Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-55690 |
|
Cross-Site Scripting (XSS) in starcitizenwiki/embedvideo (CVE-2026-55690)
cross-site scripting in starcitizenwiki/embedvideo (CVE-2026-55690). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.0` or later.
|
| GHSA-wfqx-gjrf-g28r |
|
Vulnerability in github.com/crossplane/crossplane/v2 (GHSA-wfqx-gjrf-g28r)
vulnerability in github.com/crossplane/crossplane/v2 (GHSA-wfqx-gjrf-g28r). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageConfig``.
|
| CVE-2026-55091 |
|
Vulnerability in flat-to-nested (CVE-2026-55091)
vulnerability in flat-to-nested (CVE-2026-55091). Risk of unauthorized operations or information disclosure. Exploitable via ``parent``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-55849 |
|
OS Command Injection in @cyclonedx/cyclonedx-npm (CVE-2026-55849)
OS command injection in @cyclonedx/cyclonedx-npm (CVE-2026-55849). Risk of unauthorized operations or information disclosure. Exploitable via ``npm_execpath``. Mitigation: upgrade to `5.0.0` or later.
|
| GHSA-x845-2f78-7v36 |
|
Vulnerability in github.com/0xERR0R/blocky (GHSA-x845-2f78-7v36)
vulnerability in github.com/0xERR0R/blocky (GHSA-x845-2f78-7v36). Risk of unauthorized operations or information disclosure. Exploitable via ``Insecure``. Mitigation: upgrade to `0.32.0` or later.
|
| CVE-2026-54911 |
|
Vulnerability in ujson (CVE-2026-54911)
vulnerability in ujson (CVE-2026-54911). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.13.0` or later.
|
| CVE-2026-54906 |
|
Vulnerability in concurrent-ruby (CVE-2026-54906)
vulnerability in concurrent-ruby (CVE-2026-54906). Successful exploitation can lead to full system takeover. Exploitable via ``release_write_lock``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54905 |
|
Vulnerability in concurrent-ruby (CVE-2026-54905)
vulnerability in concurrent-ruby (CVE-2026-54905). Confidential information can be exposed externally. Exploitable via ``WRITE_LOCK_HELD``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54904 |
|
Vulnerability in concurrent-ruby (CVE-2026-54904)
vulnerability in concurrent-ruby (CVE-2026-54904). Risk of unauthorized operations or information disclosure. Exploitable via ``compare_and_set``. Mitigation: upgrade to `1.3.7` or later.
|
| CVE-2026-54903 |
|
Vulnerability in oj (CVE-2026-54903)
vulnerability in oj (CVE-2026-54903). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54902 |
|
Use-After-Free in oj (CVE-2026-54902)
vulnerability in oj (CVE-2026-54902). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_end``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54901 |
|
Use-After-Free in oj (CVE-2026-54901)
vulnerability in oj (CVE-2026-54901). Risk of unauthorized operations or information disclosure. Exploitable via ``array_class``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54900 |
|
Vulnerability in oj (CVE-2026-54900)
vulnerability in oj (CVE-2026-54900). Risk of unauthorized operations or information disclosure. Exploitable via ``create_id``. Mitigation: upgrade to `3.17.3` or later.
|
| GHSA-v52w-28xh-v562 |
|
Vulnerability in kozou (GHSA-v52w-28xh-v562)
vulnerability in kozou (GHSA-v52w-28xh-v562). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``. Mitigation: upgrade to `1.8.1` or later.
|
| CVE-2026-54784 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54784)
vulnerability in CoreWCF.Primitives (CVE-2026-54784). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54783 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54783)
vulnerability in CoreWCF.Primitives (CVE-2026-54783). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54782 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54782)
vulnerability in CoreWCF.Primitives (CVE-2026-54782). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54781 |
|
Authentication Bypass in CoreWCF.Primitives (CVE-2026-54781)
authentication bypass in CoreWCF.Primitives (CVE-2026-54781). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54780 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54780)
vulnerability in CoreWCF.Primitives (CVE-2026-54780). Risk of unauthorized operations or information disclosure. Exploitable via ``SignatureMethod``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54779 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54779)
vulnerability in CoreWCF.Primitives (CVE-2026-54779). Data can be tampered with by attackers. Exploitable via ``ITokenReplayCache``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54778 |
|
Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54777 |
|
Vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777)
vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54776 |
|
Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54775 |
|
Vulnerability in CoreWCF.Kafka (CVE-2026-54775)
vulnerability in CoreWCF.Kafka (CVE-2026-54775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54774 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54774)
vulnerability in CoreWCF.Primitives (CVE-2026-54774). Confidential information can be exposed externally. Exploitable via ``BinarySecretSecurityToken``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54773 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54773)
vulnerability in CoreWCF.Primitives (CVE-2026-54773). Data can be tampered with by attackers. Exploitable via ``KeyInfo``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54772 |
|
Vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772)
vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-55865 |
|
Vulnerability in python-liquid (CVE-2026-55865)
vulnerability in python-liquid (CVE-2026-55865). Risk of unauthorized operations or information disclosure. Exploitable via ``liquid.TokenStream.eof``. Mitigation: upgrade to `2.2.1` or later.
|
| CVE-2026-49345 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-49345)
SSRF in ssrf (CVE-2026-49345). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationController``.
|
| CVE-2026-49344 |
|
Vulnerability in CVE-2026-49344 (CVE-2026-49344)
vulnerability in CVE-2026-49344 (CVE-2026-49344). Risk of unauthorized operations or information disclosure. Exploitable via ``from``.
|
| CVE-2026-49342 |
|
Path Traversal in yard (CVE-2026-49342)
path traversal in yard (CVE-2026-49342). Risk of unauthorized operations or information disclosure. Exploitable via ``adapter.document_root``. Mitigation: upgrade to `0.9.44` or later.
|
| CVE-2026-48787 |
|
OS Command Injection in vue (CVE-2026-48787)
OS command injection in vue (CVE-2026-48787). Risk of unauthorized operations or information disclosure. Exploitable via `POST /autoCode/addFunc`.
|
| CVE-2026-48774 |
|
Vulnerability in CVE-2026-48774 (CVE-2026-48774)
vulnerability in CVE-2026-48774 (CVE-2026-48774). Data can be tampered with by attackers. Exploitable via ``run_sql_readonly``.
|
| CVE-2026-48773 |
|
Out-of-Bounds Write in CVE-2026-48773 (CVE-2026-48773)
out-of-bounds write in CVE-2026-48773 (CVE-2026-48773). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48772 |
|
Vulnerability in CVE-2026-48772 (CVE-2026-48772)
vulnerability in CVE-2026-48772 (CVE-2026-48772). Confidential information can be exposed externally. Exploitable via ``UNKNOWN``.
|
| CVE-2026-48715 |
|
Vulnerability in radvdlitech (CVE-2026-48715)
vulnerability in radvdlitech (CVE-2026-48715). Successful exploitation can lead to full system takeover. Exploitable via ``radvdump``.
|
| CVE-2026-54898 |
|
Use-After-Free in oj (CVE-2026-54898)
vulnerability in oj (CVE-2026-54898). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_start``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54897 |
|
Use-After-Free in oj (CVE-2026-54897)
vulnerability in oj (CVE-2026-54897). Risk of unauthorized operations or information disclosure. Exploitable via ``each_value``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54896 |
|
Vulnerability in oj (CVE-2026-54896)
vulnerability in oj (CVE-2026-54896). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-55778 |
|
Unrestricted File Upload in parse-server (CVE-2026-55778)
vulnerability in parse-server (CVE-2026-55778). Risk of unauthorized operations or information disclosure. Exploitable via ``fileUpload.fileExtensions``. Mitigation: upgrade to `8.6.81` or later.
|
| CVE-2026-54592 |
|
Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54528 |
|
Vulnerability in jupyterlab-git (CVE-2026-54528)
vulnerability in jupyterlab-git (CVE-2026-54528). Confidential information can be exposed externally. Exploitable via `POST /git/project/secrets/status`. Mitigation: upgrade to `0.54.0` or later.
|
| CVE-2026-54527 |
|
Cross-Site Scripting (XSS) in jupyterlab-git (CVE-2026-54527)
cross-site scripting in jupyterlab-git (CVE-2026-54527). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/terminals`. Mitigation: upgrade to `0.54.0` or later.
|
| CVE-2026-54500 |
|
Out-of-Bounds Read in oj (CVE-2026-54500)
vulnerability in oj (CVE-2026-54500). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54499 |
|
Unsafe Deserialization in stanza (CVE-2026-54499)
vulnerability in stanza (CVE-2026-54499). Successful exploitation can lead to full system takeover. Exploitable via ``pickle.UnpicklingError``. Mitigation: upgrade to `1.12.2` or later.
|
| CVE-2026-54317 |
|
Information Disclosure in homeassistant (CVE-2026-54317)
vulnerability in homeassistant (CVE-2026-54317). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `2026.6.0` or later.
|
| CVE-2026-54297 |
|
Vulnerability in faraday (CVE-2026-54297)
vulnerability in faraday (CVE-2026-54297). Risk of unauthorized operations or information disclosure. Exploitable via ``Hash``. Mitigation: upgrade to `1.10.6` or later.
|
| CVE-2026-53492 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-53489 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53489)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53489). Confidential information can be exposed externally. Exploitable via ``container.log``. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-53488 |
|
Vulnerability in github.com/containerd/containerd (CVE-2026-53488)
vulnerability in github.com/containerd/containerd (CVE-2026-53488). Successful exploitation can lead to full system takeover. Exploitable via ``LABEL``. Mitigation: upgrade to `1.7.33` or later.
|