Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-54352 Path Traversal in @budibase/server (CVE-2026-54352)
path traversal in @budibase/server (CVE-2026-54352). Confidential information can be exposed externally. Exploitable via `POST /api/pwa/process-zip`. Mitigation: upgrade to `3.39.9` or later.
CVE-2026-50137 Vulnerability in @budibase/server (CVE-2026-50137)
vulnerability in @budibase/server (CVE-2026-50137). Confidential information can be exposed externally. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-54232 Vulnerability in vllm (CVE-2026-54232)
vulnerability in vllm (CVE-2026-54232). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.22.1` or later.
CVE-2026-50136 Vulnerability in @budibase/server (CVE-2026-50136)
vulnerability in @budibase/server (CVE-2026-50136). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/attachments/`. Mitigation: upgrade to `3.39.2` or later.
CVE-2026-50132 Vulnerability in @budibase/server (CVE-2026-50132)
vulnerability in @budibase/server (CVE-2026-50132). Confidential information can be exposed externally. Exploitable via `GET /api/chat-links/`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-47267 SSRF (Server-Side Request Forgery) in gogs.io/gogs (CVE-2026-47267)
SSRF in gogs.io/gogs (CVE-2026-47267). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-56697 Open Redirect in nuxt (CVE-2026-56697)
vulnerability in nuxt (CVE-2026-56697). Risk of unauthorized operations or information disclosure.
CVE-2026-56324 Vulnerability in CVE-2026-56324 (CVE-2026-56324)
vulnerability in CVE-2026-56324 (CVE-2026-56324). Risk of unauthorized operations or information disclosure.
CVE-2026-56698 Cross-Site Scripting (XSS) in nuxt (CVE-2026-56698)
cross-site scripting in nuxt (CVE-2026-56698). Risk of unauthorized operations or information disclosure.
CVE-2026-56306 Vulnerability in CVE-2026-56306 (CVE-2026-56306)
vulnerability in CVE-2026-56306 (CVE-2026-56306). Risk of unauthorized operations or information disclosure.
CVE-2026-56321 Vulnerability in CVE-2026-56321 (CVE-2026-56321)
vulnerability in CVE-2026-56321 (CVE-2026-56321). Risk of unauthorized operations or information disclosure. Exploitable via `GET /private/role_bindings/`.
CVE-2026-56323 Information Disclosure in CVE-2026-56323 (CVE-2026-56323)
vulnerability in CVE-2026-56323 (CVE-2026-56323). Confidential information can be exposed externally.
CVE-2026-56311 Vulnerability in CVE-2026-56311 (CVE-2026-56311)
vulnerability in CVE-2026-56311 (CVE-2026-56311). Risk of unauthorized operations or information disclosure.
CVE-2026-56280 Vulnerability in CVE-2026-56280 (CVE-2026-56280)
vulnerability in CVE-2026-56280 (CVE-2026-56280). Risk of unauthorized operations or information disclosure. Exploitable via `GET /build/logs/`.
CVE-2026-56255 Vulnerability in dos (CVE-2026-56255)
vulnerability in dos (CVE-2026-56255). Risk of unauthorized operations or information disclosure. Exploitable via `POST /app/demo`.
CVE-2026-56221 SQL Injection in sqli (CVE-2026-56221)
SQL injection in sqli (CVE-2026-56221). Confidential information can be exposed externally.
CVE-2026-48517 Vulnerability in MessagePack (CVE-2026-48517)
vulnerability in MessagePack (CVE-2026-48517). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializer.Typeless``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48515 Vulnerability in MessagePack (CVE-2026-48515)
vulnerability in MessagePack (CVE-2026-48515). Risk of unauthorized operations or information disclosure. Exploitable via ``MessagePackSecurity.UntrustedData``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48514 Vulnerability in MessagePack (CVE-2026-48514)
vulnerability in MessagePack (CVE-2026-48514). Risk of unauthorized operations or information disclosure. Exploitable via ``byteLength``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48500 Vulnerability in filament/filament (CVE-2026-48500)
vulnerability in filament/filament (CVE-2026-48500). Risk of unauthorized operations or information disclosure. Exploitable via ``WithFileUploads``. Mitigation: upgrade to `3.3.52` or later.
CVE-2026-48510 Vulnerability in MessagePack (CVE-2026-48510)
vulnerability in MessagePack (CVE-2026-48510). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48505 Vulnerability in filament/filament (CVE-2026-48505)
vulnerability in filament/filament (CVE-2026-48505). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-48502 Out-of-Bounds Read in MessagePack (CVE-2026-48502)
vulnerability in MessagePack (CVE-2026-48502). Risk of unauthorized operations or information disclosure. Exploitable via ``tokenSize``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48509 Vulnerability in MessagePack (CVE-2026-48509)
vulnerability in MessagePack (CVE-2026-48509). Data can be tampered with by attackers. Exploitable via ``MessagePackSerializerOptions.Standard``. Mitigation: upgrade to `3.1.7` or later.
CVE-2026-48167 Cross-Site Scripting (XSS) in filament/infolists (CVE-2026-48167)
cross-site scripting in filament/infolists (CVE-2026-48167). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageColumn``. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-48166 Vulnerability in filament/filament (CVE-2026-48166)
vulnerability in filament/filament (CVE-2026-48166). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.5` or later.
CVE-2026-46700 Vulnerability in @actual-app/sync-server (CVE-2026-46700)
vulnerability in @actual-app/sync-server (CVE-2026-46700). Risk of unauthorized operations or information disclosure. Exploitable via `GET /secret/`. Mitigation: upgrade to `26.6.0` or later.
CVE-2026-39904 Vulnerability in dos (CVE-2026-39904)
vulnerability in dos (CVE-2026-39904). Risk of unauthorized operations or information disclosure.
CVE-2026-53779 Path Traversal in path-traversal (CVE-2026-53779)
path traversal in path-traversal (CVE-2026-53779). Confidential information can be exposed externally.
CVE-2026-10852 Vulnerability in dos (CVE-2026-10852)
vulnerability in dos (CVE-2026-10852). Risk of unauthorized operations or information disclosure.
CVE-2026-44272 SQL Injection in sqli (CVE-2026-44272)
SQL injection in sqli (CVE-2026-44272). Successful exploitation can lead to full system takeover.
CVE-2026-44271 SQL Injection in sqli (CVE-2026-44271)
SQL injection in sqli (CVE-2026-44271). Confidential information can be exposed externally.
CVE-2026-44274 Vulnerability in dell (CVE-2026-44274)
vulnerability in dell (CVE-2026-44274). Successful exploitation can lead to full system takeover.
CVE-2026-48931 Vulnerability in nodejs (CVE-2026-48931)
vulnerability in nodejs (CVE-2026-48931). Risk of unauthorized operations or information disclosure.
CVE-2026-11834 OS Command Injection in CVE-2026-11834 (CVE-2026-11834)
OS command injection in CVE-2026-11834 (CVE-2026-11834). Risk of unauthorized operations or information disclosure.
CVE-2026-46607 Unsafe Deserialization in glances (CVE-2026-46607)
vulnerability in glances (CVE-2026-46607). Successful exploitation can lead to full system takeover. Exploitable via ``self.cache_file``. Mitigation: upgrade to `4.5.5` or later.
CVE-2026-55599 SSRF (Server-Side Request Forgery) in phpseclib/phpseclib (CVE-2026-55599)
SSRF in phpseclib/phpseclib (CVE-2026-55599). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ssrf`. Mitigation: upgrade to `3.0.54` or later.
CVE-2026-54651 Vulnerability in pypdf-project (CVE-2026-54651)
vulnerability in pypdf-project (CVE-2026-54651). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.13.1` or later.
CVE-2026-46606 OS Command Injection in glances (CVE-2026-46606)
OS command injection in glances (CVE-2026-46606). Successful exploitation can lead to full system takeover. Exploitable via ``domain``. Mitigation: upgrade to `4.5.5` or later.
CVE-2026-55443 Path Traversal in langchain (CVE-2026-55443)
path traversal in langchain (CVE-2026-55443). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.9` or later.
CVE-2026-56109 Vulnerability in c (CVE-2026-56109)
vulnerability in c (CVE-2026-56109). Risk of unauthorized operations or information disclosure.
CVE-2026-11994 Cross-Site Scripting (XSS) in CVE-2026-11994 (CVE-2026-11994)
cross-site scripting in CVE-2026-11994 (CVE-2026-11994). Risk of unauthorized operations or information disclosure.
CVE-2026-42127 Vulnerability in dos (CVE-2026-42127)
vulnerability in dos (CVE-2026-42127). Risk of unauthorized operations or information disclosure.
CVE-2026-10789 Code Injection in autodesk (CVE-2026-10789)
code injection in autodesk (CVE-2026-10789). Successful exploitation can lead to full system takeover.
CVE-2026-33646 Code Injection in mise (CVE-2026-33646)
code injection in mise (CVE-2026-33646). Successful exploitation can lead to full system takeover. Exploitable via ``tera_exec``. Mitigation: upgrade to `2026.3.10` or later.
CVE-2026-32315 Information Disclosure in motioneye (CVE-2026-32315)
vulnerability in motioneye (CVE-2026-32315). Confidential information can be exposed externally. Exploitable via ``motion.conf``. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-31978 Path Traversal in motioneye (CVE-2026-31978)
path traversal in motioneye (CVE-2026-31978). Confidential information can be exposed externally. Exploitable via ``mediafiles.py``. Mitigation: upgrade to `0.44.0` or later.
CVE-2026-25119 Vulnerability in gogs.io/gogs (CVE-2026-25119)
vulnerability in gogs.io/gogs (CVE-2026-25119). Risk of unauthorized operations or information disclosure. Exploitable via ``ENABLE_REVERSE_PROXY_AUTHENTICATION``. Mitigation: upgrade to `0.14.3` or later.
CVE-2025-64719 Vulnerability in gogs.io/gogs (CVE-2025-64719)
vulnerability in gogs.io/gogs (CVE-2025-64719). Risk of unauthorized operations or information disclosure. Exploitable via ``view.go``. Mitigation: upgrade to `0.14.3` or later.
CVE-2026-9006 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-9006)
SSRF in ssrf (CVE-2026-9006). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →