Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43876 |
|
Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43876)
cross-site scripting in wwbn/avideo (CVE-2026-43876). Risk of unauthorized operations or information disclosure. Exploitable via ``message``.
|
| CVE-2026-28985 |
|
Vulnerability in c (CVE-2026-28985)
vulnerability in c (CVE-2026-28985). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43874 |
|
Code Injection in wwbn/avideo (CVE-2026-43874)
code injection in wwbn/avideo (CVE-2026-43874). Risk of unauthorized operations or information disclosure. Exploitable via ``autoEvalCodeOnHTML``.
|
| CVE-2026-42888 |
|
Path Traversal in CVE-2026-42888 (CVE-2026-42888)
path traversal in CVE-2026-42888 (CVE-2026-42888). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.32.2` or later.
|
| CVE-2026-8321 |
|
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
|
| CVE-2026-8319 |
|
Vulnerability in ai-agents (CVE-2026-8319)
vulnerability in ai-agents (CVE-2026-8319). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8320 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-8320 (CVE-2026-8320)
SSRF in CVE-2026-8320 (CVE-2026-8320). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45026 |
|
Cross-Site Scripting (XSS) in CVE-2026-45026 (CVE-2026-45026)
cross-site scripting in CVE-2026-45026 (CVE-2026-45026). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-45025 |
|
Cross-Site Scripting (XSS) in CVE-2026-45025 (CVE-2026-45025)
cross-site scripting in CVE-2026-45025 (CVE-2026-45025). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
|
| CVE-2026-42887 |
|
Cross-Site Scripting (XSS) in CVE-2026-42887 (CVE-2026-42887)
cross-site scripting in CVE-2026-42887 (CVE-2026-42887). Confidential information can be exposed externally. Mitigation: upgrade to `2.33.0` or later.
|
| CVE-2026-42870 |
|
Cross-Site Scripting (XSS) in CVE-2026-42870 (CVE-2026-42870)
cross-site scripting in CVE-2026-42870 (CVE-2026-42870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42872 |
|
Cross-Site Scripting (XSS) in CVE-2026-42872 (CVE-2026-42872)
cross-site scripting in CVE-2026-42872 (CVE-2026-42872). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-42873 |
|
Information Disclosure in CVE-2026-42873 (CVE-2026-42873)
vulnerability in CVE-2026-42873 (CVE-2026-42873). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.10` or later.
|
| CVE-2026-42874 |
|
Vulnerability in microdot (CVE-2026-42874)
vulnerability in microdot (CVE-2026-42874). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.1` or later.
|
| CVE-2026-44657 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44657)
cross-site scripting in mantisbt/mantisbt (CVE-2026-44657). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-43898 |
|
Code Injection in @nyariv/sandboxjs (CVE-2026-43898)
code injection in @nyariv/sandboxjs (CVE-2026-43898). Successful exploitation can lead to full system takeover. Exploitable via ``Function.caller``. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-41897 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-41897)
cross-site scripting in mantisbt/mantisbt (CVE-2026-41897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-41159 |
|
Code Injection in mermaid (CVE-2026-41159)
code injection in mermaid (CVE-2026-41159). Risk of unauthorized operations or information disclosure. Exploitable via ``fontFamily``. Mitigation: upgrade to `10.9.6` or later.
|
| CVE-2026-41150 |
|
Vulnerability in mermaid (CVE-2026-41150)
vulnerability in mermaid (CVE-2026-41150). Risk of unauthorized operations or information disclosure. Exploitable via ``excludes``. Mitigation: upgrade to `10.9.6` or later.
|
| CVE-2026-41149 |
|
Code Injection in mermaid (CVE-2026-41149)
code injection in mermaid (CVE-2026-41149). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
|
| CVE-2026-41148 |
|
Code Injection in mermaid (CVE-2026-41148)
code injection in mermaid (CVE-2026-41148). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
|
| CVE-2026-39960 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-39960)
cross-site scripting in mantisbt/mantisbt (CVE-2026-39960). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-39850 |
|
Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.
|
| CVE-2026-34579 |
|
Information Disclosure in mantisbt/mantisbt (CVE-2026-34579)
vulnerability in mantisbt/mantisbt (CVE-2026-34579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-34463 |
|
Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-34463)
cross-site scripting in mantisbt/mantisbt (CVE-2026-34463). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-34390 |
|
Vulnerability in mantisbt/mantisbt (CVE-2026-34390)
vulnerability in mantisbt/mantisbt (CVE-2026-34390). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /project/{id}/users`. Mitigation: upgrade to `2.28.2` or later.
|
| CVE-2026-45223 |
|
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
|
| CVE-2026-42871 |
|
Information Disclosure in CVE-2026-42871 (CVE-2026-42871)
vulnerability in CVE-2026-42871 (CVE-2026-42871). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-5266 |
|
Information Disclosure in CVE-2026-5266 (CVE-2026-5266)
vulnerability in CVE-2026-5266 (CVE-2026-5266). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-7210 |
|
Vulnerability in libpython (CVE-2026-7210)
vulnerability in libpython (CVE-2026-7210). Risk of unauthorized operations or information disclosure. Exploitable via ``xml.parsers.expat``.
|
| CVE-2026-45004 |
|
Code Injection in openclaw (CVE-2026-45004)
code injection in openclaw (CVE-2026-45004). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.23` or later.
|
| CVE-2026-7308 |
|
Cross-Site Scripting (XSS) in CVE-2026-7308 (CVE-2026-7308)
cross-site scripting in CVE-2026-7308 (CVE-2026-7308). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34094 |
|
Vulnerability in mediawiki (CVE-2026-34094)
vulnerability in mediawiki (CVE-2026-34094). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30635 |
|
OS Command Injection in automagik-genie (CVE-2026-30635)
OS command injection in automagik-genie (CVE-2026-30635). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36962 |
|
SQL Injection in sqli (CVE-2026-36962)
SQL injection in sqli (CVE-2026-36962). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34095 |
|
Vulnerability in mediawiki (CVE-2026-34095)
vulnerability in mediawiki (CVE-2026-34095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34093 |
|
Information Disclosure in mediawiki (CVE-2026-34093)
vulnerability in mediawiki (CVE-2026-34093). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31252 |
|
Code Injection in deserialization (CVE-2026-31252)
code injection in deserialization (CVE-2026-31252). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31249 |
|
Unsafe Deserialization in deserialization (CVE-2026-31249)
vulnerability in deserialization (CVE-2026-31249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31254 |
|
Vulnerability in CVE-2026-31254 (CVE-2026-31254)
vulnerability in CVE-2026-31254 (CVE-2026-31254). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31250 |
|
Unsafe Deserialization in deserialization (CVE-2026-31250)
vulnerability in deserialization (CVE-2026-31250). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31253 |
|
Code Injection in flash_attn (CVE-2026-31253)
code injection in flash_attn (CVE-2026-31253). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31251 |
|
Vulnerability in deserialization (CVE-2026-31251)
vulnerability in deserialization (CVE-2026-31251). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43895 |
|
Vulnerability in c (CVE-2026-43895)
vulnerability in c (CVE-2026-43895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44226 |
|
Vulnerability in pyload-ng (CVE-2026-44226)
vulnerability in pyload-ng (CVE-2026-44226). Risk of unauthorized operations or information disclosure. Exploitable via ``filename``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-42859 |
|
Vulnerability in c (CVE-2026-42859)
vulnerability in c (CVE-2026-42859). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-42315 |
|
Path Traversal in pyload-ng (CVE-2026-42315)
path traversal in pyload-ng (CVE-2026-42315). Data can be tampered with by attackers. Exploitable via ``Perms.MODIFY``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-42856 |
|
Vulnerability in network-ai (CVE-2026-42856)
vulnerability in network-ai (CVE-2026-42856). Risk of unauthorized operations or information disclosure. Exploitable via `GET /tools`. Mitigation: upgrade to `5.1.3` or later.
|
| CVE-2026-42314 |
|
Path Traversal in pyload-ng (CVE-2026-42314)
path traversal in pyload-ng (CVE-2026-42314). Data can be tampered with by attackers. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|
| CVE-2026-42313 |
|
Vulnerability in pyload-ng (CVE-2026-42313)
vulnerability in pyload-ng (CVE-2026-42313). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
|