Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-6734 Vulnerability in undici (CVE-2026-6734)
vulnerability in undici (CVE-2026-6734). Successful exploitation can lead to full system takeover. Exploitable via ``Socks5ProxyAgent``. Mitigation: upgrade to `8.2.0` or later.
CVE-2026-47774 Vulnerability in dos (CVE-2026-47774)
vulnerability in dos (CVE-2026-47774). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
CVE-2026-25779 Open Redirect in github.com/go-gitea/gitea (CVE-2026-25779)
vulnerability in github.com/go-gitea/gitea (CVE-2026-25779). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `1.26.0` or later.
CVE-2026-28737 Cross-Site Scripting (XSS) in code.gitea.io/gitea (CVE-2026-28737)
cross-site scripting in code.gitea.io/gitea (CVE-2026-28737). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `1.26.0` or later.
CVE-2026-22555 Vulnerability in code.gitea.io/gitea (CVE-2026-22555)
vulnerability in code.gitea.io/gitea (CVE-2026-22555). Confidential information can be exposed externally. Exploitable via `POST /api/v1/repos/{owner}/{repo}/forks`. Mitigation: upgrade to `1.26.0` or later.
CVE-2026-54324 Vulnerability in github.com/daytonaio/daytona (CVE-2026-54324)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54324). Confidential information can be exposed externally. Mitigation: upgrade to `0.185.0` or later.
CVE-2026-54316 Vulnerability in @anthropic-ai/claude-code (CVE-2026-54316)
vulnerability in @anthropic-ai/claude-code (CVE-2026-54316). Confidential information can be exposed externally. Mitigation: upgrade to `2.1.163` or later.
CVE-2026-54022 Vulnerability in open-webui (CVE-2026-54022)
vulnerability in open-webui (CVE-2026-54022). Confidential information can be exposed externally. Exploitable via ``document_id``. Mitigation: upgrade to `0.8.11` or later.
CVE-2026-54021 Authorization Flaw in open-webui (CVE-2026-54021)
vulnerability in open-webui (CVE-2026-54021). Risk of unauthorized operations or information disclosure. Exploitable via `POST /ollama/api/chat/{url_idx}`. Mitigation: upgrade to `>= 0.9.6` or later.
CVE-2026-54019 Vulnerability in open-webui (CVE-2026-54019)
vulnerability in open-webui (CVE-2026-54019). Confidential information can be exposed externally. Exploitable via `POST /api/v1/retrieval/query/collection`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54018 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54018)
SSRF in open-webui (CVE-2026-54018). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54017 Path Traversal in open-webui (CVE-2026-54017)
path traversal in open-webui (CVE-2026-54017). Confidential information can be exposed externally. Exploitable via `GET /api/v1/terminals/server1/..`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-9675 Vulnerability in undici (CVE-2026-9675)
vulnerability in undici (CVE-2026-9675). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-12151 Vulnerability in undici (CVE-2026-12151)
vulnerability in undici (CVE-2026-12151). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-20178 Open Redirect in Cisco webex-web-app (CVE-2026-20178)
vulnerability in Cisco webex-web-app (CVE-2026-20178). Risk of unauthorized operations or information disclosure.
CVE-2026-20246 Privilege Escalation in Cisco umbrella-virtual-appliance (CVE-2026-20246)
vulnerability in Cisco umbrella-virtual-appliance (CVE-2026-20246). Confidential information can be exposed externally.
CVE-2026-20220 Vulnerability in Cisco crosswork-network-controller (CVE-2026-20220)
vulnerability in Cisco crosswork-network-controller (CVE-2026-20220). Risk of unauthorized operations or information disclosure.
CVE-2026-20181 Path Traversal in Cisco dos (CVE-2026-20181)
path traversal in Cisco dos (CVE-2026-20181). Successful exploitation can lead to full system takeover.
CVE-2026-48117 Authentication Bypass in CVE-2026-48117 (CVE-2026-48117)
authentication bypass in CVE-2026-48117 (CVE-2026-48117). Confidential information can be exposed externally.
CVE-2026-47103 Vulnerability in python-statemachine (CVE-2026-47103)
vulnerability in python-statemachine (CVE-2026-47103). Successful exploitation can lead to full system takeover. Exploitable via ``SCXMLProcessor``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-10641 Out-of-Bounds Write in c (CVE-2026-10641)
out-of-bounds write in c (CVE-2026-10641). Risk of unauthorized operations or information disclosure.
CVE-2026-54015 Vulnerability in open-webui (CVE-2026-54015)
vulnerability in open-webui (CVE-2026-54015). Confidential information can be exposed externally. Exploitable via `GET /api/v1/prompts/id/{prompt_id}/history/diff`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54014 Path Traversal in open-webui (CVE-2026-54014)
path traversal in open-webui (CVE-2026-54014). Risk of unauthorized operations or information disclosure. Exploitable via `GET /cache/{{path}}`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54013 Cross-Site Scripting (XSS) in open-webui (CVE-2026-54013)
cross-site scripting in open-webui (CVE-2026-54013). Confidential information can be exposed externally. Exploitable via `GET /api/v1/models/model/profile/image`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54012 Vulnerability in open-webui (CVE-2026-54012)
vulnerability in open-webui (CVE-2026-54012). Confidential information can be exposed externally. Exploitable via `GET /api/v1/files/{id}/content`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54011 Cross-Site Scripting (XSS) in open-webui (CVE-2026-54011)
cross-site scripting in open-webui (CVE-2026-54011). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54010 Vulnerability in open-webui (CVE-2026-54010)
vulnerability in open-webui (CVE-2026-54010). Confidential information can be exposed externally. Exploitable via `GET /api/v1/files/{id}/content`. Mitigation: upgrade to `>= 0.9.6` or later.
CVE-2026-54008 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54008)
SSRF in open-webui (CVE-2026-54008). Confidential information can be exposed externally. Exploitable via `GET /api/v1/auths/`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-53931 Vulnerability in nocodb (CVE-2026-53931)
vulnerability in nocodb (CVE-2026-53931). Risk of unauthorized operations or information disclosure. Exploitable via ``axiosRequestMake``.
CVE-2026-53930 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-53930)
SSRF in nocodb (CVE-2026-53930). Risk of unauthorized operations or information disclosure. Exploitable via ``migrate``.
CVE-2026-53929 Cross-Site Scripting (XSS) in nocodb (CVE-2026-53929)
cross-site scripting in nocodb (CVE-2026-53929). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseContentDisposition``.
CVE-2026-53927 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-53927)
SSRF in nocodb (CVE-2026-53927). Risk of unauthorized operations or information disclosure. Exploitable via ``axiosRequestMake``.
CVE-2026-54236 Vulnerability in vllm (CVE-2026-54236)
vulnerability in vllm (CVE-2026-54236). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/messages`.
CVE-2026-53923 Information Disclosure in vllm (CVE-2026-53923)
vulnerability in vllm (CVE-2026-53923). Confidential information can be exposed externally. Exploitable via ``to_cuda_ggml_t``.
CVE-2026-54235 Vulnerability in vllm (CVE-2026-54235)
vulnerability in vllm (CVE-2026-54235). Risk of unauthorized operations or information disclosure. Exploitable via ``False``.
CVE-2026-54761 Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54761)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54761). Confidential information can be exposed externally. Exploitable via ``crossProviderNamespaces``. Mitigation: upgrade to `3.7.5` or later.
CVE-2026-53765 Vulnerability in chrome-devtools-mcp (CVE-2026-53765)
vulnerability in chrome-devtools-mcp (CVE-2026-53765). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``. Mitigation: upgrade to `1.1.0` or later.
CVE-2026-54325 Vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325)
vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325). Risk of unauthorized operations or information disclosure. Exploitable via ``project_trust``. Mitigation: upgrade to `0.79.0` or later.
CVE-2026-54327 Vulnerability in @mariozechner/pi-coding-agent (CVE-2026-54327)
vulnerability in @mariozechner/pi-coding-agent (CVE-2026-54327). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.78.1` or later.
CVE-2026-48781 Vulnerability in CVE-2026-48781 (CVE-2026-48781)
vulnerability in CVE-2026-48781 (CVE-2026-48781). Successful exploitation can lead to full system takeover.
CVE-2026-48797 Vulnerability in backpropagate (CVE-2026-48797)
vulnerability in backpropagate (CVE-2026-48797). Risk of unauthorized operations or information disclosure. Exploitable via ``BACKPROPAGATE_UI_AUTH``. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-48783 Vulnerability in CVE-2026-48783 (CVE-2026-48783)
vulnerability in CVE-2026-48783 (CVE-2026-48783). Risk of unauthorized operations or information disclosure.
CVE-2026-48782 SSRF (Server-Side Request Forgery) in pydantic-ai-slim (CVE-2026-48782)
SSRF in pydantic-ai-slim (CVE-2026-48782). Confidential information can be exposed externally. Exploitable via ``FileUrl``. Mitigation: upgrade to `2.0.0b3` or later.
CVE-2026-48788 Cross-Site Scripting (XSS) in github.com/umputun/remark42 (CVE-2026-48788)
cross-site scripting in github.com/umputun/remark42 (CVE-2026-48788). Confidential information can be exposed externally. Exploitable via ``http.DetectContentType``. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-48055 Vulnerability in path-traversal (CVE-2026-48055)
vulnerability in path-traversal (CVE-2026-48055). Data can be tampered with by attackers.
CVE-2026-48745 Vulnerability in CVE-2026-48745 (CVE-2026-48745)
vulnerability in CVE-2026-48745 (CVE-2026-48745). Confidential information can be exposed externally.
CVE-2026-47277 Path Traversal in CVE-2026-47277 (CVE-2026-47277)
path traversal in CVE-2026-47277 (CVE-2026-47277). Confidential information can be exposed externally.
CVE-2026-48776 Path Traversal in langgraph-sdk (CVE-2026-48776)
path traversal in langgraph-sdk (CVE-2026-48776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.15` or later.
CVE-2026-12437 Use-After-Free in Google chrome (CVE-2026-12437)
vulnerability in Google chrome (CVE-2026-12437). Successful exploitation can lead to full system takeover.
CVE-2026-54326 Cross-Site Scripting (XSS) in @mariozechner/pi-coding-agent (CVE-2026-54326)
cross-site scripting in @mariozechner/pi-coding-agent (CVE-2026-54326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.78.1` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →