Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54350 |
|
SQL Injection in @budibase/server (CVE-2026-54350)
SQL injection in @budibase/server (CVE-2026-54350). Confidential information can be exposed externally. Exploitable via `POST /api/v2/queries/`. Mitigation: upgrade to `3.39.12` or later.
|
| CVE-2026-54019 |
|
Vulnerability in open-webui (CVE-2026-54019)
vulnerability in open-webui (CVE-2026-54019). Confidential information can be exposed externally. Exploitable via `POST /api/v1/retrieval/query/collection`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-47181 |
|
Vulnerability in CVE-2026-47181 (CVE-2026-47181)
vulnerability in CVE-2026-47181 (CVE-2026-47181). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-27886 |
|
Path Traversal in @strapi/strapi (CVE-2026-27886)
path traversal in @strapi/strapi (CVE-2026-27886). Confidential information can be exposed externally. Exploitable via `POST /admin/reset-password`. Mitigation: upgrade to `5.37.0` or later.
|
| CVE-2026-44425 |
|
Vulnerability in github.com/shellhub-io/shellhub (CVE-2026-44425)
vulnerability in github.com/shellhub-io/shellhub (CVE-2026-44425). Risk of unauthorized operations or information disclosure. Exploitable via ``name``. Mitigation: upgrade to `0.24.2` or later.
|