Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: languages Tag: cwe-863 Clear
ID Title
CVE-2026-55188 Information Disclosure in CVE-2026-55188 (CVE-2026-55188)
vulnerability in CVE-2026-55188 (CVE-2026-55188). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
CVE-2026-55189 Vulnerability in CVE-2026-55189 (CVE-2026-55189)
vulnerability in CVE-2026-55189 (CVE-2026-55189). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.0-beta.9` or later.
CVE-2026-50559 Authentication Bypass in c (CVE-2026-50559)
authentication bypass in c (CVE-2026-50559). Confidential information can be exposed externally.
CVE-2026-48776 Path Traversal in langgraph-sdk (CVE-2026-48776)
path traversal in langgraph-sdk (CVE-2026-48776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.15` or later.
CVE-2026-49983 Authorization Flaw in deno (CVE-2026-49983)
vulnerability in deno (CVE-2026-49983). Risk of unauthorized operations or information disclosure. Exploitable via ``env``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-54281 Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
CVE-2016-20075 Authorization Flaw in wordpress (CVE-2016-20075)
vulnerability in wordpress (CVE-2016-20075). Successful exploitation can lead to full system takeover.
CVE-2026-54362 Authorization Flaw in CVE-2026-54362 (CVE-2026-54362)
vulnerability in CVE-2026-54362 (CVE-2026-54362). Risk of unauthorized operations or information disclosure.
CVE-2026-50008 Authorization Flaw in parse-server (CVE-2026-50008)
vulnerability in parse-server (CVE-2026-50008). Risk of unauthorized operations or information disclosure. Exploitable via ``routeAllowList``. Mitigation: upgrade to `9.9.1-alpha.3` or later.
CVE-2026-45831 Authorization Flaw in trychroma (CVE-2026-45831)
vulnerability in trychroma (CVE-2026-45831). Successful exploitation can lead to full system takeover.
CVE-2026-53721 Vulnerability in nuxt (CVE-2026-53721)
vulnerability in nuxt (CVE-2026-53721). Confidential information can be exposed externally. Exploitable via ``routeRules``. Mitigation: upgrade to `3.21.7` or later.
CVE-2026-45490 Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-10815 Vulnerability in CVE-2026-10815 (CVE-2026-10815)
vulnerability in CVE-2026-10815 (CVE-2026-10815). Risk of unauthorized operations or information disclosure.
CVE-2026-35482 Authorization Flaw in CVE-2026-35482 (CVE-2026-35482)
vulnerability in CVE-2026-35482 (CVE-2026-35482). Successful exploitation can lead to full system takeover. Exploitable via ``returnClass``.
CVE-2026-45426 Authorization Flaw in apache-airflow (CVE-2026-45426)
vulnerability in apache-airflow (CVE-2026-45426). Risk of unauthorized operations or information disclosure. Exploitable via ``sub``. Mitigation: upgrade to `3.2.2` or later.
CVE-2026-46823 Authorization Flaw in c (CVE-2026-46823)
vulnerability in c (CVE-2026-46823). Confidential information can be exposed externally.
CVE-2026-45042 Authorization Flaw in CVE-2026-45042 (CVE-2026-45042)
vulnerability in CVE-2026-45042 (CVE-2026-45042). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.0-beta.2` or later.
CVE-2026-42280 Authorization Flaw in auth0-js (CVE-2026-42280)
vulnerability in auth0-js (CVE-2026-42280). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.0` or later.
CVE-2026-9603 Vulnerability in CVE-2026-9603 (CVE-2026-9603)
vulnerability in CVE-2026-9603 (CVE-2026-9603). Risk of unauthorized operations or information disclosure.
CVE-2026-8350 Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-45672 Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-44633 Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
CVE-2026-42572 Vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572)
vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572). Confidential information can be exposed externally. Exploitable via `GET /api/v1/stable/dags/tasks`. Mitigation: upgrade to `0.83.39` or later.
CVE-2026-43999 Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-44681 Open Redirect in authlib (CVE-2026-44681)
vulnerability in authlib (CVE-2026-44681). Risk of unauthorized operations or information disclosure. Exploitable via `GET /oauth/authorize`. Mitigation: upgrade to `3be08468` or later.
CVE-2026-43948 Authorization Flaw in wger (CVE-2026-43948)
vulnerability in wger (CVE-2026-43948). Successful exploitation can lead to full system takeover. Exploitable via `GET /en/gym/user/`. Mitigation: upgrade to `2.6` or later.
CVE-2026-43913 Authorization Flaw in dani-garcia (CVE-2026-43913)
vulnerability in dani-garcia (CVE-2026-43913). Data can be tampered with by attackers. Exploitable via `POST /api/ciphers/purge`. Mitigation: upgrade to `1.35.5` or later.
CVE-2026-34579 Information Disclosure in mantisbt/mantisbt (CVE-2026-34579)
vulnerability in mantisbt/mantisbt (CVE-2026-34579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.28.2` or later.
CVE-2026-42313 Vulnerability in pyload-ng (CVE-2026-42313)
vulnerability in pyload-ng (CVE-2026-42313). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
CVE-2026-42312 Vulnerability in pyload-ng (CVE-2026-42312)
vulnerability in pyload-ng (CVE-2026-42312). Confidential information can be exposed externally. Exploitable via ``ADMIN_ONLY_CORE_OPTIONS``. Mitigation: upgrade to `0.5.0b3.dev100` or later.
CVE-2026-42349 Vulnerability in @clerk/shared (CVE-2026-42349)
vulnerability in @clerk/shared (CVE-2026-42349). Confidential information can be exposed externally. Exploitable via ``clerkMiddleware``. Mitigation: upgrade to `4.8.3` or later.
CVE-2026-44573 Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
CVE-2025-10908 Authorization Flaw in c (CVE-2025-10908)
vulnerability in c (CVE-2025-10908). Risk of unauthorized operations or information disclosure.
CVE-2026-39852 Authorization Flaw in io.quarkus:quarkus-vertx-http (CVE-2026-39852)
vulnerability in io.quarkus:quarkus-vertx-http (CVE-2026-39852). Confidential information can be exposed externally. Mitigation: upgrade to `3.35.1.1` or later.
CVE-2026-33489 Vulnerability in github.com/coredns/coredns (CVE-2026-33489)
vulnerability in github.com/coredns/coredns (CVE-2026-33489). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
CVE-2026-27140 Authorization Flaw in toolchain (CVE-2026-27140)
vulnerability in toolchain (CVE-2026-27140). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
CVE-2026-35029 Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
CVE-2026-32597 Vulnerability in pyjwt (CVE-2026-32597)
vulnerability in pyjwt (CVE-2026-32597). Data can be tampered with by attackers. Exploitable via ``crit``. Mitigation: upgrade to `2.12.0` or later.
CVE-2026-2293 Authorization Flaw in nestjs (CVE-2026-2293)
vulnerability in nestjs (CVE-2026-2293). Successful exploitation can lead to full system takeover.
CVE-2025-10696 Authorization Flaw in c (CVE-2025-10696)
vulnerability in c (CVE-2025-10696). Risk of unauthorized operations or information disclosure.
CVE-2024-57969 app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
CVE-2024-21262 Authorization Flaw in c (CVE-2024-21262)
vulnerability in c (CVE-2024-21262). Risk of unauthorized operations or information disclosure.
CVE-2024-48772 Authorization Flaw in c (CVE-2024-48772)
vulnerability in c (CVE-2024-48772). Confidential information can be exposed externally.
CVE-2024-46918 Authorization Flaw in misp-project (CVE-2024-46918)
vulnerability in misp-project (CVE-2024-46918). Confidential information can be exposed externally.
CVE-2024-45509 Authorization Flaw in misp-project (CVE-2024-45509)
vulnerability in misp-project (CVE-2024-45509). Confidential information can be exposed externally.
CVE-2022-42724 Information Disclosure in misp-project (CVE-2022-42724)
vulnerability in misp-project (CVE-2022-42724). Risk of unauthorized operations or information disclosure.
CVE-2021-40639 Vulnerability in jflyfox (CVE-2021-40639)
vulnerability in jflyfox (CVE-2021-40639). Confidential information can be exposed externally.
CVE-2017-10379 Authorization Flaw in c (CVE-2017-10379)
vulnerability in c (CVE-2017-10379). Confidential information can be exposed externally.
CVE-2017-6816 Authorization Flaw in wordpress (CVE-2017-6816)
vulnerability in wordpress (CVE-2017-6816). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →