Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-0138 |
|
Vulnerability in c (CVE-2026-0138)
vulnerability in c (CVE-2026-0138). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0133 |
|
Vulnerability in c (CVE-2026-0133)
vulnerability in c (CVE-2026-0133). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0137 |
|
Use-After-Free in c (CVE-2026-0137)
vulnerability in c (CVE-2026-0137). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0135 |
|
Out-of-Bounds Read in google (CVE-2026-0135)
vulnerability in google (CVE-2026-0135). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0132 |
|
Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0139 |
|
Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52845 |
|
Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-52844 |
|
Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
|
| CVE-2026-53866 |
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
| CVE-2026-53865 |
|
Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53864 |
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
| CVE-2026-53863 |
|
Vulnerability in openclaw (CVE-2026-53863)
vulnerability in openclaw (CVE-2026-53863). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53858 |
|
Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53857 |
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
| CVE-2026-53853 |
|
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-53849 |
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
| CVE-2026-53846 |
|
Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53843 |
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
| CVE-2026-53842 |
|
Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53840 |
|
Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-50656 |
|
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
|
| CVE-2026-47964 |
|
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
|
| CVE-2026-49401 |
|
Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
|
| CVE-2026-49402 |
|
OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
|
| CVE-2026-54311 |
|
Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54308 |
|
Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54313 |
|
SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-49465 |
|
Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-49444 |
|
Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-33760 |
|
Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-12328 |
|
Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12327 |
|
Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12326 |
|
Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12324 |
|
Vulnerability in mozilla (CVE-2026-12324)
vulnerability in mozilla (CVE-2026-12324). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12318 |
|
Buffer Overflow in mozilla (CVE-2026-12318)
vulnerability in mozilla (CVE-2026-12318). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12317 |
|
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152.
|
| CVE-2026-12314 |
|
Buffer Overflow in mozilla (CVE-2026-12314)
vulnerability in mozilla (CVE-2026-12314). Confidential information can be exposed externally.
|
| CVE-2026-12312 |
|
Buffer Overflow in mozilla (CVE-2026-12312)
vulnerability in mozilla (CVE-2026-12312). Confidential information can be exposed externally.
|
| CVE-2026-12310 |
|
Buffer Overflow in mozilla (CVE-2026-12310)
vulnerability in mozilla (CVE-2026-12310). Confidential information can be exposed externally.
|
| CVE-2026-12305 |
|
Buffer Overflow in mozilla (CVE-2026-12305)
vulnerability in mozilla (CVE-2026-12305). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12289 |
|
Privilege Escalation in privilege-escalation (CVE-2026-12289)
vulnerability in privilege-escalation (CVE-2026-12289). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12290 |
|
Buffer Overflow in mozilla (CVE-2026-12290)
vulnerability in mozilla (CVE-2026-12290). Confidential information can be exposed externally.
|
| CVE-2026-12291 |
|
Use-After-Free in mozilla (CVE-2026-12291)
vulnerability in mozilla (CVE-2026-12291). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12292 |
|
Buffer Overflow in mozilla (CVE-2026-12292)
vulnerability in mozilla (CVE-2026-12292). Confidential information can be exposed externally.
|
| CVE-2026-8442 |
|
Path Traversal in wordpress (CVE-2026-8442)
path traversal in wordpress (CVE-2026-8442). Data can be tampered with by attackers.
|
| CVE-2026-8176 |
|
Privilege Escalation in wordpress (CVE-2026-8176)
vulnerability in wordpress (CVE-2026-8176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46331 |
|
Vulnerability in linux (CVE-2026-46331)
vulnerability in linux (CVE-2026-46331). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8444 |
|
SQL Injection in wordpress (CVE-2026-8444)
SQL injection in wordpress (CVE-2026-8444). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8443 |
|
SQL Injection in wordpress (CVE-2026-8443)
SQL injection in wordpress (CVE-2026-8443). Successful exploitation can lead to full system takeover.
|