Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54779 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54779)
vulnerability in CoreWCF.Primitives (CVE-2026-54779). Data can be tampered with by attackers. Exploitable via ``ITokenReplayCache``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54778 |
|
Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54777 |
|
Vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777)
vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54776 |
|
Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54775 |
|
Vulnerability in CoreWCF.Kafka (CVE-2026-54775)
vulnerability in CoreWCF.Kafka (CVE-2026-54775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54774 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54774)
vulnerability in CoreWCF.Primitives (CVE-2026-54774). Confidential information can be exposed externally. Exploitable via ``BinarySecretSecurityToken``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54773 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54773)
vulnerability in CoreWCF.Primitives (CVE-2026-54773). Data can be tampered with by attackers. Exploitable via ``KeyInfo``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54772 |
|
Vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772)
vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-49342 |
|
Path Traversal in yard (CVE-2026-49342)
path traversal in yard (CVE-2026-49342). Risk of unauthorized operations or information disclosure. Exploitable via ``adapter.document_root``. Mitigation: upgrade to `0.9.44` or later.
|
| CVE-2026-54898 |
|
Use-After-Free in oj (CVE-2026-54898)
vulnerability in oj (CVE-2026-54898). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_start``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54897 |
|
Use-After-Free in oj (CVE-2026-54897)
vulnerability in oj (CVE-2026-54897). Risk of unauthorized operations or information disclosure. Exploitable via ``each_value``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54896 |
|
Vulnerability in oj (CVE-2026-54896)
vulnerability in oj (CVE-2026-54896). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-55778 |
|
Unrestricted File Upload in parse-server (CVE-2026-55778)
vulnerability in parse-server (CVE-2026-55778). Risk of unauthorized operations or information disclosure. Exploitable via ``fileUpload.fileExtensions``. Mitigation: upgrade to `8.6.81` or later.
|
| CVE-2026-54592 |
|
Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54527 |
|
Cross-Site Scripting (XSS) in jupyterlab-git (CVE-2026-54527)
cross-site scripting in jupyterlab-git (CVE-2026-54527). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/terminals`. Mitigation: upgrade to `0.54.0` or later.
|
| CVE-2026-54500 |
|
Out-of-Bounds Read in oj (CVE-2026-54500)
vulnerability in oj (CVE-2026-54500). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54499 |
|
Unsafe Deserialization in stanza (CVE-2026-54499)
vulnerability in stanza (CVE-2026-54499). Successful exploitation can lead to full system takeover. Exploitable via ``pickle.UnpicklingError``. Mitigation: upgrade to `1.12.2` or later.
|
| CVE-2026-54297 |
|
Vulnerability in faraday (CVE-2026-54297)
vulnerability in faraday (CVE-2026-54297). Risk of unauthorized operations or information disclosure. Exploitable via ``Hash``. Mitigation: upgrade to `1.10.6` or later.
|
| CVE-2026-54502 |
|
Vulnerability in oj (CVE-2026-54502)
vulnerability in oj (CVE-2026-54502). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54899 |
|
Use-After-Free in oj (CVE-2026-54899)
vulnerability in oj (CVE-2026-54899). Risk of unauthorized operations or information disclosure. Exploitable via ``symbol_keys``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-23879 |
|
Vulnerability in py7zr (CVE-2026-23879)
vulnerability in py7zr (CVE-2026-23879). Successful exploitation can lead to full system takeover. Exploitable via ``py7zr``. Mitigation: upgrade to `1.1.3` or later.
|
| CVE-2026-49293 |
|
Vulnerability in js-toml (CVE-2026-49293)
vulnerability in js-toml (CVE-2026-49293). Risk of unauthorized operations or information disclosure. Exploitable via ``parseBigInt``. Mitigation: upgrade to `1.1.1` or later.
|
| CVE-2019-25762 |
|
Vulnerability in CVE-2019-25762 (CVE-2019-25762)
vulnerability in CVE-2019-25762 (CVE-2019-25762). Confidential information can be exposed externally.
|
| CVE-2019-25760 |
|
Vulnerability in CVE-2019-25760 (CVE-2019-25760)
vulnerability in CVE-2019-25760 (CVE-2019-25760). Confidential information can be exposed externally.
|
| CVE-2019-25761 |
|
SQL Injection in sqli (CVE-2019-25761)
SQL injection in sqli (CVE-2019-25761). Confidential information can be exposed externally.
|
| CVE-2019-25758 |
|
Unrestricted File Upload in CVE-2019-25758 (CVE-2019-25758)
vulnerability in CVE-2019-25758 (CVE-2019-25758). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25753 |
|
SQL Injection in sqli (CVE-2019-25753)
SQL injection in sqli (CVE-2019-25753). Confidential information can be exposed externally.
|
| CVE-2019-25752 |
|
SQL Injection in sqli (CVE-2019-25752)
SQL injection in sqli (CVE-2019-25752). Confidential information can be exposed externally.
|
| CVE-2017-20270 |
|
SQL Injection in sqli (CVE-2017-20270)
SQL injection in sqli (CVE-2017-20270). Confidential information can be exposed externally.
|
| CVE-2017-20271 |
|
SQL Injection in sqli (CVE-2017-20271)
SQL injection in sqli (CVE-2017-20271). Confidential information can be exposed externally.
|
| CVE-2017-20274 |
|
SQL Injection in sqli (CVE-2017-20274)
SQL injection in sqli (CVE-2017-20274). Confidential information can be exposed externally.
|
| CVE-2017-20275 |
|
SQL Injection in sqli (CVE-2017-20275)
SQL injection in sqli (CVE-2017-20275). Confidential information can be exposed externally.
|
| CVE-2017-20279 |
|
SQL Injection in sqli (CVE-2017-20279)
SQL injection in sqli (CVE-2017-20279). Confidential information can be exposed externally.
|
| CVE-2017-20276 |
|
SQL Injection in sqli (CVE-2017-20276)
SQL injection in sqli (CVE-2017-20276). Confidential information can be exposed externally.
|
| CVE-2017-20273 |
|
SQL Injection in sqli (CVE-2017-20273)
SQL injection in sqli (CVE-2017-20273). Confidential information can be exposed externally.
|
| CVE-2017-20272 |
|
SQL Injection in sqli (CVE-2017-20272)
SQL injection in sqli (CVE-2017-20272). Confidential information can be exposed externally.
|
| CVE-2017-20281 |
|
SQL Injection in sqli (CVE-2017-20281)
SQL injection in sqli (CVE-2017-20281). Confidential information can be exposed externally.
|
| CVE-2017-20282 |
|
SQL Injection in sqli (CVE-2017-20282)
SQL injection in sqli (CVE-2017-20282). Confidential information can be exposed externally.
|
| CVE-2017-20280 |
|
SQL Injection in sqli (CVE-2017-20280)
SQL injection in sqli (CVE-2017-20280). Confidential information can be exposed externally.
|
| CVE-2017-20262 |
|
SQL Injection in sqli (CVE-2017-20262)
SQL injection in sqli (CVE-2017-20262). Confidential information can be exposed externally.
|
| CVE-2017-20259 |
|
SQL Injection in sqli (CVE-2017-20259)
SQL injection in sqli (CVE-2017-20259). Confidential information can be exposed externally.
|
| CVE-2017-20263 |
|
SQL Injection in sqli (CVE-2017-20263)
SQL injection in sqli (CVE-2017-20263). Confidential information can be exposed externally.
|
| CVE-2017-20264 |
|
SQL Injection in sqli (CVE-2017-20264)
SQL injection in sqli (CVE-2017-20264). Confidential information can be exposed externally.
|
| CVE-2017-20265 |
|
SQL Injection in sqli (CVE-2017-20265)
SQL injection in sqli (CVE-2017-20265). Confidential information can be exposed externally.
|
| CVE-2017-20258 |
|
SQL Injection in sqli (CVE-2017-20258)
SQL injection in sqli (CVE-2017-20258). Confidential information can be exposed externally.
|
| CVE-2017-20252 |
|
SQL Injection in sqli (CVE-2017-20252)
SQL injection in sqli (CVE-2017-20252). Confidential information can be exposed externally.
|
| CVE-2017-20255 |
|
SQL Injection in sqli (CVE-2017-20255)
SQL injection in sqli (CVE-2017-20255). Confidential information can be exposed externally.
|
| CVE-2017-20254 |
|
SQL Injection in sqli (CVE-2017-20254)
SQL injection in sqli (CVE-2017-20254). Confidential information can be exposed externally.
|
| CVE-2026-49290 |
|
Path Traversal in CVE-2026-49290 (CVE-2026-49290)
path traversal in CVE-2026-49290 (CVE-2026-49290). Risk of unauthorized operations or information disclosure. Exploitable via ``zipfile``.
|
| CVE-2026-49359 |
|
SSRF (Server-Side Request Forgery) in pontedilana/php-weasyprint (CVE-2026-49359)
SSRF in pontedilana/php-weasyprint (CVE-2026-49359). Confidential information can be exposed externally. Exploitable via ``attachment``. Mitigation: upgrade to `2.6.0` or later.
|