Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54352 |
|
Path Traversal in @budibase/server (CVE-2026-54352)
path traversal in @budibase/server (CVE-2026-54352). Confidential information can be exposed externally. Exploitable via `POST /api/pwa/process-zip`. Mitigation: upgrade to `3.39.9` or later.
|
| CVE-2026-50137 |
|
Vulnerability in @budibase/server (CVE-2026-50137)
vulnerability in @budibase/server (CVE-2026-50137). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-54232 |
|
Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
|
| CVE-2026-50136 |
|
Vulnerability in @budibase/server (CVE-2026-50136)
vulnerability in @budibase/server (CVE-2026-50136). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.2` or later.
|
| CVE-2026-50132 |
|
Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
|
| CVE-2026-47267 |
|
SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-47267)
SSRF in gogs.io/gogs (CVE-2026-47267). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-56697 |
|
Open Redirect in nuxt (CVE-2026-56697)
vulnerability in nuxt (CVE-2026-56697). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56324 |
|
Vulnerability in CVE-2026-56324 (CVE-2026-56324)
vulnerability in CVE-2026-56324 (CVE-2026-56324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56698 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-56698)
cross-site scripting in nuxt (CVE-2026-56698). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56306 |
|
Vulnerability in CVE-2026-56306 (CVE-2026-56306)
vulnerability in CVE-2026-56306 (CVE-2026-56306). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56321 |
|
Vulnerability in CVE-2026-56321 (CVE-2026-56321)
vulnerability in CVE-2026-56321 (CVE-2026-56321). Risk of unauthorized operations or information disclosure. Exploitable via `GET /private/role_bindings/`.
|
| CVE-2026-56323 |
|
Information Disclosure in CVE-2026-56323 (CVE-2026-56323)
vulnerability in CVE-2026-56323 (CVE-2026-56323). Confidential information can be exposed externally.
|
| CVE-2026-56311 |
|
Vulnerability in CVE-2026-56311 (CVE-2026-56311)
vulnerability in CVE-2026-56311 (CVE-2026-56311). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56280 |
|
Vulnerability in CVE-2026-56280 (CVE-2026-56280)
vulnerability in CVE-2026-56280 (CVE-2026-56280). Risk of unauthorized operations or information disclosure. Exploitable via `GET /build/logs/`.
|
| CVE-2026-56255 |
|
Vulnerability in dos (CVE-2026-56255)
vulnerability in dos (CVE-2026-56255). Risk of unauthorized operations or information disclosure. Exploitable via `POST /app/demo`.
|
| CVE-2026-56221 |
|
SQL Injection in sqli (CVE-2026-56221)
SQL injection in sqli (CVE-2026-56221). Confidential information can be exposed externally.
|
| CVE-2026-48517 |
|
Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48515 |
|
Vulnerability in MessagePack (CVE-2026-48515)
vulnerability in MessagePack (CVE-2026-48515). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48514 |
|
Vulnerability in MessagePack (CVE-2026-48514)
vulnerability in MessagePack (CVE-2026-48514). Risk of unauthorized operations or information disclosure. Exploitable via ``byteLength``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48500 |
|
Vulnerability in filament/filament (CVE-2026-48500)
vulnerability in filament/filament (CVE-2026-48500). Risk of unauthorized operations or information disclosure. Exploitable via ``WithFileUploads``. Mitigation: upgrade to `3.3.52` or later.
|
| CVE-2026-48510 |
|
Vulnerability in MessagePack (CVE-2026-48510)
vulnerability in MessagePack (CVE-2026-48510). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48505 |
|
Vulnerability in filament/filament (CVE-2026-48505)
vulnerability in filament/filament (CVE-2026-48505). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.5` or later.
|
| CVE-2026-48502 |
|
Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48509 |
|
Vulnerability in MessagePack (CVE-2026-48509)
vulnerability in MessagePack (CVE-2026-48509). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializerOptions.Standard``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2026-48167 |
|
Cross-Site Scripting (XSS) in filament/infolists (CVE-2026-48167)
cross-site scripting in filament/infolists (CVE-2026-48167). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageColumn``. Mitigation: upgrade to `5.6.5` or later.
|
| CVE-2026-48166 |
|
Vulnerability in filament/filament (CVE-2026-48166)
vulnerability in filament/filament (CVE-2026-48166). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.5` or later.
|
| CVE-2026-46700 |
|
Vulnerability in @actual-app/sync-server (CVE-2026-46700)
vulnerability in @actual-app/sync-server (CVE-2026-46700). Risk of unauthorized operations or information disclosure. Exploitable via `GET /secret/`. Mitigation: upgrade to `26.6.0` or later.
|
| CVE-2026-39904 |
|
Vulnerability in dos (CVE-2026-39904)
vulnerability in dos (CVE-2026-39904). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53779 |
|
Path Traversal in path-traversal (CVE-2026-53779)
path traversal in path-traversal (CVE-2026-53779). Confidential information can be exposed externally.
|
| CVE-2026-10852 |
|
Vulnerability in dos (CVE-2026-10852)
vulnerability in dos (CVE-2026-10852). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44272 |
|
SQL Injection in sqli (CVE-2026-44272)
SQL injection in sqli (CVE-2026-44272). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44271 |
|
SQL Injection in sqli (CVE-2026-44271)
SQL injection in sqli (CVE-2026-44271). Confidential information can be exposed externally.
|
| CVE-2026-44274 |
|
Vulnerability in dell (CVE-2026-44274)
vulnerability in dell (CVE-2026-44274). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48931 |
|
Vulnerability in nodejs (CVE-2026-48931)
vulnerability in nodejs (CVE-2026-48931). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11834 |
|
OS Command Injection in CVE-2026-11834 (CVE-2026-11834)
OS command injection in CVE-2026-11834 (CVE-2026-11834). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46607 |
|
Unsafe Deserialization in glances (CVE-2026-46607)
vulnerability in glances (CVE-2026-46607). Successful exploitation can lead to full system takeover. Exploitable via ``self.cache_file``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2026-55599 |
|
SSRF (Server-Side Request Forgery) in phpseclib/phpseclib (CVE-2026-55599)
SSRF in phpseclib/phpseclib (CVE-2026-55599). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ssrf`. Mitigation: upgrade to `3.0.54` or later.
|
| CVE-2026-54651 |
|
Vulnerability in pypdf-project (CVE-2026-54651)
vulnerability in pypdf-project (CVE-2026-54651). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.13.1` or later.
|
| CVE-2026-46606 |
|
OS Command Injection in glances (CVE-2026-46606)
OS command injection in glances (CVE-2026-46606). Successful exploitation can lead to full system takeover. Exploitable via ``domain``. Mitigation: upgrade to `4.5.5` or later.
|
| CVE-2026-55443 |
|
Path Traversal in langchain (CVE-2026-55443)
path traversal in langchain (CVE-2026-55443). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.9` or later.
|
| CVE-2026-56109 |
|
Vulnerability in c (CVE-2026-56109)
vulnerability in c (CVE-2026-56109). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11994 |
|
Cross-Site Scripting (XSS) in CVE-2026-11994 (CVE-2026-11994)
cross-site scripting in CVE-2026-11994 (CVE-2026-11994). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42127 |
|
Vulnerability in dos (CVE-2026-42127)
vulnerability in dos (CVE-2026-42127). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10789 |
|
Code Injection in autodesk (CVE-2026-10789)
code injection in autodesk (CVE-2026-10789). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33646 |
|
Code Injection in mise (CVE-2026-33646)
code injection in mise (CVE-2026-33646). Successful exploitation can lead to full system takeover. Exploitable via ``tera_exec``. Mitigation: upgrade to `2026.3.10` or later.
|
| CVE-2026-32315 |
|
Information Disclosure in motioneye (CVE-2026-32315)
vulnerability in motioneye (CVE-2026-32315). Confidential information can be exposed externally. Exploitable via ``motion.conf``. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-31978 |
|
Path Traversal in motioneye (CVE-2026-31978)
path traversal in motioneye (CVE-2026-31978). Confidential information can be exposed externally. Exploitable via ``mediafiles.py``. Mitigation: upgrade to `0.44.0` or later.
|
| CVE-2026-25119 |
|
Vulnerability in gogs.io/gogs (CVE-2026-25119)
vulnerability in gogs.io/gogs (CVE-2026-25119). Risk of unauthorized operations or information disclosure. Exploitable via ``ENABLE_REVERSE_PROXY_AUTHENTICATION``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2025-64719 |
|
Vulnerability in gogs.io/gogs (CVE-2025-64719)
vulnerability in gogs.io/gogs (CVE-2025-64719). Risk of unauthorized operations or information disclosure. Exploitable via ``view.go``. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-9006 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9006)
SSRF in ssrf (CVE-2026-9006). Confidential information can be exposed externally.
|