Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48129 |
|
Path Traversal in CVE-2026-48129 (CVE-2026-48129)
path traversal in CVE-2026-48129 (CVE-2026-48129). Data can be tampered with by attackers. Exploitable via ``inputFiles``.
|
| CVE-2026-54762 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762). Confidential information can be exposed externally. Exploitable via ``digest``. Mitigation: upgrade to `3.7.5` or later.
|
| CVE-2026-55660 |
|
Cross-Site Scripting (XSS) in tinacms (CVE-2026-55660)
cross-site scripting in tinacms (CVE-2026-55660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-55791 |
|
Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
cross-site scripting in craftcms/cms (CVE-2026-55791). Risk of unauthorized operations or information disclosure. Exploitable via ``trustedHosts``. Mitigation: upgrade to `4.18` or later.
|
| CVE-2026-54074 |
|
Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
|
| CVE-2026-55849 |
|
OS Command Injection in @cyclonedx/cyclonedx-npm (CVE-2026-55849)
OS command injection in @cyclonedx/cyclonedx-npm (CVE-2026-55849). Risk of unauthorized operations or information disclosure. Exploitable via ``npm_execpath``. Mitigation: upgrade to `5.0.0` or later.
|
| CVE-2026-54911 |
|
Vulnerability in ujson (CVE-2026-54911)
vulnerability in ujson (CVE-2026-54911). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.13.0` or later.
|
| CVE-2026-54906 |
|
Vulnerability in concurrent-ruby (CVE-2026-54906)
vulnerability in concurrent-ruby (CVE-2026-54906). Successful exploitation can lead to full system takeover. Exploitable via ``release_write_lock``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54904 |
|
Vulnerability in concurrent-ruby (CVE-2026-54904)
vulnerability in concurrent-ruby (CVE-2026-54904). Risk of unauthorized operations or information disclosure. Exploitable via ``compare_and_set``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54903 |
|
Vulnerability in oj (CVE-2026-54903)
vulnerability in oj (CVE-2026-54903). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54902 |
|
Use-After-Free in oj (CVE-2026-54902)
vulnerability in oj (CVE-2026-54902). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_end``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54901 |
|
Use-After-Free in oj (CVE-2026-54901)
vulnerability in oj (CVE-2026-54901). Risk of unauthorized operations or information disclosure. Exploitable via ``array_class``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54900 |
|
Vulnerability in oj (CVE-2026-54900)
vulnerability in oj (CVE-2026-54900). Risk of unauthorized operations or information disclosure. Exploitable via ``create_id``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54783 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54783)
vulnerability in CoreWCF.Primitives (CVE-2026-54783). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54782 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54782)
vulnerability in CoreWCF.Primitives (CVE-2026-54782). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54781 |
|
Authentication Bypass in CoreWCF.Primitives (CVE-2026-54781)
authentication bypass in CoreWCF.Primitives (CVE-2026-54781). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54779 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54779)
vulnerability in CoreWCF.Primitives (CVE-2026-54779). Data can be tampered with by attackers. Exploitable via ``ITokenReplayCache``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54778 |
|
Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54777 |
|
Vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777)
vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54776 |
|
Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54775 |
|
Vulnerability in CoreWCF.Kafka (CVE-2026-54775)
vulnerability in CoreWCF.Kafka (CVE-2026-54775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54774 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54774)
vulnerability in CoreWCF.Primitives (CVE-2026-54774). Confidential information can be exposed externally. Exploitable via ``BinarySecretSecurityToken``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54773 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54773)
vulnerability in CoreWCF.Primitives (CVE-2026-54773). Data can be tampered with by attackers. Exploitable via ``KeyInfo``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54772 |
|
Vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772)
vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-49345 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-49345)
SSRF in ssrf (CVE-2026-49345). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationController``.
|
| CVE-2026-49342 |
|
Path Traversal in yard (CVE-2026-49342)
path traversal in yard (CVE-2026-49342). Risk of unauthorized operations or information disclosure. Exploitable via ``adapter.document_root``. Mitigation: upgrade to `0.9.44` or later.
|
| CVE-2026-48774 |
|
Vulnerability in CVE-2026-48774 (CVE-2026-48774)
vulnerability in CVE-2026-48774 (CVE-2026-48774). Data can be tampered with by attackers. Exploitable via ``run_sql_readonly``.
|
| CVE-2026-48787 |
|
OS Command Injection in vue (CVE-2026-48787)
OS command injection in vue (CVE-2026-48787). Risk of unauthorized operations or information disclosure. Exploitable via `POST /autoCode/addFunc`.
|
| CVE-2026-48715 |
|
Vulnerability in radvdlitech (CVE-2026-48715)
vulnerability in radvdlitech (CVE-2026-48715). Successful exploitation can lead to full system takeover. Exploitable via ``radvdump``.
|
| CVE-2026-48772 |
|
Vulnerability in CVE-2026-48772 (CVE-2026-48772)
vulnerability in CVE-2026-48772 (CVE-2026-48772). Confidential information can be exposed externally. Exploitable via ``UNKNOWN``.
|
| CVE-2026-48773 |
|
Out-of-Bounds Write in CVE-2026-48773 (CVE-2026-48773)
out-of-bounds write in CVE-2026-48773 (CVE-2026-48773). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54898 |
|
Use-After-Free in oj (CVE-2026-54898)
vulnerability in oj (CVE-2026-54898). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_start``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54897 |
|
Use-After-Free in oj (CVE-2026-54897)
vulnerability in oj (CVE-2026-54897). Risk of unauthorized operations or information disclosure. Exploitable via ``each_value``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54896 |
|
Vulnerability in oj (CVE-2026-54896)
vulnerability in oj (CVE-2026-54896). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-55778 |
|
Unrestricted File Upload in parse-server (CVE-2026-55778)
vulnerability in parse-server (CVE-2026-55778). Risk of unauthorized operations or information disclosure. Exploitable via ``fileUpload.fileExtensions``. Mitigation: upgrade to `8.6.81` or later.
|
| CVE-2026-54592 |
|
Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54528 |
|
Vulnerability in jupyterlab-git (CVE-2026-54528)
vulnerability in jupyterlab-git (CVE-2026-54528). Confidential information can be exposed externally. Exploitable via `POST /git/project/secrets/status`. Mitigation: upgrade to `0.54.0` or later.
|
| CVE-2026-54527 |
|
Cross-Site Scripting (XSS) in jupyterlab-git (CVE-2026-54527)
cross-site scripting in jupyterlab-git (CVE-2026-54527). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/terminals`. Mitigation: upgrade to `0.54.0` or later.
|
| CVE-2026-54500 |
|
Out-of-Bounds Read in oj (CVE-2026-54500)
vulnerability in oj (CVE-2026-54500). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54499 |
|
Unsafe Deserialization in stanza (CVE-2026-54499)
vulnerability in stanza (CVE-2026-54499). Successful exploitation can lead to full system takeover. Exploitable via ``pickle.UnpicklingError``. Mitigation: upgrade to `1.12.2` or later.
|
| CVE-2026-54317 |
|
Information Disclosure in homeassistant (CVE-2026-54317)
vulnerability in homeassistant (CVE-2026-54317). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `2026.6.0` or later.
|
| CVE-2026-54297 |
|
Vulnerability in faraday (CVE-2026-54297)
vulnerability in faraday (CVE-2026-54297). Risk of unauthorized operations or information disclosure. Exploitable via ``Hash``. Mitigation: upgrade to `1.10.6` or later.
|
| CVE-2026-53492 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-53488 |
|
Vulnerability in github.com/containerd/containerd (CVE-2026-53488)
vulnerability in github.com/containerd/containerd (CVE-2026-53488). Successful exploitation can lead to full system takeover. Exploitable via ``LABEL``. Mitigation: upgrade to `1.7.33` or later.
|
| CVE-2026-54502 |
|
Vulnerability in oj (CVE-2026-54502)
vulnerability in oj (CVE-2026-54502). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-47262 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-47262)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-47262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-54899 |
|
Use-After-Free in oj (CVE-2026-54899)
vulnerability in oj (CVE-2026-54899). Risk of unauthorized operations or information disclosure. Exploitable via ``symbol_keys``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-23879 |
|
Vulnerability in py7zr (CVE-2026-23879)
vulnerability in py7zr (CVE-2026-23879). Successful exploitation can lead to full system takeover. Exploitable via ``py7zr``. Mitigation: upgrade to `1.1.3` or later.
|
| CVE-2026-49336 |
|
Vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336)
vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.0.0-preview.102` or later.
|
| CVE-2026-49340 |
|
Path Traversal in go.senan.xyz/gonic (CVE-2026-49340)
path traversal in go.senan.xyz/gonic (CVE-2026-49340). Data can be tampered with by attackers. Exploitable via ``ServeCreateOrUpdatePlaylist``. Mitigation: upgrade to `0.21.0` or later.
|