Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
GHSA-2fmp-9rvw-hc96 Path Traversal in network-ai (GHSA-2fmp-9rvw-hc96)
path traversal in network-ai (GHSA-2fmp-9rvw-hc96). Risk of unauthorized operations or information disclosure. Exploitable via ``path``. Mitigation: upgrade to `5.12.2` or later.
GHSA-9c83-rr99-vfwj Path Traversal in @bitbonsai/mcpvault (GHSA-9c83-rr99-vfwj)
path traversal in @bitbonsai/mcpvault (GHSA-9c83-rr99-vfwj). Risk of unauthorized operations or information disclosure. Exploitable via ``node_modules``. Mitigation: upgrade to `0.11.5` or later.
GHSA-h5jc-78hr-3pc9 Cross-Site Scripting (XSS) in @sveltia/cms (GHSA-h5jc-78hr-3pc9)
cross-site scripting in @sveltia/cms (GHSA-h5jc-78hr-3pc9). Risk of unauthorized operations or information disclosure. Exploitable via ``iframe``. Mitigation: upgrade to `0.167.3` or later.
CVE-2026-55878 Path Traversal in symfony/ux-toolkit (CVE-2026-55878)
path traversal in symfony/ux-toolkit (CVE-2026-55878). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-55877 Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
cross-site scripting in symfony/ux-icons (CVE-2026-55877). Risk of unauthorized operations or information disclosure. Exploitable via ``body``. Mitigation: upgrade to `3.2.0` or later.
CVE-2026-55866 Authorization Flaw in github.com/authzed/spicedb (CVE-2026-55866)
vulnerability in github.com/authzed/spicedb (CVE-2026-55866). Risk of unauthorized operations or information disclosure. Exploitable via ``CheckPermission``. Mitigation: upgrade to `1.54.0` or later.
CVE-2026-55776 Vulnerability in github.com/openbao/openbao (CVE-2026-55776)
vulnerability in github.com/openbao/openbao (CVE-2026-55776). Risk of unauthorized operations or information disclosure. Exploitable via ``type``. Mitigation: upgrade to `0.0.0-20260617104123-db57c62602b2` or later.
CVE-2026-55775 Vulnerability in github.com/openbao/openbao (CVE-2026-55775)
vulnerability in github.com/openbao/openbao (CVE-2026-55775). Risk of unauthorized operations or information disclosure.
CVE-2026-55774 Authorization Flaw in github.com/openbao/openbao (CVE-2026-55774)
vulnerability in github.com/openbao/openbao (CVE-2026-55774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.0-20260617103932-b20b999dd404` or later.
CVE-2026-55770 Vulnerability in github.com/openbao/openbao (CVE-2026-55770)
vulnerability in github.com/openbao/openbao (CVE-2026-55770). Risk of unauthorized operations or information disclosure. Exploitable via ``bindDN``. Mitigation: upgrade to `0.0.0-20260617104213-10b7825c714c` or later.
CVE-2026-55692 Cross-Site Scripting (XSS) in starcitizenwiki/embedvideo (CVE-2026-55692)
cross-site scripting in starcitizenwiki/embedvideo (CVE-2026-55692). Risk of unauthorized operations or information disclosure. Exploitable via ``archiveorg``. Mitigation: upgrade to `4.1.0` or later.
CVE-2026-48584 Vulnerability in microsoft (CVE-2026-48584)
vulnerability in microsoft (CVE-2026-48584). Successful exploitation can lead to full system takeover.
CVE-2026-48582 Vulnerability in microsoft (CVE-2026-48582)
vulnerability in microsoft (CVE-2026-48582). Confidential information can be exposed externally.
CVE-2026-50519 Vulnerability in microsoft (CVE-2026-50519)
vulnerability in microsoft (CVE-2026-50519). Confidential information can be exposed externally.
CVE-2026-45480 Authentication Bypass in microsoft (CVE-2026-45480)
authentication bypass in microsoft (CVE-2026-45480). Successful exploitation can lead to full system takeover.
CVE-2026-47645 Open Redirect in microsoft (CVE-2026-47645)
vulnerability in microsoft (CVE-2026-47645). Successful exploitation can lead to full system takeover.
CVE-2026-32208 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
CVE-2026-9375 Vulnerability in dos (CVE-2026-9375)
vulnerability in dos (CVE-2026-9375). Risk of unauthorized operations or information disclosure. Exploitable via ``response.py``.
CVE-2026-42895 Command Injection in microsoft (CVE-2026-42895)
command injection in microsoft (CVE-2026-42895). Data can be tampered with by attackers.
CVE-2026-27878 Vulnerability in dos (CVE-2026-27878)
vulnerability in dos (CVE-2026-27878). Risk of unauthorized operations or information disclosure.
CVE-2023-54357 Vulnerability in CVE-2023-54357 (CVE-2023-54357)
vulnerability in CVE-2023-54357 (CVE-2023-54357). Confidential information can be exposed externally.
CVE-2026-12726 SSRF (Server-Side Request Forgery) in CVE-2026-12726 (CVE-2026-12726)
SSRF in CVE-2026-12726 (CVE-2026-12726). Confidential information can be exposed externally.
CVE-2026-12238 Vulnerability in wordpress (CVE-2026-12238)
vulnerability in wordpress (CVE-2026-12238). Risk of unauthorized operations or information disclosure.
CVE-2026-55650 Cross-Site Scripting (XSS) in @outerbase/studio (CVE-2026-55650)
cross-site scripting in @outerbase/studio (CVE-2026-55650). Risk of unauthorized operations or information disclosure. Exploitable via ``dangerouslySetInnerHTML``.
CVE-2026-55447 Vulnerability in langflow (CVE-2026-55447)
vulnerability in langflow (CVE-2026-55447). Successful exploitation can lead to full system takeover. Exploitable via ``BaseFileComponent``. Mitigation: upgrade to `1.9.2` or later.
CVE-2026-55446 Vulnerability in langflow (CVE-2026-55446)
vulnerability in langflow (CVE-2026-55446). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/upload/test`. Mitigation: upgrade to `1.0.19` or later.
CVE-2026-50559 Authentication Bypass in c (CVE-2026-50559)
authentication bypass in c (CVE-2026-50559). Confidential information can be exposed externally.
CVE-2026-49346 Vulnerability in struktur (CVE-2026-49346)
vulnerability in struktur (CVE-2026-49346). Risk of unauthorized operations or information disclosure. Exploitable via ``size_t``.
CVE-2026-49337 Vulnerability in CVE-2026-49337 (CVE-2026-49337)
vulnerability in CVE-2026-49337 (CVE-2026-49337). Risk of unauthorized operations or information disclosure.
CVE-2026-49295 Out-of-Bounds Write in struktur (CVE-2026-49295)
out-of-bounds write in struktur (CVE-2026-49295). Risk of unauthorized operations or information disclosure. Exploitable via ``PocStFoll``.
CVE-2026-48794 Vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794)
vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794). Risk of unauthorized operations or information disclosure. Exploitable via ``a.b.example.com``. Mitigation: upgrade to `4.39.20` or later.
CVE-2026-55423 Vulnerability in langflow (CVE-2026-55423)
vulnerability in langflow (CVE-2026-55423). Confidential information can be exposed externally. Exploitable via ``access_token_lf``. Mitigation: upgrade to `1.7.1` or later.
CVE-2026-48129 Path Traversal in CVE-2026-48129 (CVE-2026-48129)
path traversal in CVE-2026-48129 (CVE-2026-48129). Data can be tampered with by attackers. Exploitable via ``inputFiles``.
CVE-2026-55255 KEV [KEV] Vulnerability in langflow (CVE-2026-55255)
vulnerability in langflow (CVE-2026-55255). Confidential information can be exposed externally. Exploitable via ``get_flow_by_id_or_endpoint_name``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-55206 Vulnerability in py7zr (CVE-2026-55206)
vulnerability in py7zr (CVE-2026-55206). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.3` or later.
CVE-2026-55195 Vulnerability in py7zr (CVE-2026-55195)
vulnerability in py7zr (CVE-2026-55195). Risk of unauthorized operations or information disclosure. Exploitable via ``zipfile``. Mitigation: upgrade to `1.1.3` or later.
CVE-2026-55187 SSRF (Server-Side Request Forgery) in github.com/axllent/mailpit (CVE-2026-55187)
SSRF in github.com/axllent/mailpit (CVE-2026-55187). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/message/{ID}/link-check`. Mitigation: upgrade to `1.30.2` or later.
CVE-2026-55185 Open Redirect in miniflux.app/v2 (CVE-2026-55185)
vulnerability in miniflux.app/v2 (CVE-2026-55185). Risk of unauthorized operations or information disclosure. Exploitable via `POST /login`. Mitigation: upgrade to `2.3.1` or later.
GHSA-c7jm-38gq-h67h Vulnerability in org.http4k:http4k-security-digest (GHSA-c7jm-38gq-h67h)
vulnerability in org.http4k:http4k-security-digest (GHSA-c7jm-38gq-h67h). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerFilters.DigestAuth``. Mitigation: upgrade to `4.51.0.0` or later.
GHSA-pr33-38xx-6r26 Information Disclosure in org.http4k:http4k-core (GHSA-pr33-38xx-6r26)
vulnerability in org.http4k:http4k-core (GHSA-pr33-38xx-6r26). Risk of unauthorized operations or information disclosure. Exploitable via ``BasicCookieStorage``. Mitigation: upgrade to `4.51.0.0` or later.
GHSA-m4w9-hjfw-vwj4 Vulnerability in org.http4k:http4k-core (GHSA-m4w9-hjfw-vwj4)
vulnerability in org.http4k:http4k-core (GHSA-m4w9-hjfw-vwj4). Risk of unauthorized operations or information disclosure. Exploitable via ``HmacSha256``. Mitigation: upgrade to `6.49.0.0` or later.
GHSA-jrpc-7vxp-69p6 Vulnerability in org.http4k:http4k-core (GHSA-jrpc-7vxp-69p6)
vulnerability in org.http4k:http4k-core (GHSA-jrpc-7vxp-69p6). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``. Mitigation: upgrade to `4.51.0.0` or later.
CVE-2026-54762 Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762). Confidential information can be exposed externally. Exploitable via ``digest``. Mitigation: upgrade to `3.7.5` or later.
CVE-2026-55847 Cross-Site Scripting (XSS) in io.qameta.allure:allure-generator (CVE-2026-55847)
cross-site scripting in io.qameta.allure:allure-generator (CVE-2026-55847). Risk of unauthorized operations or information disclosure. Exploitable via ``ansi.js``. Mitigation: upgrade to `2.39.0` or later.
CVE-2026-55846 Path Traversal in io.qameta.allure:allure-commandline (CVE-2026-55846)
path traversal in io.qameta.allure:allure-commandline (CVE-2026-55846). Risk of unauthorized operations or information disclosure. Exploitable via ``reportDirectory``. Mitigation: upgrade to `2.39.0` or later.
GHSA-rpj2-4hq8-938g Unsafe Deserialization in vcrpy (GHSA-rpj2-4hq8-938g)
vulnerability in vcrpy (GHSA-rpj2-4hq8-938g). Risk of unauthorized operations or information disclosure. Exploitable via ``yaml.CLoader``. Mitigation: upgrade to `8.2.1` or later.
CVE-2026-55837 Information Disclosure in dbt-mcp (CVE-2026-55837)
vulnerability in dbt-mcp (CVE-2026-55837). Risk of unauthorized operations or information disclosure. Exploitable via `GET /dbt_platform_context`. Mitigation: upgrade to `1.20.0` or later.
GHSA-p5wc-9w9r-m232 Vulnerability in ultimate-sitemap-parser (GHSA-p5wc-9w9r-m232)
vulnerability in ultimate-sitemap-parser (GHSA-p5wc-9w9r-m232). Risk of unauthorized operations or information disclosure. Exploitable via ``xml.parsers.expat``. Mitigation: upgrade to `1.8.1` or later.
GHSA-8823-qg2x-pv9f Vulnerability in ultimate-sitemap-parser (GHSA-8823-qg2x-pv9f)
vulnerability in ultimate-sitemap-parser (GHSA-8823-qg2x-pv9f). Risk of unauthorized operations or information disclosure. Exploitable via ``ungzipped_response_content``. Mitigation: upgrade to `1.8.1` or later.
CVE-2026-55828 Path Traversal in go.qbee.io/transport (CVE-2026-55828)
path traversal in go.qbee.io/transport (CVE-2026-55828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.25` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →