Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46699 |
|
Vulnerability in CVE-2026-46699 (CVE-2026-46699)
vulnerability in CVE-2026-46699 (CVE-2026-46699). Data can be tampered with by attackers.
|
| CVE-2026-49252 |
|
Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
|
| CVE-2026-49454 |
|
Authentication Bypass in relyra (CVE-2026-49454)
authentication bypass in relyra (CVE-2026-49454). Confidential information can be exposed externally. Exploitable via ``SignatureValue``. Mitigation: upgrade to `1.2.0` or later.
|
| CVE-2026-45696 |
|
Vulnerability in dos (CVE-2026-45696)
vulnerability in dos (CVE-2026-45696). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44663 |
|
Vulnerability in cpp (CVE-2026-44663)
vulnerability in cpp (CVE-2026-44663). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43994 |
|
Vulnerability in coturn-project (CVE-2026-43994)
vulnerability in coturn-project (CVE-2026-43994). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48980 |
|
Vulnerability in CVE-2026-48980 (CVE-2026-48980)
vulnerability in CVE-2026-48980 (CVE-2026-48980). Confidential information can be exposed externally.
|
| CVE-2026-48983 |
|
Vulnerability in CVE-2026-48983 (CVE-2026-48983)
vulnerability in CVE-2026-48983 (CVE-2026-48983). Confidential information can be exposed externally.
|
| CVE-2026-48982 |
|
Vulnerability in CVE-2026-48982 (CVE-2026-48982)
vulnerability in CVE-2026-48982 (CVE-2026-48982). Data can be tampered with by attackers.
|
| CVE-2026-48981 |
|
XXE (XML External Entity) in CVE-2026-48981 (CVE-2026-48981)
vulnerability in CVE-2026-48981 (CVE-2026-48981). Confidential information can be exposed externally.
|
| CVE-2026-43915 |
|
Cross-Site Scripting (XSS) in coturn-project (CVE-2026-43915)
cross-site scripting in coturn-project (CVE-2026-43915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47847 |
|
Vulnerability in CVE-2026-47847 (CVE-2026-47847)
vulnerability in CVE-2026-47847 (CVE-2026-47847). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47846 |
|
Vulnerability in CVE-2026-47846 (CVE-2026-47846)
vulnerability in CVE-2026-47846 (CVE-2026-47846). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48716 |
|
Path Traversal in CVE-2026-48716 (CVE-2026-48716)
path traversal in CVE-2026-48716 (CVE-2026-48716). Data can be tampered with by attackers.
|
| CVE-2026-54390 |
|
Vulnerability in CVE-2026-54390 (CVE-2026-54390)
vulnerability in CVE-2026-54390 (CVE-2026-54390). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54106 |
|
Vulnerability in CVE-2026-54106 (CVE-2026-54106)
vulnerability in CVE-2026-54106 (CVE-2026-54106). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56024 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-56024)
vulnerability in csrf (CVE-2026-56024). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56020 |
|
Vulnerability in CVE-2026-56020 (CVE-2026-56020)
vulnerability in CVE-2026-56020 (CVE-2026-56020). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.641` or later.
|
| CVE-2026-38718 |
|
Vulnerability in dos (CVE-2026-38718)
vulnerability in dos (CVE-2026-38718). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54103 |
|
Vulnerability in CVE-2026-54103 (CVE-2026-54103)
vulnerability in CVE-2026-54103 (CVE-2026-54103). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38717 |
|
Command Injection in inhandnetworks (CVE-2026-38717)
command injection in inhandnetworks (CVE-2026-38717). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55203 |
|
Vulnerability in haproxy (CVE-2026-55203)
vulnerability in haproxy (CVE-2026-55203). Data can be tampered with by attackers.
|
| CVE-2026-55204 |
|
Vulnerability in c (CVE-2026-55204)
vulnerability in c (CVE-2026-55204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48617 |
|
Vulnerability in CVE-2026-48617 (CVE-2026-48617)
vulnerability in CVE-2026-48617 (CVE-2026-48617). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55205 |
|
Vulnerability in CVE-2026-55205 (CVE-2026-55205)
vulnerability in CVE-2026-55205 (CVE-2026-55205). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/onboarding/oauth/start`.
|
| CVE-2026-11982 |
|
Cross-Site Scripting (XSS) in CVE-2026-11982 (CVE-2026-11982)
cross-site scripting in CVE-2026-11982 (CVE-2026-11982). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38714 |
|
Command Injection in inhandnetworks (CVE-2026-38714)
command injection in inhandnetworks (CVE-2026-38714). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38716 |
|
Command Injection in inhandnetworks (CVE-2026-38716)
command injection in inhandnetworks (CVE-2026-38716). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38715 |
|
Command Injection in inhandnetworks (CVE-2026-38715)
command injection in inhandnetworks (CVE-2026-38715). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48986 |
|
Vulnerability in dos (CVE-2026-48986)
vulnerability in dos (CVE-2026-48986). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48985 |
|
Vulnerability in CVE-2026-48985 (CVE-2026-48985)
vulnerability in CVE-2026-48985 (CVE-2026-48985). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58399 |
|
Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
|
| CVE-2026-54319 |
|
Path Traversal in github.com/daytonaio/daytona (CVE-2026-54319)
path traversal in github.com/daytonaio/daytona (CVE-2026-54319). Risk of unauthorized operations or information disclosure. Exploitable via ``volumeId``. Mitigation: upgrade to `0.186.0` or later.
|
| CVE-2026-55237 |
|
Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
|
| CVE-2025-32437 |
|
Vulnerability in dos (CVE-2025-32437)
vulnerability in dos (CVE-2025-32437). Risk of unauthorized operations or information disclosure. Exploitable via ``MediaDurationBlock``.
|
| CVE-2025-32436 |
|
Vulnerability in dos (CVE-2025-32436)
vulnerability in dos (CVE-2025-32436). Risk of unauthorized operations or information disclosure. Exploitable via ``AddAudioToVideoBlock``.
|
| CVE-2025-32424 |
|
Vulnerability in dos (CVE-2025-32424)
vulnerability in dos (CVE-2025-32424). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
|
| CVE-2025-32422 |
|
Vulnerability in dos (CVE-2025-32422)
vulnerability in dos (CVE-2025-32422). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
|
| CVE-2025-32392 |
|
Vulnerability in dos (CVE-2025-32392)
vulnerability in dos (CVE-2025-32392). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40624 |
|
Vulnerability in cisa (CVE-2026-40624)
vulnerability in cisa (CVE-2026-40624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46580 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-46580)
vulnerability in @theia/ai-chat-ui (CVE-2026-46580). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-44691 |
|
Vulnerability in @theia/debug (CVE-2026-44691)
vulnerability in @theia/debug (CVE-2026-44691). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.69.0` or later.
|
| CVE-2026-44688 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-44688)
vulnerability in @theia/ai-chat-ui (CVE-2026-44688). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-22551 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-22551)
vulnerability in @theia/ai-chat-ui (CVE-2026-22551). Confidential information can be exposed externally. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-11791 |
|
Use-After-Free in dos (CVE-2026-11791)
vulnerability in dos (CVE-2026-11791). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9158 |
|
Use-After-Free in eclipse (CVE-2026-9158)
vulnerability in eclipse (CVE-2026-9158). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56012 |
|
SQL Injection in sqli (CVE-2026-56012)
SQL injection in sqli (CVE-2026-56012). Confidential information can be exposed externally.
|
| CVE-2026-8461 |
|
Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8024 |
|
Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42489 |
|
Vulnerability in flask (CVE-2026-42489)
vulnerability in flask (CVE-2026-42489). Risk of unauthorized operations or information disclosure.
|