Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8205 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8205)
vulnerability in concrete5/concrete5 (CVE-2026-8205). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8203 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8203)
cross-site scripting in concrete5/concrete5 (CVE-2026-8203). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8197 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8134 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47102 |
|
Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-6826 |
|
Information Disclosure in concrete5/concrete5 (CVE-2026-6826)
vulnerability in concrete5/concrete5 (CVE-2026-6826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8140 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-47101 |
|
Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
|
| CVE-2026-46638 |
|
Vulnerability in twig/twig (CVE-2026-46638)
vulnerability in twig/twig (CVE-2026-46638). Risk of unauthorized operations or information disclosure. Exploitable via ``Environment``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-46637 |
|
Vulnerability in twig/markdown-extra (CVE-2026-46637)
vulnerability in twig/markdown-extra (CVE-2026-46637). Risk of unauthorized operations or information disclosure. Exploitable via ``html``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-46635 |
|
Authorization Flaw in twig/twig (CVE-2026-46635)
vulnerability in twig/twig (CVE-2026-46635). Risk of unauthorized operations or information disclosure. Exploitable via ``column``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-46634 |
|
Vulnerability in twig/twig (CVE-2026-46634)
vulnerability in twig/twig (CVE-2026-46634). Risk of unauthorized operations or information disclosure. Exploitable via ``SourcePolicyInterface``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-46633 |
|
Code Injection in twig/twig (CVE-2026-46633)
code injection in twig/twig (CVE-2026-46633). Risk of unauthorized operations or information disclosure. Exploitable via ``SecurityPolicy``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-46629 |
|
Vulnerability in twig/intl-extra (CVE-2026-46629)
vulnerability in twig/intl-extra (CVE-2026-46629). Risk of unauthorized operations or information disclosure. Exploitable via ``IntlExtension``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-46628 |
|
Vulnerability in twig/twig (CVE-2026-46628)
vulnerability in twig/twig (CVE-2026-46628). Risk of unauthorized operations or information disclosure. Exploitable via ``spaceless``. Mitigation: upgrade to `3.26.0` or later.
|
| CVE-2026-46625 |
|
Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
|
| CVE-2026-46673 |
|
Vulnerability in russh-cryptovec (CVE-2026-46673)
vulnerability in russh-cryptovec (CVE-2026-46673). Risk of unauthorized operations or information disclosure. Exploitable via ``CryptoVec``. Mitigation: upgrade to `0.60.3` or later.
|
| CVE-2026-46609 |
|
Cross-Site Scripting (XSS) in Umbraco.Cms (CVE-2026-46609)
cross-site scripting in Umbraco.Cms (CVE-2026-46609). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `17.4.0` or later.
|
| CVE-2026-46553 |
|
Vulnerability in nocodb (CVE-2026-46553)
vulnerability in nocodb (CVE-2026-46553). Risk of unauthorized operations or information disclosure. Exploitable via ``NC_ATTACHMENT_FIELD_SIZE``.
|
| CVE-2026-46552 |
|
Vulnerability in nocodb (CVE-2026-46552)
vulnerability in nocodb (CVE-2026-46552). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v2/meta/bases/`.
|
| CVE-2026-46551 |
|
Vulnerability in nocodb (CVE-2026-46551)
vulnerability in nocodb (CVE-2026-46551). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/db/storage/upload-by-url`.
|
| CVE-2026-46549 |
|
Authorization Flaw in nocodb (CVE-2026-46549)
vulnerability in nocodb (CVE-2026-46549). Risk of unauthorized operations or information disclosure. Exploitable via ``oauth_scope``.
|
| CVE-2026-46548 |
|
SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-46548)
SSRF in nocodb (CVE-2026-46548). Risk of unauthorized operations or information disclosure. Exploitable via ``httpAgent``.
|
| CVE-2026-46547 |
|
Cross-Site Scripting (XSS) in nocodb (CVE-2026-46547)
cross-site scripting in nocodb (CVE-2026-46547). Risk of unauthorized operations or information disclosure. Exploitable via ``ncRedirectUrl``.
|
| CVE-2026-46519 |
|
Authorization Flaw in mcp-server-kubernetes (CVE-2026-46519)
vulnerability in mcp-server-kubernetes (CVE-2026-46519). Successful exploitation can lead to full system takeover. Exploitable via ``ALLOW_ONLY_READONLY_TOOLS``. Mitigation: upgrade to `3.6.0` or later.
|
| CVE-2026-46668 |
|
Vulnerability in github.com/authzed/spicedb (CVE-2026-46668)
vulnerability in github.com/authzed/spicedb (CVE-2026-46668). Risk of unauthorized operations or information disclosure. Exploitable via ``lr3``. Mitigation: upgrade to `1.52.0` or later.
|
| CVE-2026-46643 |
|
OS Command Injection in KnpLabs/knp-snappy (CVE-2026-46643)
OS command injection in KnpLabs/knp-snappy (CVE-2026-46643). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-46683 |
|
SSRF (Server-Side Request Forgery) in knplabs/knp-snappy (CVE-2026-46683)
SSRF in knplabs/knp-snappy (CVE-2026-46683). Risk of unauthorized operations or information disclosure. Exploitable via ``http``. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2026-46618 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46618)
vulnerability in github.com/fission/fission (CVE-2026-46618). Risk of unauthorized operations or information disclosure. Exploitable via ``Environment.spec.builder.command``. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-47114 |
|
Vulnerability in CVE-2026-47114 (CVE-2026-47114)
vulnerability in CVE-2026-47114 (CVE-2026-47114). Successful exploitation can lead to full system takeover.
|
| CVE-2026-4843 |
|
Vulnerability in wordpress (CVE-2026-4843)
vulnerability in wordpress (CVE-2026-4843). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46617 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46617)
vulnerability in github.com/fission/fission (CVE-2026-46617). Risk of unauthorized operations or information disclosure. Exploitable via ``get``. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-46614 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46614)
vulnerability in github.com/fission/fission (CVE-2026-46614). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v2/foo`. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-46612 |
|
Vulnerability in github.com/fission/fission (CVE-2026-46612)
vulnerability in github.com/fission/fission (CVE-2026-46612). Successful exploitation can lead to full system takeover. Exploitable via ``storagesvc``. Mitigation: upgrade to `1.23.0` or later.
|
| CVE-2026-46616 |
|
Open Redirect in Umbraco.Cms (CVE-2026-46616)
vulnerability in Umbraco.Cms (CVE-2026-46616). Risk of unauthorized operations or information disclosure. Exploitable via ``UmbLoginStatusController``. Mitigation: upgrade to `17.4.0` or later.
|
| CVE-2026-46561 |
|
SSRF (Server-Side Request Forgery) in pyload-ng (CVE-2026-46561)
SSRF in pyload-ng (CVE-2026-46561). Risk of unauthorized operations or information disclosure. Exploitable via ``PREREQFUNCTION``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-46517 |
|
Code Injection in lmdeploy (CVE-2026-46517)
code injection in lmdeploy (CVE-2026-46517). Successful exploitation can lead to full system takeover. Exploitable via ``get_model_arch``.
|
| CVE-2026-46497 |
|
SSRF (Server-Side Request Forgery) in crawlee (CVE-2026-46497)
SSRF in crawlee (CVE-2026-46497). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2026-48246 |
|
Vulnerability in CVE-2026-48246 (CVE-2026-48246)
vulnerability in CVE-2026-48246 (CVE-2026-48246). Confidential information can be exposed externally.
|
| CVE-2026-48247 |
|
Vulnerability in CVE-2026-48247 (CVE-2026-48247)
vulnerability in CVE-2026-48247 (CVE-2026-48247). Confidential information can be exposed externally.
|
| CVE-2026-48248 |
|
Vulnerability in CVE-2026-48248 (CVE-2026-48248)
vulnerability in CVE-2026-48248 (CVE-2026-48248). Confidential information can be exposed externally.
|
| CVE-2026-48249 |
|
Vulnerability in CVE-2026-48249 (CVE-2026-48249)
vulnerability in CVE-2026-48249 (CVE-2026-48249). Confidential information can be exposed externally.
|
| CVE-2026-48245 |
|
Vulnerability in CVE-2026-48245 (CVE-2026-48245)
vulnerability in CVE-2026-48245 (CVE-2026-48245). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48244 |
|
Vulnerability in CVE-2026-48244 (CVE-2026-48244)
vulnerability in CVE-2026-48244 (CVE-2026-48244). Risk of unauthorized operations or information disclosure.
|