Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2026-0138 Vulnerability in c (CVE-2026-0138)
vulnerability in c (CVE-2026-0138). Successful exploitation can lead to full system takeover.
CVE-2026-0133 Vulnerability in c (CVE-2026-0133)
vulnerability in c (CVE-2026-0133). Successful exploitation can lead to full system takeover.
CVE-2026-0137 Use-After-Free in c (CVE-2026-0137)
vulnerability in c (CVE-2026-0137). Successful exploitation can lead to full system takeover.
CVE-2026-0135 Out-of-Bounds Read in google (CVE-2026-0135)
vulnerability in google (CVE-2026-0135). Successful exploitation can lead to full system takeover.
CVE-2026-0132 Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
CVE-2026-0139 Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
CVE-2026-52845 Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-52844 Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-53866 OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53865 Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53863 Vulnerability in openclaw (CVE-2026-53863)
vulnerability in openclaw (CVE-2026-53863). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53858 Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53857 OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
CVE-2026-53853 OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-53855 OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
CVE-2026-53849 OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
CVE-2026-53846 Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53843 OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
CVE-2026-53842 Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53840 Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-50656 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
CVE-2026-47964 DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
CVE-2026-49401 Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
CVE-2026-49402 OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
CVE-2026-54311 Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54308 Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54313 SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-49465 Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-49444 Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-33760 Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-12328 Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
CVE-2026-12327 Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
CVE-2026-12326 Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.
CVE-2026-12324 Vulnerability in mozilla (CVE-2026-12324)
vulnerability in mozilla (CVE-2026-12324). Risk of unauthorized operations or information disclosure.
CVE-2026-12318 Buffer Overflow in mozilla (CVE-2026-12318)
vulnerability in mozilla (CVE-2026-12318). Risk of unauthorized operations or information disclosure.
CVE-2026-12317 Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
CVE-2026-12314 Buffer Overflow in mozilla (CVE-2026-12314)
vulnerability in mozilla (CVE-2026-12314). Confidential information can be exposed externally.
CVE-2026-12312 Buffer Overflow in mozilla (CVE-2026-12312)
vulnerability in mozilla (CVE-2026-12312). Confidential information can be exposed externally.
CVE-2026-12310 Buffer Overflow in mozilla (CVE-2026-12310)
vulnerability in mozilla (CVE-2026-12310). Confidential information can be exposed externally.
CVE-2026-12305 Buffer Overflow in mozilla (CVE-2026-12305)
vulnerability in mozilla (CVE-2026-12305). Risk of unauthorized operations or information disclosure.
CVE-2026-12289 Privilege Escalation in privilege-escalation (CVE-2026-12289)
vulnerability in privilege-escalation (CVE-2026-12289). Successful exploitation can lead to full system takeover.
CVE-2026-12290 Buffer Overflow in mozilla (CVE-2026-12290)
vulnerability in mozilla (CVE-2026-12290). Confidential information can be exposed externally.
CVE-2026-12291 Use-After-Free in mozilla (CVE-2026-12291)
vulnerability in mozilla (CVE-2026-12291). Successful exploitation can lead to full system takeover.
CVE-2026-12292 Buffer Overflow in mozilla (CVE-2026-12292)
vulnerability in mozilla (CVE-2026-12292). Confidential information can be exposed externally.
CVE-2026-8442 Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
CVE-2026-8176 Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
CVE-2026-46331 Vulnerability in linux (CVE-2026-46331)
vulnerability in linux (CVE-2026-46331). Successful exploitation can lead to full system takeover.
CVE-2026-8444 SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
CVE-2026-8443 SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →