Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Clear
ID Title
CVE-2026-43876 Cross-Site Scripting (XSS) in wwbn/avideo (CVE-2026-43876)
cross-site scripting in wwbn/avideo (CVE-2026-43876). Risk of unauthorized operations or information disclosure. Exploitable via ``message``.
CVE-2026-28985 Vulnerability in c (CVE-2026-28985)
vulnerability in c (CVE-2026-28985). Risk of unauthorized operations or information disclosure.
CVE-2026-43874 Code Injection in wwbn/avideo (CVE-2026-43874)
code injection in wwbn/avideo (CVE-2026-43874). Risk of unauthorized operations or information disclosure. Exploitable via ``autoEvalCodeOnHTML``.
CVE-2026-42888 Path Traversal in CVE-2026-42888 (CVE-2026-42888)
path traversal in CVE-2026-42888 (CVE-2026-42888). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.32.2` or later.
CVE-2026-8321 A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function...
CVE-2026-8319 Vulnerability in ai-agents (CVE-2026-8319)
vulnerability in ai-agents (CVE-2026-8319). Risk of unauthorized operations or information disclosure.
CVE-2026-8320 SSRF (Server-Side Request Forgery) in CVE-2026-8320 (CVE-2026-8320)
SSRF in CVE-2026-8320 (CVE-2026-8320). Risk of unauthorized operations or information disclosure.
CVE-2026-45026 Cross-Site Scripting (XSS) in CVE-2026-45026 (CVE-2026-45026)
cross-site scripting in CVE-2026-45026 (CVE-2026-45026). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-45025 Cross-Site Scripting (XSS) in CVE-2026-45025 (CVE-2026-45025)
cross-site scripting in CVE-2026-45025 (CVE-2026-45025). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-42887 Cross-Site Scripting (XSS) in CVE-2026-42887 (CVE-2026-42887)
cross-site scripting in CVE-2026-42887 (CVE-2026-42887). Confidential information can be exposed externally. Mitigation: upgrade to `2.33.0` or later.
CVE-2026-42870 Cross-Site Scripting (XSS) in CVE-2026-42870 (CVE-2026-42870)
cross-site scripting in CVE-2026-42870 (CVE-2026-42870). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-42872 Cross-Site Scripting (XSS) in CVE-2026-42872 (CVE-2026-42872)
cross-site scripting in CVE-2026-42872 (CVE-2026-42872). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-42873 Information Disclosure in CVE-2026-42873 (CVE-2026-42873)
vulnerability in CVE-2026-42873 (CVE-2026-42873). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.10` or later.
CVE-2026-42874 Vulnerability in microdot (CVE-2026-42874)
vulnerability in microdot (CVE-2026-42874). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.6.1` or later.
CVE-2026-44657 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-44657)
cross-site scripting in mantisbt/mantisbt (CVE-2026-44657). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-43898 Code Injection in @nyariv/sandboxjs (CVE-2026-43898)
code injection in @nyariv/sandboxjs (CVE-2026-43898). Successful exploitation can lead to full system takeover. Exploitable via ``Function.caller``. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-41897 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-41897)
cross-site scripting in mantisbt/mantisbt (CVE-2026-41897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-41159 Code Injection in mermaid (CVE-2026-41159)
code injection in mermaid (CVE-2026-41159). Risk of unauthorized operations or information disclosure. Exploitable via ``fontFamily``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-41150 Vulnerability in mermaid (CVE-2026-41150)
vulnerability in mermaid (CVE-2026-41150). Risk of unauthorized operations or information disclosure. Exploitable via ``excludes``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-41149 Code Injection in mermaid (CVE-2026-41149)
code injection in mermaid (CVE-2026-41149). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-41148 Code Injection in mermaid (CVE-2026-41148)
code injection in mermaid (CVE-2026-41148). Risk of unauthorized operations or information disclosure. Exploitable via ``classDef``. Mitigation: upgrade to `10.9.6` or later.
CVE-2026-39960 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-39960)
cross-site scripting in mantisbt/mantisbt (CVE-2026-39960). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-39850 Vulnerability in yiisoft/yii2 (CVE-2026-39850)
vulnerability in yiisoft/yii2 (CVE-2026-39850). Confidential information can be exposed externally. Exploitable via ``require``. Mitigation: upgrade to `2.0.55` or later.
CVE-2026-34579 Information Disclosure in mantisbt/mantisbt (CVE-2026-34579)
vulnerability in mantisbt/mantisbt (CVE-2026-34579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34463 Cross-Site Scripting (XSS) in mantisbt/mantisbt (CVE-2026-34463)
cross-site scripting in mantisbt/mantisbt (CVE-2026-34463). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-34390 Vulnerability in mantisbt/mantisbt (CVE-2026-34390)
vulnerability in mantisbt/mantisbt (CVE-2026-34390). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /project/{id}/users`. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-45223 Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user...
CVE-2026-42871 Information Disclosure in CVE-2026-42871 (CVE-2026-42871)
vulnerability in CVE-2026-42871 (CVE-2026-42871). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.7.0` or later.
CVE-2026-5266 Information Disclosure in CVE-2026-5266 (CVE-2026-5266)
vulnerability in CVE-2026-5266 (CVE-2026-5266). Risk of unauthorized operations or information disclosure.
CVE-2026-7210 Vulnerability in libpython (CVE-2026-7210)
vulnerability in libpython (CVE-2026-7210). Risk of unauthorized operations or information disclosure. Exploitable via ``xml.parsers.expat``.
CVE-2026-45004 Code Injection in openclaw (CVE-2026-45004)
code injection in openclaw (CVE-2026-45004). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.23` or later.
CVE-2026-7308 Cross-Site Scripting (XSS) in CVE-2026-7308 (CVE-2026-7308)
cross-site scripting in CVE-2026-7308 (CVE-2026-7308). Risk of unauthorized operations or information disclosure.
CVE-2026-34094 Vulnerability in mediawiki (CVE-2026-34094)
vulnerability in mediawiki (CVE-2026-34094). Risk of unauthorized operations or information disclosure.
CVE-2026-30635 OS Command Injection in automagik-genie (CVE-2026-30635)
OS command injection in automagik-genie (CVE-2026-30635). Successful exploitation can lead to full system takeover.
CVE-2026-36962 SQL Injection in sqli (CVE-2026-36962)
SQL injection in sqli (CVE-2026-36962). Risk of unauthorized operations or information disclosure.
CVE-2026-34095 Vulnerability in mediawiki (CVE-2026-34095)
vulnerability in mediawiki (CVE-2026-34095). Risk of unauthorized operations or information disclosure.
CVE-2026-34093 Information Disclosure in mediawiki (CVE-2026-34093)
vulnerability in mediawiki (CVE-2026-34093). Risk of unauthorized operations or information disclosure.
CVE-2026-31252 Code Injection in deserialization (CVE-2026-31252)
code injection in deserialization (CVE-2026-31252). Risk of unauthorized operations or information disclosure.
CVE-2026-31249 Unsafe Deserialization in deserialization (CVE-2026-31249)
vulnerability in deserialization (CVE-2026-31249). Risk of unauthorized operations or information disclosure.
CVE-2026-31254 Vulnerability in CVE-2026-31254 (CVE-2026-31254)
vulnerability in CVE-2026-31254 (CVE-2026-31254). Risk of unauthorized operations or information disclosure.
CVE-2026-31250 Unsafe Deserialization in deserialization (CVE-2026-31250)
vulnerability in deserialization (CVE-2026-31250). Risk of unauthorized operations or information disclosure.
CVE-2026-31253 Code Injection in flash_attn (CVE-2026-31253)
code injection in flash_attn (CVE-2026-31253). Risk of unauthorized operations or information disclosure.
CVE-2026-31251 Vulnerability in deserialization (CVE-2026-31251)
vulnerability in deserialization (CVE-2026-31251). Risk of unauthorized operations or information disclosure.
CVE-2026-43895 Vulnerability in c (CVE-2026-43895)
vulnerability in c (CVE-2026-43895). Risk of unauthorized operations or information disclosure.
CVE-2026-44226 Vulnerability in pyload-ng (CVE-2026-44226)
vulnerability in pyload-ng (CVE-2026-44226). Risk of unauthorized operations or information disclosure. Exploitable via ``filename``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
CVE-2026-42859 Vulnerability in c (CVE-2026-42859)
vulnerability in c (CVE-2026-42859). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-42315 Path Traversal in pyload-ng (CVE-2026-42315)
path traversal in pyload-ng (CVE-2026-42315). Data can be tampered with by attackers. Exploitable via ``Perms.MODIFY``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
CVE-2026-42856 Vulnerability in network-ai (CVE-2026-42856)
vulnerability in network-ai (CVE-2026-42856). Risk of unauthorized operations or information disclosure. Exploitable via `GET /tools`. Mitigation: upgrade to `5.1.3` or later.
CVE-2026-42314 Path Traversal in pyload-ng (CVE-2026-42314)
path traversal in pyload-ng (CVE-2026-42314). Data can be tampered with by attackers. Mitigation: upgrade to `0.5.0b3.dev100` or later.
CVE-2026-42313 Vulnerability in pyload-ng (CVE-2026-42313)
vulnerability in pyload-ng (CVE-2026-42313). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →