Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54917 |
|
Path Traversal in seaweedfs (CVE-2026-54917)
path traversal in seaweedfs (CVE-2026-54917). Confidential information can be exposed externally. Exploitable via `GET /bucket-A/../evil-bucket/key`. Mitigation: upgrade to `4.30` or later.
|
| CVE-2026-54250 |
|
Path Traversal in path-traversal (CVE-2026-54250)
path traversal in path-traversal (CVE-2026-54250). Data can be tampered with by attackers. Mitigation: upgrade to `1.35.3` or later.
|
| CVE-2026-54089 |
|
Authentication Bypass in CVE-2026-54089 (CVE-2026-54089)
authentication bypass in CVE-2026-54089 (CVE-2026-54089). Confidential information can be exposed externally.
|
| CVE-2026-54088 |
|
OS Command Injection in CVE-2026-54088 (CVE-2026-54088)
OS command injection in CVE-2026-54088 (CVE-2026-54088). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.63.6` or later.
|
| CVE-2026-50548 |
|
Path Traversal in anysphere (CVE-2026-50548)
path traversal in anysphere (CVE-2026-50548). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
|
| CVE-2026-50549 |
|
Vulnerability in anysphere (CVE-2026-50549)
vulnerability in anysphere (CVE-2026-50549). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0` or later.
|
| CVE-2026-6291 |
|
Vulnerability in wolfssl (CVE-2026-6291)
vulnerability in wolfssl (CVE-2026-6291). Confidential information can be exposed externally.
|
| CVE-2026-6094 |
|
Out-of-Bounds Read in wolfssl (CVE-2026-6094)
vulnerability in wolfssl (CVE-2026-6094). Confidential information can be exposed externally.
|
| CVE-2026-9086 |
|
Cross-Site Scripting (XSS) in redhat (CVE-2026-9086)
cross-site scripting in redhat (CVE-2026-9086). Confidential information can be exposed externally.
|
| CVE-2026-55961 |
|
Vulnerability in wolfssl (CVE-2026-55961)
vulnerability in wolfssl (CVE-2026-55961). Data can be tampered with by attackers.
|
| CVE-2026-56123 |
|
Vulnerability in dest-unreach (CVE-2026-56123)
vulnerability in dest-unreach (CVE-2026-56123). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9083 |
|
Path Traversal in redhat (CVE-2026-9083)
path traversal in redhat (CVE-2026-9083). Confidential information can be exposed externally.
|
| CVE-2026-6091 |
|
Vulnerability in wolfssl (CVE-2026-6091)
vulnerability in wolfssl (CVE-2026-6091). Data can be tampered with by attackers.
|
| CVE-2026-11999 |
|
Vulnerability in c (CVE-2026-11999)
vulnerability in c (CVE-2026-11999). Data can be tampered with by attackers.
|
| CVE-2026-45233 |
|
Path Traversal in path-traversal (CVE-2026-45233)
path traversal in path-traversal (CVE-2026-45233). Data can be tampered with by attackers.
|
| CVE-2026-9716 |
|
Vulnerability in schneider-electric (CVE-2026-9716)
vulnerability in schneider-electric (CVE-2026-9716). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9650 |
|
Vulnerability in CVE-2026-9650 (CVE-2026-9650)
vulnerability in CVE-2026-9650 (CVE-2026-9650). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9651 |
|
Vulnerability in CVE-2026-9651 (CVE-2026-9651)
vulnerability in CVE-2026-9651 (CVE-2026-9651). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9717 |
|
OS Command Injection in schneider-electric (CVE-2026-9717)
OS command injection in schneider-electric (CVE-2026-9717). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48942 |
|
Cross-Site Scripting (XSS) in joomlaworks (CVE-2026-48942)
cross-site scripting in joomlaworks (CVE-2026-48942). Risk of unauthorized operations or information disclosure. Exploitable via ``src``.
|
| CVE-2026-48941 |
|
Vulnerability in joomlaworks (CVE-2026-48941)
vulnerability in joomlaworks (CVE-2026-48941). Risk of unauthorized operations or information disclosure. Exploitable via ``item.checkin``.
|
| CVE-2026-48944 |
|
Path Traversal in joomlaworks (CVE-2026-48944)
path traversal in joomlaworks (CVE-2026-48944). Confidential information can be exposed externally. Exploitable via ``configuration.php``.
|
| CVE-2026-48946 |
|
Unrestricted File Upload in apache (CVE-2026-48946)
vulnerability in apache (CVE-2026-48946). Risk of unauthorized operations or information disclosure. Exploitable via ``shell.php``.
|
| CVE-2026-48945 |
|
Unrestricted File Upload in joomlaworks (CVE-2026-48945)
vulnerability in joomlaworks (CVE-2026-48945). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4522 |
|
Vulnerability in CVE-2026-4522 (CVE-2026-4522)
vulnerability in CVE-2026-4522 (CVE-2026-4522). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48940 |
|
Cross-Site Scripting (XSS) in joomlaworks (CVE-2026-48940)
cross-site scripting in joomlaworks (CVE-2026-48940). Risk of unauthorized operations or information disclosure. Exploitable via ``embedVideo``.
|
| CVE-2026-12844 |
|
Vulnerability in CVE-2026-12844 (CVE-2026-12844)
vulnerability in CVE-2026-12844 (CVE-2026-12844). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54679 |
|
Vulnerability in jqlang (CVE-2026-54679)
vulnerability in jqlang (CVE-2026-54679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.2` or later.
|
| CVE-2026-49839 |
|
Out-of-Bounds Write in jqlang (CVE-2026-49839)
out-of-bounds write in jqlang (CVE-2026-49839). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.2` or later.
|
| CVE-2026-55439 |
|
Path Traversal in path-traversal (CVE-2026-55439)
path traversal in path-traversal (CVE-2026-55439). Confidential information can be exposed externally. Exploitable via `GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}`. Mitigation: upgrade to `2.24.3` or later.
|
| CVE-2026-55412 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55412)
SSRF in ssrf (CVE-2026-55412). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
|
| CVE-2026-55413 |
|
Code Injection in CVE-2026-55413 (CVE-2026-55413)
code injection in CVE-2026-55413 (CVE-2026-55413). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
|
| CVE-2026-55411 |
|
Vulnerability in CVE-2026-55411 (CVE-2026-55411)
vulnerability in CVE-2026-55411 (CVE-2026-55411). Confidential information can be exposed externally. Exploitable via `POST /api/data-sources/decrypt`. Mitigation: upgrade to `3.20.1780-lts` or later.
|
| CVE-2026-54573 |
|
Authorization Flaw in privilege-escalation (CVE-2026-54573)
vulnerability in privilege-escalation (CVE-2026-54573). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
|
| CVE-2026-54448 |
|
Vulnerability in aquasec (CVE-2026-54448)
vulnerability in aquasec (CVE-2026-54448). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.71.0` or later.
|
| CVE-2026-54037 |
|
Vulnerability in librechat (CVE-2026-54037)
vulnerability in librechat (CVE-2026-54037). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/fork`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-55092 |
|
Path Traversal in aquasec (CVE-2026-55092)
path traversal in aquasec (CVE-2026-55092). Data can be tampered with by attackers. Mitigation: upgrade to `0.71.1` or later.
|
| CVE-2026-54040 |
|
Vulnerability in librechat (CVE-2026-54040)
vulnerability in librechat (CVE-2026-54040). Data can be tampered with by attackers. Exploitable via `POST /api/auth/2fa/backup/regenerate`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54029 |
|
Vulnerability in librechat (CVE-2026-54029)
vulnerability in librechat (CVE-2026-54029). Data can be tampered with by attackers. Exploitable via `DELETE /api/messages/`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54027 |
|
Vulnerability in librechat (CVE-2026-54027)
vulnerability in librechat (CVE-2026-54027). Data can be tampered with by attackers. Exploitable via `POST /api/files/images`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54033 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
SSRF in ssrf (CVE-2026-54033). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54024 |
|
Vulnerability in librechat (CVE-2026-54024)
vulnerability in librechat (CVE-2026-54024). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/import`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54025 |
|
Cross-Site Scripting (XSS) in librechat (CVE-2026-54025)
cross-site scripting in librechat (CVE-2026-54025). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-13351 |
|
Vulnerability in dos (CVE-2026-13351)
vulnerability in dos (CVE-2026-13351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46406 |
|
Vulnerability in @anthropic-ai/claude-code (CVE-2026-46406)
vulnerability in @anthropic-ai/claude-code (CVE-2026-46406). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.128` or later.
|
| CVE-2026-57454 |
|
Out-of-Bounds Read in vim (CVE-2026-57454)
vulnerability in vim (CVE-2026-57454). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.2.0679` or later.
|
| CVE-2026-57452 |
|
Out-of-Bounds Read in vim (CVE-2026-57452)
vulnerability in vim (CVE-2026-57452). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.2.0671` or later.
|
| CVE-2026-57451 |
|
Out-of-Bounds Read in c (CVE-2026-57451)
vulnerability in c (CVE-2026-57451). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.2.0670` or later.
|
| CVE-2026-57438 |
|
Use-After-Free in nokogiri (CVE-2026-57438)
vulnerability in nokogiri (CVE-2026-57438). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
|
| CVE-2026-57453 |
|
Command Injection in vim (CVE-2026-57453)
command injection in vim (CVE-2026-57453). Confidential information can be exposed externally. Mitigation: upgrade to `9.2.0678` or later.
|