Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-9265 Out-of-Bounds Read in CVE-2026-9265 (CVE-2026-9265)
vulnerability in CVE-2026-9265 (CVE-2026-9265). Confidential information can be exposed externally.
CVE-2026-9843 Path Traversal in wordpress (CVE-2026-9843)
path traversal in wordpress (CVE-2026-9843). Data can be tampered with by attackers.
CVE-2026-56216 Privilege Escalation in CVE-2026-56216 (CVE-2026-56216)
vulnerability in CVE-2026-56216 (CVE-2026-56216). Successful exploitation can lead to full system takeover. Exploitable via `POST /functions/v1/apikey`.
CVE-2026-56215 Vulnerability in CVE-2026-56215 (CVE-2026-56215)
vulnerability in CVE-2026-56215 (CVE-2026-56215). Confidential information can be exposed externally.
CVE-2026-56214 Information Disclosure in CVE-2026-56214 (CVE-2026-56214)
vulnerability in CVE-2026-56214 (CVE-2026-56214). Confidential information can be exposed externally.
CVE-2026-56213 Vulnerability in CVE-2026-56213 (CVE-2026-56213)
vulnerability in CVE-2026-56213 (CVE-2026-56213). Risk of unauthorized operations or information disclosure.
CVE-2026-56212 Privilege Escalation in CVE-2026-56212 (CVE-2026-56212)
vulnerability in CVE-2026-56212 (CVE-2026-56212). Risk of unauthorized operations or information disclosure.
CVE-2026-11551 Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
CVE-2026-56082 Vulnerability in dos (CVE-2026-56082)
vulnerability in dos (CVE-2026-56082). Data can be tampered with by attackers.
CVE-2026-56081 Vulnerability in CVE-2026-56081 (CVE-2026-56081)
vulnerability in CVE-2026-56081 (CVE-2026-56081). Confidential information can be exposed externally.
CVE-2026-56080 Authentication Bypass in dos (CVE-2026-56080)
authentication bypass in dos (CVE-2026-56080). Risk of unauthorized operations or information disclosure.
CVE-2026-56079 Information Disclosure in CVE-2026-56079 (CVE-2026-56079)
vulnerability in CVE-2026-56079 (CVE-2026-56079). Confidential information can be exposed externally.
CVE-2026-56073 Vulnerability in CVE-2026-56073 (CVE-2026-56073)
vulnerability in CVE-2026-56073 (CVE-2026-56073). Confidential information can be exposed externally.
GHSA-869j-r97x-hx2g Path Traversal in aqt (GHSA-869j-r97x-hx2g)
path traversal in aqt (GHSA-869j-r97x-hx2g). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `25.9.3` or later.
GHSA-jv2j-mqmw-xvv5 Vulnerability in surrealdb (GHSA-jv2j-mqmw-xvv5)
vulnerability in surrealdb (GHSA-jv2j-mqmw-xvv5). Risk of unauthorized operations or information disclosure. Exploitable via ``expr_recursion_limit``. Mitigation: upgrade to `3.1.5` or later.
GHSA-hv6h-hc26-q48p Authorization Flaw in surrealdb (GHSA-hv6h-hc26-q48p)
vulnerability in surrealdb (GHSA-hv6h-hc26-q48p). Risk of unauthorized operations or information disclosure. Exploitable via ``SELECT``. Mitigation: upgrade to `3.1.5` or later.
GHSA-h4h3-3rfj-x6fq Information Disclosure in surrealdb (GHSA-h4h3-3rfj-x6fq)
vulnerability in surrealdb (GHSA-h4h3-3rfj-x6fq). Risk of unauthorized operations or information disclosure. Exploitable via ``null``. Mitigation: upgrade to `3.1.5` or later.
GHSA-cc8f-fcx3-gpjr Path Traversal in surrealdb (GHSA-cc8f-fcx3-gpjr)
path traversal in surrealdb (GHSA-cc8f-fcx3-gpjr). Risk of unauthorized operations or information disclosure. Exploitable via ``mapper``. Mitigation: upgrade to `3.1.5` or later.
GHSA-h5rg-8p7f-47g2 SSRF (Server-Side Request Forgery) in surrealdb (GHSA-h5rg-8p7f-47g2)
SSRF in surrealdb (GHSA-h5rg-8p7f-47g2). Risk of unauthorized operations or information disclosure. Exploitable via ``reqwest``. Mitigation: upgrade to `3.1.5` or later.
GHSA-4xgf-cpjx-pc3j Path Traversal in pydantic-settings (GHSA-4xgf-cpjx-pc3j)
path traversal in pydantic-settings (GHSA-4xgf-cpjx-pc3j). Risk of unauthorized operations or information disclosure. Exploitable via ``NestedSecretsSettingsSource``. Mitigation: upgrade to `2.14.2` or later.
GHSA-g2gw-q38m-vjfc SSRF (Server-Side Request Forgery) in @merill/lokka (GHSA-g2gw-q38m-vjfc)
SSRF in @merill/lokka (GHSA-g2gw-q38m-vjfc). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.2` or later.
GHSA-h5x8-xp6m-x6q4 Vulnerability in @jhb.software/payload-cloudinary-plugin (GHSA-h5x8-xp6m-x6q4)
vulnerability in @jhb.software/payload-cloudinary-plugin (GHSA-h5x8-xp6m-x6q4). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/cloudinary-generate-signature`. Mitigation: upgrade to `0.4.0` or later.
GHSA-f4xh-w4cj-qxq8 Path Traversal in langsmith (GHSA-f4xh-w4cj-qxq8)
path traversal in langsmith (GHSA-f4xh-w4cj-qxq8). Risk of unauthorized operations or information disclosure. Exploitable via ``TracingMiddleware``. Mitigation: upgrade to `0.8.18` or later.
GHSA-c3xh-98xp-6qhf OS Command Injection in gouef/githubtoplanguages (GHSA-c3xh-98xp-6qhf)
OS command injection in gouef/githubtoplanguages (GHSA-c3xh-98xp-6qhf). Risk of unauthorized operations or information disclosure. Exploitable via ``github.event.issue.title``. Mitigation: upgrade to `1.1.4` or later.
GHSA-4cc2-g9w2-fhf6 SSRF (Server-Side Request Forgery) in zeep (GHSA-4cc2-g9w2-fhf6)
SSRF in zeep (GHSA-4cc2-g9w2-fhf6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.3` or later.
GHSA-cw6h-ffmh-x6vh Path Traversal in aqt (GHSA-cw6h-ffmh-x6vh)
path traversal in aqt (GHSA-cw6h-ffmh-x6vh). Risk of unauthorized operations or information disclosure. Exploitable via ``getImageForOcclusion``. Mitigation: upgrade to `25.9.4` or later.
GHSA-wvrh-2f4m-924v Vulnerability in ChatterBot (GHSA-wvrh-2f4m-924v)
vulnerability in ChatterBot (GHSA-wvrh-2f4m-924v). Risk of unauthorized operations or information disclosure. Exploitable via ``makedirs``. Mitigation: upgrade to `1.2.14` or later.
CVE-2026-57168 Vulnerability in io.openremote:openremote-manager (CVE-2026-57168)
vulnerability in io.openremote:openremote-manager (CVE-2026-57168). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /api/smartcity/alarm`. Mitigation: upgrade to `1.25.0` or later.
GHSA-x975-rgx4-5fh4 Cross-Site Scripting (XSS) in appium-mcp (GHSA-x975-rgx4-5fh4)
cross-site scripting in appium-mcp (GHSA-x975-rgx4-5fh4). Risk of unauthorized operations or information disclosure. Exploitable via ``createLocatorGeneratorUI``. Mitigation: upgrade to `1.85.10` or later.
GHSA-c795-2g9c-j48m Path Traversal in everos (GHSA-c795-2g9c-j48m)
path traversal in everos (GHSA-c795-2g9c-j48m). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/memory/add`. Mitigation: upgrade to `1.0.1` or later.
GHSA-v3f4-w7r7-v3hm Vulnerability in @zenalexa/unicli (GHSA-v3f4-w7r7-v3hm)
vulnerability in @zenalexa/unicli (GHSA-v3f4-w7r7-v3hm). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.225.2` or later.
GHSA-6gqw-jqv7-v88m Authorization Flaw in stigmem-node (GHSA-6gqw-jqv7-v88m)
vulnerability in stigmem-node (GHSA-6gqw-jqv7-v88m). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/decay/sweep`. Mitigation: upgrade to `0.9.0a12` or later.
GHSA-xhv3-q4xx-349r Vulnerability in stigmem-node (GHSA-xhv3-q4xx-349r)
vulnerability in stigmem-node (GHSA-xhv3-q4xx-349r). Risk of unauthorized operations or information disclosure. Exploitable via ``_get_quarantined_fact``. Mitigation: upgrade to `0.9.0a12` or later.
GHSA-x26h-xmv8-gxf7 Vulnerability in stigmem-node (GHSA-x26h-xmv8-gxf7)
vulnerability in stigmem-node (GHSA-x26h-xmv8-gxf7). Risk of unauthorized operations or information disclosure. Exploitable via ``issue_tombstone``. Mitigation: upgrade to `0.9.0a12` or later.
GHSA-6v7p-g79w-8964 Use-After-Free in msgpack (GHSA-6v7p-g79w-8964)
vulnerability in msgpack (GHSA-6v7p-g79w-8964). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.1` or later.
GHSA-6vxv-wg6j-5qwp Vulnerability in gogs.io/gogs (GHSA-6vxv-wg6j-5qwp)
vulnerability in gogs.io/gogs (GHSA-6vxv-wg6j-5qwp). Risk of unauthorized operations or information disclosure. Exploitable via ``xss.ipynb``. Mitigation: upgrade to `0.14.3` or later.
GHSA-97pr-9hgg-3p8r Information Disclosure in parse-server (GHSA-97pr-9hgg-3p8r)
vulnerability in parse-server (GHSA-97pr-9hgg-3p8r). Risk of unauthorized operations or information disclosure. Exploitable via ``save``. Mitigation: upgrade to `8.6.83` or later.
GHSA-mrvx-jmjw-vggc SSRF (Server-Side Request Forgery) in mcp-searxng (GHSA-mrvx-jmjw-vggc)
SSRF in mcp-searxng (GHSA-mrvx-jmjw-vggc). Risk of unauthorized operations or information disclosure. Exploitable via ``web_url_read``. Mitigation: upgrade to `1.7.1` or later.
GHSA-xcqx-9jf5-w339 Vulnerability in mcp-searxng (GHSA-xcqx-9jf5-w339)
vulnerability in mcp-searxng (GHSA-xcqx-9jf5-w339). Risk of unauthorized operations or information disclosure. Exploitable via ``web_url_read``. Mitigation: upgrade to `1.7.1` or later.
GHSA-48x2-6pr9-2jjf Path Traversal in network-ai (GHSA-48x2-6pr9-2jjf)
path traversal in network-ai (GHSA-48x2-6pr9-2jjf). Risk of unauthorized operations or information disclosure. Exploitable via ``backupPath``. Mitigation: upgrade to `5.12.2` or later.
GHSA-6x2m-p4xp-wg22 Path Traversal in network-ai (GHSA-6x2m-p4xp-wg22)
path traversal in network-ai (GHSA-6x2m-p4xp-wg22). Risk of unauthorized operations or information disclosure. Exploitable via ``copied``. Mitigation: upgrade to `5.12.2` or later.
GHSA-mxjx-28vx-xjjj Cross-Site Request Forgery (CSRF) in network-ai (GHSA-mxjx-28vx-xjjj)
vulnerability in network-ai (GHSA-mxjx-28vx-xjjj). Risk of unauthorized operations or information disclosure. Exploitable via `POST /approvals/`. Mitigation: upgrade to `5.4.5` or later.
GHSA-jvcm-f35g-w78p Path Traversal in network-ai (GHSA-jvcm-f35g-w78p)
path traversal in network-ai (GHSA-jvcm-f35g-w78p). Risk of unauthorized operations or information disclosure. Exploitable via ``AgentRuntime``. Mitigation: upgrade to `5.12.2` or later.
GHSA-2fmp-9rvw-hc96 Path Traversal in network-ai (GHSA-2fmp-9rvw-hc96)
path traversal in network-ai (GHSA-2fmp-9rvw-hc96). Risk of unauthorized operations or information disclosure. Exploitable via ``path``. Mitigation: upgrade to `5.12.2` or later.
GHSA-9c83-rr99-vfwj Path Traversal in @bitbonsai/mcpvault (GHSA-9c83-rr99-vfwj)
path traversal in @bitbonsai/mcpvault (GHSA-9c83-rr99-vfwj). Risk of unauthorized operations or information disclosure. Exploitable via ``node_modules``. Mitigation: upgrade to `0.11.5` or later.
GHSA-h5jc-78hr-3pc9 Cross-Site Scripting (XSS) in @sveltia/cms (GHSA-h5jc-78hr-3pc9)
cross-site scripting in @sveltia/cms (GHSA-h5jc-78hr-3pc9). Risk of unauthorized operations or information disclosure. Exploitable via ``iframe``. Mitigation: upgrade to `0.167.3` or later.
CVE-2026-55878 Path Traversal in symfony/ux-toolkit (CVE-2026-55878)
path traversal in symfony/ux-toolkit (CVE-2026-55878). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-55877 Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
cross-site scripting in symfony/ux-icons (CVE-2026-55877). Risk of unauthorized operations or information disclosure. Exploitable via ``body``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-55866 Authorization Flaw in github.com/authzed/spicedb (CVE-2026-55866)
vulnerability in github.com/authzed/spicedb (CVE-2026-55866). Risk of unauthorized operations or information disclosure. Exploitable via ``CheckPermission``. Mitigation: upgrade to `1.54.0` or later.
CVE-2026-55776 Vulnerability in github.com/openbao/openbao (CVE-2026-55776)
vulnerability in github.com/openbao/openbao (CVE-2026-55776). Risk of unauthorized operations or information disclosure. Exploitable via ``type``. Mitigation: upgrade to `0.0.0-20260617104123-db57c62602b2` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →