Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-44199 Vulnerability in wagtail (CVE-2026-44199)
vulnerability in wagtail (CVE-2026-44199). Data can be tampered with by attackers. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44198 Vulnerability in wagtail (CVE-2026-44198)
vulnerability in wagtail (CVE-2026-44198). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-44197 Vulnerability in wagtail (CVE-2026-44197)
vulnerability in wagtail (CVE-2026-44197). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
CVE-2026-7807 Path Traversal in smartertools (CVE-2026-7807)
path traversal in smartertools (CVE-2026-7807). Successful exploitation can lead to full system takeover.
CVE-2026-42189 Vulnerability in russh (CVE-2026-42189)
vulnerability in russh (CVE-2026-42189). Risk of unauthorized operations or information disclosure. Exploitable via ``read_userauth_info_response``. Mitigation: upgrade to `0.60.1` or later.
CVE-2026-42180 SSRF (Server-Side Request Forgery) in lemmy_api_common (CVE-2026-42180)
SSRF in lemmy_api_common (CVE-2026-42180). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v3/post`. Mitigation: upgrade to `0.19.18` or later.
CVE-2026-42181 SSRF (Server-Side Request Forgery) in lemmy_api_common (CVE-2026-42181)
SSRF in lemmy_api_common (CVE-2026-42181). Confidential information can be exposed externally. Exploitable via `POST /api/v3/post`. Mitigation: upgrade to `0.19.18` or later.
CVE-2026-44694 Vulnerability in n8n-mcp (CVE-2026-44694)
vulnerability in n8n-mcp (CVE-2026-44694). Confidential information can be exposed externally. Exploitable via ``N8N_API_URL``. Mitigation: upgrade to `2.50.2` or later.
CVE-2026-42185 Privilege Escalation in CVE-2026-42185 (CVE-2026-42185)
vulnerability in CVE-2026-42185 (CVE-2026-42185). Data can be tampered with by attackers.
CVE-2026-42282 Vulnerability in n8n-mcp (CVE-2026-42282)
vulnerability in n8n-mcp (CVE-2026-42282). Risk of unauthorized operations or information disclosure. Exploitable via ``n8n_manage_credentials.data``. Mitigation: upgrade to `2.47.13` or later.
CVE-2026-42190 Cross-Site Request Forgery (CSRF) in rwsdk (CVE-2026-42190)
vulnerability in rwsdk (CVE-2026-42190). Data can be tampered with by attackers. Exploitable via ``rwsdk``. Mitigation: upgrade to `1.2.3` or later.
CVE-2026-42176 Vulnerability in CVE-2026-42176 (CVE-2026-42176)
vulnerability in CVE-2026-42176 (CVE-2026-42176). Confidential information can be exposed externally.
CVE-2026-41495 Vulnerability in n8n-mcp (CVE-2026-41495)
vulnerability in n8n-mcp (CVE-2026-41495). Risk of unauthorized operations or information disclosure. Exploitable via `POST /mcp`. Mitigation: upgrade to `2.47.11` or later.
CVE-2026-42160 Vulnerability in CVE-2026-42160 (CVE-2026-42160)
vulnerability in CVE-2026-42160 (CVE-2026-42160). Risk of unauthorized operations or information disclosure.
CVE-2026-44560 Vulnerability in open-webui (CVE-2026-44560)
vulnerability in open-webui (CVE-2026-44560). Confidential information can be exposed externally. Exploitable via `POST /api/chat/completions`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44561 Authorization Flaw in open-webui (CVE-2026-44561)
vulnerability in open-webui (CVE-2026-44561). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/channels/{channel_id}/messages`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44564 Authorization Flaw in open-webui (CVE-2026-44564)
vulnerability in open-webui (CVE-2026-44564). Risk of unauthorized operations or information disclosure. Exploitable via ``read``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44563 Vulnerability in open-webui (CVE-2026-44563)
vulnerability in open-webui (CVE-2026-44563). Risk of unauthorized operations or information disclosure. Exploitable via `POST /ollama/api/generate`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44562 Vulnerability in open-webui (CVE-2026-44562)
vulnerability in open-webui (CVE-2026-44562). Data can be tampered with by attackers. Exploitable via `POST /api/v1/models/import`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44559 Vulnerability in open-webui (CVE-2026-44559)
vulnerability in open-webui (CVE-2026-44559). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/channels/{id}/members`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44557 Authorization Flaw in open-webui (CVE-2026-44557)
vulnerability in open-webui (CVE-2026-44557). Risk of unauthorized operations or information disclosure. Exploitable via `POST /query/doc`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44554 Vulnerability in open-webui (CVE-2026-44554)
vulnerability in open-webui (CVE-2026-44554). Data can be tampered with by attackers. Exploitable via `POST /api/v1/retrieval/process/web`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44558 Vulnerability in open-webui (CVE-2026-44558)
vulnerability in open-webui (CVE-2026-44558). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/channels/`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44556 Vulnerability in open-webui (CVE-2026-44556)
vulnerability in open-webui (CVE-2026-44556). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44555 Vulnerability in open-webui (CVE-2026-44555)
vulnerability in open-webui (CVE-2026-44555). Confidential information can be exposed externally. Exploitable via `POST /api/v1/models/create`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44552 Vulnerability in open-webui (CVE-2026-44552)
vulnerability in open-webui (CVE-2026-44552). Confidential information can be exposed externally. Exploitable via ``REDIS_KEY_PREFIX``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44550 Vulnerability in open-webui (CVE-2026-44550)
vulnerability in open-webui (CVE-2026-44550). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/users/search`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44551 Authentication Bypass in open-webui (CVE-2026-44551)
authentication bypass in open-webui (CVE-2026-44551). Confidential information can be exposed externally. Exploitable via `POST /api/v1/auths/ldap`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44737 Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-44737)
cross-site scripting in getgrav/grav (CVE-2026-44737). Risk of unauthorized operations or information disclosure. Exploitable via `GET /admin/pages/`. Mitigation: upgrade to `1.7.49.5` or later.
CVE-2026-44680 SQL Injection in @mikro-orm/sql (CVE-2026-44680)
SQL injection in @mikro-orm/sql (CVE-2026-44680). Confidential information can be exposed externally. Exploitable via ``Platform.quoteIdentifier``. Mitigation: upgrade to `7.0.14` or later.
CVE-2026-8178 Vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178)
vulnerability in com.amazon.redshift:redshift-jdbc42 (CVE-2026-8178). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.2.2` or later.
CVE-2026-41511 Vulnerability in OpenMcdf (CVE-2026-41511)
vulnerability in OpenMcdf (CVE-2026-41511). Risk of unauthorized operations or information disclosure. Exploitable via ``LeftSiblingID``. Mitigation: upgrade to `3.1.3` or later.
CVE-2026-29202 Code Injection in CVE-2026-29202 (CVE-2026-29202)
code injection in CVE-2026-29202 (CVE-2026-29202). Successful exploitation can lead to full system takeover. Exploitable via ``plugin``.
CVE-2026-29201 Vulnerability in CVE-2026-29201 (CVE-2026-29201)
vulnerability in CVE-2026-29201 (CVE-2026-29201). Confidential information can be exposed externally.
CVE-2026-6322 Vulnerability in fast-uri (CVE-2026-6322)
vulnerability in fast-uri (CVE-2026-6322). Data can be tampered with by attackers. Exploitable via ``evil.com``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-44502 SSRF (Server-Side Request Forgery) in bugsink (CVE-2026-44502)
SSRF in bugsink (CVE-2026-44502). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.3` or later.
CVE-2026-44588 Vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588)
vulnerability in github.com/siyuan-note/siyuan/kernel (CVE-2026-44588). Risk of unauthorized operations or information disclosure. Exploitable via ``getAttribute``.
CVE-2026-44721 Cross-Site Scripting (XSS) in open-webui (CVE-2026-44721)
cross-site scripting in open-webui (CVE-2026-44721). Confidential information can be exposed externally. Exploitable via ``marked``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-44714 Vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714)
vulnerability in org.bitcoinj:bitcoinj-core (CVE-2026-44714). Data can be tampered with by attackers. Exploitable via ``P2PKH``. Mitigation: upgrade to `0.17.1` or later.
CVE-2026-44310 Vulnerability in github.com/sigstore/gitsign (CVE-2026-44310)
vulnerability in github.com/sigstore/gitsign (CVE-2026-44310). Risk of unauthorized operations or information disclosure. Exploitable via ``nil``. Mitigation: upgrade to `0.15.0` or later.
CVE-2026-42876 Vulnerability in github.com/external-secrets/external-secrets/apis (CVE-2026-42876)
vulnerability in github.com/external-secrets/external-secrets/apis (CVE-2026-42876). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.4.1` or later.
CVE-2026-44430 SSRF (Server-Side Request Forgery) in github.com/modelcontextprotocol/registry (CVE-2026-44430)
SSRF in github.com/modelcontextprotocol/registry (CVE-2026-44430). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/http`. Mitigation: upgrade to `1.7.7` or later.
CVE-2026-44429 Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/github-at`. Mitigation: upgrade to `1.7.7` or later.
CVE-2026-41889 SQL Injection in github.com/jackc/pgx/v5 (CVE-2026-41889)
SQL injection in github.com/jackc/pgx/v5 (CVE-2026-41889). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.9.2` or later.
CVE-2026-42030 Vulnerability in osgeo (CVE-2026-42030)
vulnerability in osgeo (CVE-2026-42030). Risk of unauthorized operations or information disclosure.
CVE-2026-42028 Path Traversal in path-traversal (CVE-2026-42028)
path traversal in path-traversal (CVE-2026-42028). Risk of unauthorized operations or information disclosure.
CVE-2026-41887 Path Traversal in flarum/core (CVE-2026-41887)
path traversal in flarum/core (CVE-2026-41887). Confidential information can be exposed externally. Exploitable via `POST /api/settings`. Mitigation: upgrade to `2.0.0-rc.1` or later.
CVE-2026-38360 Path Traversal in path-traversal (CVE-2026-38360)
path traversal in path-traversal (CVE-2026-38360). Successful exploitation can lead to full system takeover.
CVE-2026-6321 Path Traversal in fast-uri (CVE-2026-6321)
path traversal in fast-uri (CVE-2026-6321). Data can be tampered with by attackers. Mitigation: upgrade to `3.1.1` or later.
CVE-2026-7768 Vulnerability in @fastify/accepts-serializer (CVE-2026-7768)
vulnerability in @fastify/accepts-serializer (CVE-2026-7768). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `6.0.4` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →