Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42490 |
|
Vulnerability in flask (CVE-2026-42490)
vulnerability in flask (CVE-2026-42490). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42488 |
|
Buffer Overflow in CVE-2026-42488 (CVE-2026-42488)
vulnerability in CVE-2026-42488 (CVE-2026-42488). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11719 |
|
Vulnerability in github.com/googleapis/mcp-toolbox (CVE-2026-11719)
vulnerability in github.com/googleapis/mcp-toolbox (CVE-2026-11719). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-54223 |
|
Path Traversal in path-traversal (CVE-2026-54223)
path traversal in path-traversal (CVE-2026-54223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42487 |
|
Vulnerability in c (CVE-2026-42487)
vulnerability in c (CVE-2026-42487). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12039 |
|
Vulnerability in CVE-2026-12039 (CVE-2026-12039)
vulnerability in CVE-2026-12039 (CVE-2026-12039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12539 |
|
Vulnerability in CVE-2026-12539 (CVE-2026-12539)
vulnerability in CVE-2026-12539 (CVE-2026-12539). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54220 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-54220)
vulnerability in csrf (CVE-2026-54220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12527 |
|
Vulnerability in CVE-2026-12527 (CVE-2026-12527)
vulnerability in CVE-2026-12527 (CVE-2026-12527). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56007 |
|
Cross-Site Scripting (XSS) in CVE-2026-56007 (CVE-2026-56007)
cross-site scripting in CVE-2026-56007 (CVE-2026-56007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54219 |
|
Cross-Site Scripting (XSS) in CVE-2026-54219 (CVE-2026-54219)
cross-site scripting in CVE-2026-54219 (CVE-2026-54219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56009 |
|
Cross-Site Scripting (XSS) in CVE-2026-56009 (CVE-2026-56009)
cross-site scripting in CVE-2026-56009 (CVE-2026-56009). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54221 |
|
Cross-Site Scripting (XSS) in CVE-2026-54221 (CVE-2026-54221)
cross-site scripting in CVE-2026-54221 (CVE-2026-54221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40457 |
|
Cross-Site Scripting (XSS) in CVE-2026-40457 (CVE-2026-40457)
cross-site scripting in CVE-2026-40457 (CVE-2026-40457). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54222 |
|
SQL Injection in sqli (CVE-2026-54222)
SQL injection in sqli (CVE-2026-54222). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40455 |
|
SQL Injection in sqli (CVE-2026-40455)
SQL injection in sqli (CVE-2026-40455). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54419 |
|
SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40456 |
|
OS Command Injection in CVE-2026-40456 (CVE-2026-40456)
OS command injection in CVE-2026-40456 (CVE-2026-40456). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2021 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2021)
cross-site scripting in wordpress (CVE-2026-2021). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8039 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8039)
cross-site scripting in wordpress (CVE-2026-8039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50643 |
|
Out-of-Bounds Read in CVE-2026-50643 (CVE-2026-50643)
vulnerability in CVE-2026-50643 (CVE-2026-50643). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11718 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-11717 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-8811 |
|
Path Traversal in CVE-2026-8811 (CVE-2026-8811)
path traversal in CVE-2026-8811 (CVE-2026-8811). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10560 |
|
Vulnerability in CVE-2025-10560 (CVE-2025-10560)
vulnerability in CVE-2025-10560 (CVE-2025-10560). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44727 |
|
Cross-Site Scripting (XSS) in jupyter-server (CVE-2026-44727)
cross-site scripting in jupyter-server (CVE-2026-44727). Risk of unauthorized operations or information disclosure. Exploitable via ``nbconvert.HTMLExporter``. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-12567 |
|
Vulnerability in bbot (CVE-2026-12567)
vulnerability in bbot (CVE-2026-12567). Risk of unauthorized operations or information disclosure. Exploitable via ``github_workflows``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-12568 |
|
Path Traversal in bbot (CVE-2026-12568)
path traversal in bbot (CVE-2026-12568). Data can be tampered with by attackers. Exploitable via ``postman_download``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-12566 |
|
SSRF (Server-Side Request Forgery) in bbot (CVE-2026-12566)
SSRF in bbot (CVE-2026-12566). Risk of unauthorized operations or information disclosure. Exploitable via ``docker_pull``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-12565 |
|
Path Traversal in bbot (CVE-2026-12565)
path traversal in bbot (CVE-2026-12565). Data can be tampered with by attackers. Exploitable via ``unarchive``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-50141 |
|
Vulnerability in CVE-2026-50141 (CVE-2026-50141)
vulnerability in CVE-2026-50141 (CVE-2026-50141). Risk of unauthorized operations or information disclosure. Exploitable via ``agent_id``.
|
| CVE-2026-11958 |
|
Vulnerability in c (CVE-2026-11958)
vulnerability in c (CVE-2026-11958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55661 |
|
Cross-Site Scripting (XSS) in tinacms (CVE-2026-55661)
cross-site scripting in tinacms (CVE-2026-55661). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-55603 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55603)
vulnerability in http-proxy-middleware (CVE-2026-55603). Data can be tampered with by attackers. Exploitable via ``req.body``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-55602 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55602)
vulnerability in http-proxy-middleware (CVE-2026-55602). Data can be tampered with by attackers. Exploitable via ``router``. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-55388 |
|
Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
|
| CVE-2026-55886 |
|
Vulnerability in jodit (CVE-2026-55886)
vulnerability in jodit (CVE-2026-55886). Risk of unauthorized operations or information disclosure. Exploitable via ``chain``. Mitigation: upgrade to `4.12.26` or later.
|
| CVE-2026-55746 |
|
Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
|
| CVE-2026-55745 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12111 |
|
Information Disclosure in wordpress (CVE-2026-12111)
vulnerability in wordpress (CVE-2026-12111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11395 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11395)
SSRF in wordpress (CVE-2026-11395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28573 |
|
Vulnerability in dos (CVE-2026-28573)
vulnerability in dos (CVE-2026-28573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12136 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12136)
cross-site scripting in wordpress (CVE-2026-12136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12137 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12137)
cross-site scripting in wordpress (CVE-2026-12137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12098 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12098)
cross-site scripting in wordpress (CVE-2026-12098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11402 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11402)
cross-site scripting in wordpress (CVE-2026-11402). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11358 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-11358)
cross-site scripting in wordpress (CVE-2026-11358). Risk of unauthorized operations or information disclosure.
|