Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57234 |
|
Vulnerability in ssrf (CVE-2026-57234)
vulnerability in ssrf (CVE-2026-57234). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
|
| CVE-2026-53721 |
|
Vulnerability in nuxt (CVE-2026-53721)
vulnerability in nuxt (CVE-2026-53721). Confidential information can be exposed externally. Exploitable via ``routeRules``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-46392 |
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
| CVE-2026-45135 |
|
Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45135). Successful exploitation can lead to full system takeover. Exploitable via ``search.IgnoreCase``. Mitigation: upgrade to `2.11.3` or later.
|
| CVE-2026-45062 |
|
Vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062)
vulnerability in github.com/dunglas/frankenphp (CVE-2026-45062). Successful exploitation can lead to full system takeover. Exploitable via ``cgi.go``. Mitigation: upgrade to `1.12.3` or later.
|
| CVE-2026-28292 |
|
OS Command Injection in simple-git-project (CVE-2026-28292)
OS command injection in simple-git-project (CVE-2026-28292). Successful exploitation can lead to full system takeover.
|
| CVE-2025-50864 |
|
Vulnerability in csharp (CVE-2025-50864)
vulnerability in csharp (CVE-2025-50864). Data can be tampered with by attackers.
|