026-45223 Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
CVE-2026-45224 Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution
Crabbox contains a path traversal vulnerability in the Islo provider's workspace path resolution
CVE-2026-45222 Vulnerability in @steipete/summarize (CVE-2026-45222)
vulnerability in @steipete/summarize (CVE-2026-45222). Confidential information can be exposed externally. Mitigation: upgrade to `0.15.0` or later.
CVE-2026-43968 Vulnerability in cowlib (CVE-2026-43968)
vulnerability in cowlib (CVE-2026-43968). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.16.1` or later.
CVE-2026-43969 Vulnerability in cowlib (CVE-2026-43969)
vulnerability in cowlib (CVE-2026-43969). Risk of unauthorized operations or information disclosure.
CVE-2026-42871 Information Disclosure in CVE-2026-42871 (CVE-2026-42871)
vulnerability in CVE-2026-42871 (CVE-2026-42871). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-42864 Vulnerability in firefighter-incident (CVE-2026-42864)
vulnerability in firefighter-incident (CVE-2026-42864). Confidential information can be exposed externally. Exploitable via `POST /api/v2/firefighter/raid/jira_bot`. Mitigation: upgrade to `0.0.54` or later.
CVE-2026-42866 Path Traversal in CVE-2026-42866 (CVE-2026-42866)
path traversal in CVE-2026-42866 (CVE-2026-42866). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1fix` or later.
CVE-2026-45001 Vulnerability in ssrf (CVE-2026-45001)
vulnerability in ssrf (CVE-2026-45001). Data can be tampered with by attackers.
CVE-2026-45002 Vulnerability in openclaw (CVE-2026-45002)
vulnerability in openclaw (CVE-2026-45002). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.20` or later.
CVE-2026-44998 Authorization Flaw in openclaw (CVE-2026-44998)
vulnerability in openclaw (CVE-2026-44998). Risk of unauthorized operations or information disclosure.
CVE-2026-45000 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-45000)
SSRF in ssrf (CVE-2026-45000). Risk of unauthorized operations or information disclosure.
CVE-2026-8305 Authentication Bypass in openclaw (CVE-2026-8305)
authentication bypass in openclaw (CVE-2026-8305). Risk of unauthorized operations or information disclosure.
CVE-2026-45004 Code Injection in openclaw (CVE-2026-45004)
code injection in openclaw (CVE-2026-45004). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.23` or later.
CVE-2026-7308 Cross-Site Scripting (XSS) in CVE-2026-7308 (CVE-2026-7308)
cross-site scripting in CVE-2026-7308 (CVE-2026-7308). Risk of unauthorized operations or information disclosure.
CVE-2026-4891 Out-of-Bounds Read in dos (CVE-2026-4891)
vulnerability in dos (CVE-2026-4891). Risk of unauthorized operations or information disclosure.
CVE-2026-5172 Out-of-Bounds Read in CVE-2026-5172 (CVE-2026-5172)
vulnerability in CVE-2026-5172 (CVE-2026-5172). Risk of unauthorized operations or information disclosure.
CVE-2026-4892 Vulnerability in CVE-2026-4892 (CVE-2026-4892)
vulnerability in CVE-2026-4892 (CVE-2026-4892). Successful exploitation can lead to full system takeover.
CVE-2026-5266 Information Disclosure in CVE-2026-5266 (CVE-2026-5266)
vulnerability in CVE-2026-5266 (CVE-2026-5266). Risk of unauthorized operations or information disclosure.
CVE-2026-4890 Vulnerability in dos (CVE-2026-4890)
vulnerability in dos (CVE-2026-4890). Risk of unauthorized operations or information disclosure.
CVE-2026-45006 Vulnerability in openclaw (CVE-2026-45006)
vulnerability in openclaw (CVE-2026-45006). Successful exploitation can lead to full system takeover.
CVE-2026-45003 Vulnerability in openclaw (CVE-2026-45003)
vulnerability in openclaw (CVE-2026-45003). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.22` or later.
CVE-2026-44413 Vulnerability in jetbrains (CVE-2026-44413)
vulnerability in jetbrains (CVE-2026-44413). Confidential information can be exposed externally.
CVE-2026-44995 Vulnerability in openclaw (CVE-2026-44995)
vulnerability in openclaw (CVE-2026-44995). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.20` or later.
CVE-2026-44993 Vulnerability in openclaw (CVE-2026-44993)
vulnerability in openclaw (CVE-2026-44993). Risk of unauthorized operations or information disclosure.
CVE-2026-44992 Vulnerability in openclaw (CVE-2026-44992)
vulnerability in openclaw (CVE-2026-44992). Confidential information can be exposed externally. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.20` or later.
CVE-2026-43640 Vulnerability in bitwarden (CVE-2026-43640)
vulnerability in bitwarden (CVE-2026-43640). Confidential information can be exposed externally.
CVE-2026-43639 Vulnerability in bitwarden (CVE-2026-43639)
vulnerability in bitwarden (CVE-2026-43639). Successful exploitation can lead to full system takeover. Exploitable via `POST /providers/{providerId}/clients/existing`.
CVE-2026-44994 Vulnerability in openclaw (CVE-2026-44994)
vulnerability in openclaw (CVE-2026-44994). Risk of unauthorized operations or information disclosure.
CVE-2026-43638 Vulnerability in bitwarden (CVE-2026-43638)
vulnerability in bitwarden (CVE-2026-43638). Risk of unauthorized operations or information disclosure. Exploitable via `POST /ciphers/import-organization`.
CVE-2026-44991 Vulnerability in openclaw (CVE-2026-44991)
vulnerability in openclaw (CVE-2026-44991). Risk of unauthorized operations or information disclosure. Exploitable via ``commands.ownerAllowFrom``. Mitigation: upgrade to `2026.4.21` or later.
CVE-2026-44996 Path Traversal in openclaw (CVE-2026-44996)
path traversal in openclaw (CVE-2026-44996). Risk of unauthorized operations or information disclosure.
CVE-2026-33359 Vulnerability in CVE-2026-33359 (CVE-2026-33359)
vulnerability in CVE-2026-33359 (CVE-2026-33359). Confidential information can be exposed externally.
CVE-2026-33357 Vulnerability in CVE-2026-33357 (CVE-2026-33357)
vulnerability in CVE-2026-33357 (CVE-2026-33357). Confidential information can be exposed externally. Exploitable via `GET /openapi/device/status`.
CVE-2026-3048 Unsafe Deserialization in CVE-2026-3048 (CVE-2026-3048)
vulnerability in CVE-2026-3048 (CVE-2026-3048). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →