Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Clear
ID Title
CVE-2026-8509 Vulnerability in Google chrome (CVE-2026-8509)
vulnerability in Google chrome (CVE-2026-8509). Successful exploitation can lead to full system takeover.
CVE-2026-44673 Vulnerability in c (CVE-2026-44673)
vulnerability in c (CVE-2026-44673). Risk of unauthorized operations or information disclosure.
CVE-2026-45369 OS Command Injection in utcp-cli (CVE-2026-45369)
OS command injection in utcp-cli (CVE-2026-45369). Successful exploitation can lead to full system takeover. Exploitable via ``_substitute_utcp_args``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-46509 Vulnerability in @ranfdev/deepobj (CVE-2026-46509)
vulnerability in @ranfdev/deepobj (CVE-2026-46509). Data can be tampered with by attackers. Exploitable via ``__proto__``. Mitigation: upgrade to `1.0.3` or later.
CVE-2026-45353 Code Injection in electerm (CVE-2026-45353)
code injection in electerm (CVE-2026-45353). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.0` or later.
CVE-2026-45373 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45373)
SSRF in deepseek-tui (CVE-2026-45373). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.26` or later.
CVE-2026-45310 SSRF (Server-Side Request Forgery) in deepseek-tui (CVE-2026-45310)
SSRF in deepseek-tui (CVE-2026-45310). Confidential information can be exposed externally. Exploitable via ``fetch_url``. Mitigation: upgrade to `0.8.22` or later.
CVE-2026-45675 Privilege Escalation in open-webui (CVE-2026-45675)
vulnerability in open-webui (CVE-2026-45675). Successful exploitation can lead to full system takeover. Exploitable via ``signup_handler``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45672 Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-45665 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45665)
cross-site scripting in open-webui (CVE-2026-45665). Confidential information can be exposed externally. Exploitable via ``marked.parse``. Mitigation: upgrade to `0.8.0` or later.
CVE-2026-45401 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45401)
SSRF in open-webui (CVE-2026-45401). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45400 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45400)
SSRF in open-webui (CVE-2026-45400). Confidential information can be exposed externally. Exploitable via ``requests``. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45399 Vulnerability in open-webui (CVE-2026-45399)
vulnerability in open-webui (CVE-2026-45399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/tasks`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45395 Privilege Escalation in open-webui (CVE-2026-45395)
vulnerability in open-webui (CVE-2026-45395). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/tools/id/{id}/update`. Mitigation: upgrade to `0.9.5` or later.
CVE-2026-45350 Vulnerability in open-webui (CVE-2026-45350)
vulnerability in open-webui (CVE-2026-45350). Confidential information can be exposed externally. Exploitable via ``tool_id``. Mitigation: upgrade to `0.8.6` or later.
CVE-2026-45348 Cross-Site Scripting (XSS) in pyload-ng (CVE-2026-45348)
cross-site scripting in pyload-ng (CVE-2026-45348). Confidential information can be exposed externally. Exploitable via `POST /flash/add`.
CVE-2026-42570 Vulnerability in devalue (CVE-2026-42570)
vulnerability in devalue (CVE-2026-42570). Risk of unauthorized operations or information disclosure. Exploitable via ``devalue.parse``. Mitigation: upgrade to `5.8.1` or later.
CVE-2026-45338 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45338)
SSRF in open-webui (CVE-2026-45338). Confidential information can be exposed externally. Exploitable via ``picture``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45331 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-45331)
SSRF in open-webui (CVE-2026-45331). Confidential information can be exposed externally. Exploitable via ``validators``. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45315 Unrestricted File Upload in open-webui (CVE-2026-45315)
vulnerability in open-webui (CVE-2026-45315). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.3` or later.
CVE-2026-44637 Vulnerability in saitoha (CVE-2026-44637)
vulnerability in saitoha (CVE-2026-44637). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.7-r2` or later.
CVE-2026-44636 Vulnerability in saitoha (CVE-2026-44636)
vulnerability in saitoha (CVE-2026-44636). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.8.7-r2` or later.
CVE-2026-43909 Out-of-Bounds Read in openimageio (CVE-2026-43909)
vulnerability in openimageio (CVE-2026-43909). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43908 Vulnerability in openimageio (CVE-2026-43908)
vulnerability in openimageio (CVE-2026-43908). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43907 Vulnerability in cpp (CVE-2026-43907)
vulnerability in cpp (CVE-2026-43907). Data can be tampered with by attackers. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43905 Vulnerability in cpp (CVE-2026-43905)
vulnerability in cpp (CVE-2026-43905). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43904 Out-of-Bounds Write in cpp (CVE-2026-43904)
out-of-bounds write in cpp (CVE-2026-43904). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43903 Out-of-Bounds Write in cpp (CVE-2026-43903)
out-of-bounds write in cpp (CVE-2026-43903). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-43906 Vulnerability in openimageio (CVE-2026-43906)
vulnerability in openimageio (CVE-2026-43906). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.18.0` or later.
CVE-2026-45303 Cross-Site Scripting (XSS) in open-webui (CVE-2026-45303)
cross-site scripting in open-webui (CVE-2026-45303). Confidential information can be exposed externally. Exploitable via ``High``. Mitigation: upgrade to `0.6.5` or later.
CVE-2026-45301 Vulnerability in open-webui (CVE-2026-45301)
vulnerability in open-webui (CVE-2026-45301). Confidential information can be exposed externally. Exploitable via ``user_id``. Mitigation: upgrade to `0.3.16` or later.
CVE-2026-8596 Vulnerability in Amazon sagemaker (CVE-2026-8596)
vulnerability in Amazon sagemaker (CVE-2026-8596). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.8.0` or later.
CVE-2026-8621 Authentication Bypass in github.com/openclaw/crabbox (CVE-2026-8621)
authentication bypass in github.com/openclaw/crabbox (CVE-2026-8621). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.12.0` or later.
CVE-2026-44633 Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
CVE-2026-44586 Cross-Site Scripting (XSS) in CVE-2026-44586 (CVE-2026-44586)
cross-site scripting in CVE-2026-44586 (CVE-2026-44586). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-42897 KEV [KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
cross-site scripting in Microsoft exchange-server (CVE-2026-42897). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2025-15023 Authorization Flaw in CVE-2025-15023 (CVE-2025-15023)
vulnerability in CVE-2025-15023 (CVE-2025-15023). Successful exploitation can lead to full system takeover.
CVE-2026-6332 Vulnerability in c (CVE-2026-6332)
vulnerability in c (CVE-2026-6332). Confidential information can be exposed externally.
CVE-2025-15024 Code Injection in CVE-2025-15024 (CVE-2025-15024)
code injection in CVE-2025-15024 (CVE-2025-15024). Successful exploitation can lead to full system takeover.
CVE-2026-45011 Cross-Site Scripting (XSS) in apostrophe (CVE-2026-45011)
cross-site scripting in apostrophe (CVE-2026-45011). Confidential information can be exposed externally.
CVE-2026-45013 Vulnerability in apostrophe (CVE-2026-45013)
vulnerability in apostrophe (CVE-2026-45013). Confidential information can be exposed externally. Exploitable via `POST /api/v1/login/reset-request`.
CVE-2026-45012 SSRF (Server-Side Request Forgery) in apostrophe (CVE-2026-45012)
SSRF in apostrophe (CVE-2026-45012). Confidential information can be exposed externally. Exploitable via `POST /api/v1/`.
CVE-2026-44973 Path Traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973)
path traversal in github.com/go-git/go-billy/v5 (CVE-2026-44973). Confidential information can be exposed externally. Exploitable via ``osfs.ChrootOS``. Mitigation: upgrade to `5.9.0` or later.
CVE-2026-20224 Vulnerability in cisco (CVE-2026-20224)
vulnerability in cisco (CVE-2026-20224). Confidential information can be exposed externally.
CVE-2026-44849 Vulnerability in github.com/portainer/portainer (CVE-2026-44849)
vulnerability in github.com/portainer/portainer (CVE-2026-44849). Successful exploitation can lead to full system takeover. Exploitable via `POST /services/create`. Mitigation: upgrade to `2.41.0` or later.
CVE-2026-44882 Authorization Flaw in github.com/portainer/portainer (CVE-2026-44882)
vulnerability in github.com/portainer/portainer (CVE-2026-44882). Confidential information can be exposed externally. Exploitable via ``kubeClientMiddleware``. Mitigation: upgrade to `2.33.8` or later.
CVE-2026-44850 Authorization Flaw in github.com/portainer/portainer (CVE-2026-44850)
vulnerability in github.com/portainer/portainer (CVE-2026-44850). Confidential information can be exposed externally. Exploitable via `POST /containers/create`. Mitigation: upgrade to `2.41.0` or later.
CVE-2026-44848 Vulnerability in github.com/portainer/portainer (CVE-2026-44848)
vulnerability in github.com/portainer/portainer (CVE-2026-44848). Successful exploitation can lead to full system takeover. Exploitable via `POST /plugins/pull`. Mitigation: upgrade to `2.41.0` or later.
CVE-2026-46444 Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-44790 Vulnerability in n8n (CVE-2026-44790)
vulnerability in n8n (CVE-2026-44790). Successful exploitation can lead to full system takeover. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.20.7` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →