Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-12822 |
|
Vulnerability in langflow (CVE-2026-12822)
vulnerability in langflow (CVE-2026-12822). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56378 |
|
Out-of-Bounds Read in dos (CVE-2026-56378)
vulnerability in dos (CVE-2026-56378). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56367 |
|
Out-of-Bounds Read in c (CVE-2026-56367)
vulnerability in c (CVE-2026-56367). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56382 |
|
Code Injection in CVE-2026-56382 (CVE-2026-56382)
code injection in CVE-2026-56382 (CVE-2026-56382). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12798 |
|
SSRF (Server-Side Request Forgery) in litellm (CVE-2026-12798)
SSRF in litellm (CVE-2026-12798). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12799 |
|
Vulnerability in litellm (CVE-2026-12799)
vulnerability in litellm (CVE-2026-12799). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12797 |
|
Vulnerability in litellm (CVE-2026-12797)
vulnerability in litellm (CVE-2026-12797). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12796 |
|
Vulnerability in litellm (CVE-2026-12796)
vulnerability in litellm (CVE-2026-12796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12795 |
|
Authentication Bypass in litellm (CVE-2026-12795)
authentication bypass in litellm (CVE-2026-12795). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12789 |
|
Vulnerability in sqli (CVE-2026-12789)
vulnerability in sqli (CVE-2026-12789). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12776 |
|
Vulnerability in sqli (CVE-2026-12776)
vulnerability in sqli (CVE-2026-12776). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12775 |
|
Vulnerability in sqli (CVE-2026-12775)
vulnerability in sqli (CVE-2026-12775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12774 |
|
SSRF (Server-Side Request Forgery) in litellm (CVE-2026-12774)
SSRF in litellm (CVE-2026-12774). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12773 |
|
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function...
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function...
|
| CVE-2026-12772 |
|
Vulnerability in litellm (CVE-2026-12772)
vulnerability in litellm (CVE-2026-12772). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12771 |
|
Vulnerability in litellm (CVE-2026-12771)
vulnerability in litellm (CVE-2026-12771). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12770 |
|
Vulnerability in litellm (CVE-2026-12770)
vulnerability in litellm (CVE-2026-12770). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56346 |
|
Vulnerability in CVE-2026-56346 (CVE-2026-56346)
vulnerability in CVE-2026-56346 (CVE-2026-56346). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56341 |
|
Vulnerability in csharp (CVE-2026-56341)
vulnerability in csharp (CVE-2026-56341). Confidential information can be exposed externally.
|
| CVE-2026-56342 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-56342 (CVE-2026-56342)
SSRF in CVE-2026-56342 (CVE-2026-56342). Confidential information can be exposed externally.
|
| CVE-2026-56345 |
|
Authentication Bypass in CVE-2026-56345 (CVE-2026-56345)
authentication bypass in CVE-2026-56345 (CVE-2026-56345). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50972 |
|
Code Injection in CVE-2022-50972 (CVE-2022-50972)
code injection in CVE-2022-50972 (CVE-2022-50972). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25763 |
|
Vulnerability in wordpress (CVE-2019-25763)
vulnerability in wordpress (CVE-2019-25763). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48939 |
|
Unrestricted File Upload in joomlic (CVE-2026-48939)
vulnerability in joomlic (CVE-2026-48939). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48908 KEV |
|
[KEV] Unrestricted File Upload in Joomshaper ollyo (CVE-2026-48908)
vulnerability in Joomshaper ollyo (CVE-2026-48908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-12119 |
|
Vulnerability in wordpress (CVE-2026-12119)
vulnerability in wordpress (CVE-2026-12119). Data can be tampered with by attackers.
|
| CVE-2026-11911 |
|
Path Traversal in wordpress (CVE-2026-11911)
path traversal in wordpress (CVE-2026-11911). Confidential information can be exposed externally.
|
| CVE-2026-9843 |
|
Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
|
| CVE-2026-27878 |
|
Vulnerability in dos (CVE-2026-27878)
vulnerability in dos (CVE-2026-27878). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-54357 |
|
Vulnerability in CVE-2023-54357 (CVE-2023-54357)
vulnerability in CVE-2023-54357 (CVE-2023-54357). Confidential information can be exposed externally.
|
| CVE-2026-55447 |
|
Vulnerability in langflow (CVE-2026-55447)
vulnerability in langflow (CVE-2026-55447). Successful exploitation can lead to full system takeover. Exploitable via ``BaseFileComponent``. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-55446 |
|
Vulnerability in langflow (CVE-2026-55446)
vulnerability in langflow (CVE-2026-55446). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/upload/test`. Mitigation: upgrade to `1.0.19` or later.
|
| CVE-2026-55423 |
|
Vulnerability in langflow (CVE-2026-55423)
vulnerability in langflow (CVE-2026-55423). Confidential information can be exposed externally. Exploitable via ``access_token_lf``. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2026-55255 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-55255)
vulnerability in langflow (CVE-2026-55255). Confidential information can be exposed externally. Exploitable via ``get_flow_by_id_or_endpoint_name``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2019-25758 |
|
Unrestricted File Upload in CVE-2019-25758 (CVE-2019-25758)
vulnerability in CVE-2019-25758 (CVE-2019-25758). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25761 |
|
SQL Injection in sqli (CVE-2019-25761)
SQL injection in sqli (CVE-2019-25761). Confidential information can be exposed externally.
|
| CVE-2019-25760 |
|
Vulnerability in CVE-2019-25760 (CVE-2019-25760)
vulnerability in CVE-2019-25760 (CVE-2019-25760). Confidential information can be exposed externally.
|
| CVE-2019-25762 |
|
Vulnerability in CVE-2019-25762 (CVE-2019-25762)
vulnerability in CVE-2019-25762 (CVE-2019-25762). Confidential information can be exposed externally.
|
| CVE-2019-25752 |
|
SQL Injection in sqli (CVE-2019-25752)
SQL injection in sqli (CVE-2019-25752). Confidential information can be exposed externally.
|
| CVE-2019-25753 |
|
SQL Injection in sqli (CVE-2019-25753)
SQL injection in sqli (CVE-2019-25753). Confidential information can be exposed externally.
|
| CVE-2017-20274 |
|
SQL Injection in sqli (CVE-2017-20274)
SQL injection in sqli (CVE-2017-20274). Confidential information can be exposed externally.
|
| CVE-2017-20280 |
|
SQL Injection in sqli (CVE-2017-20280)
SQL injection in sqli (CVE-2017-20280). Confidential information can be exposed externally.
|
| CVE-2017-20272 |
|
SQL Injection in sqli (CVE-2017-20272)
SQL injection in sqli (CVE-2017-20272). Confidential information can be exposed externally.
|
| CVE-2017-20273 |
|
SQL Injection in sqli (CVE-2017-20273)
SQL injection in sqli (CVE-2017-20273). Confidential information can be exposed externally.
|
| CVE-2017-20276 |
|
SQL Injection in sqli (CVE-2017-20276)
SQL injection in sqli (CVE-2017-20276). Confidential information can be exposed externally.
|
| CVE-2017-20279 |
|
SQL Injection in sqli (CVE-2017-20279)
SQL injection in sqli (CVE-2017-20279). Confidential information can be exposed externally.
|
| CVE-2017-20275 |
|
SQL Injection in sqli (CVE-2017-20275)
SQL injection in sqli (CVE-2017-20275). Confidential information can be exposed externally.
|
| CVE-2017-20270 |
|
SQL Injection in sqli (CVE-2017-20270)
SQL injection in sqli (CVE-2017-20270). Confidential information can be exposed externally.
|
| CVE-2017-20281 |
|
SQL Injection in sqli (CVE-2017-20281)
SQL injection in sqli (CVE-2017-20281). Confidential information can be exposed externally.
|
| CVE-2017-20282 |
|
SQL Injection in sqli (CVE-2017-20282)
SQL injection in sqli (CVE-2017-20282). Confidential information can be exposed externally.
|