Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| GHSA-4cc2-g9w2-fhf6 |
|
SSRF (Server-Side Request Forgery) in zeep (GHSA-4cc2-g9w2-fhf6)
SSRF in zeep (GHSA-4cc2-g9w2-fhf6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.3.3` or later.
|
| GHSA-cw6h-ffmh-x6vh |
|
Path Traversal in aqt (GHSA-cw6h-ffmh-x6vh)
path traversal in aqt (GHSA-cw6h-ffmh-x6vh). Risk of unauthorized operations or information disclosure. Exploitable via ``getImageForOcclusion``. Mitigation: upgrade to `25.9.4` or later.
|
| GHSA-wvrh-2f4m-924v |
|
Vulnerability in ChatterBot (GHSA-wvrh-2f4m-924v)
vulnerability in ChatterBot (GHSA-wvrh-2f4m-924v). Risk of unauthorized operations or information disclosure. Exploitable via ``makedirs``. Mitigation: upgrade to `1.2.14` or later.
|
| CVE-2026-57168 |
|
Vulnerability in io.openremote:openremote-manager (CVE-2026-57168)
vulnerability in io.openremote:openremote-manager (CVE-2026-57168). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /api/smartcity/alarm`. Mitigation: upgrade to `1.25.0` or later.
|
| GHSA-x975-rgx4-5fh4 |
|
Cross-Site Scripting (XSS) in appium-mcp (GHSA-x975-rgx4-5fh4)
cross-site scripting in appium-mcp (GHSA-x975-rgx4-5fh4). Risk of unauthorized operations or information disclosure. Exploitable via ``createLocatorGeneratorUI``. Mitigation: upgrade to `1.85.10` or later.
|
| GHSA-c795-2g9c-j48m |
|
Path Traversal in everos (GHSA-c795-2g9c-j48m)
path traversal in everos (GHSA-c795-2g9c-j48m). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/memory/add`. Mitigation: upgrade to `1.0.1` or later.
|
| GHSA-v3f4-w7r7-v3hm |
|
Vulnerability in @zenalexa/unicli (GHSA-v3f4-w7r7-v3hm)
vulnerability in @zenalexa/unicli (GHSA-v3f4-w7r7-v3hm). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.225.2` or later.
|
| GHSA-6gqw-jqv7-v88m |
|
Authorization Flaw in stigmem-node (GHSA-6gqw-jqv7-v88m)
vulnerability in stigmem-node (GHSA-6gqw-jqv7-v88m). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/decay/sweep`. Mitigation: upgrade to `0.9.0a12` or later.
|
| GHSA-xhv3-q4xx-349r |
|
Vulnerability in stigmem-node (GHSA-xhv3-q4xx-349r)
vulnerability in stigmem-node (GHSA-xhv3-q4xx-349r). Risk of unauthorized operations or information disclosure. Exploitable via ``_get_quarantined_fact``. Mitigation: upgrade to `0.9.0a12` or later.
|
| GHSA-x26h-xmv8-gxf7 |
|
Vulnerability in stigmem-node (GHSA-x26h-xmv8-gxf7)
vulnerability in stigmem-node (GHSA-x26h-xmv8-gxf7). Risk of unauthorized operations or information disclosure. Exploitable via ``issue_tombstone``. Mitigation: upgrade to `0.9.0a12` or later.
|
| GHSA-6v7p-g79w-8964 |
|
Use-After-Free in msgpack (GHSA-6v7p-g79w-8964)
vulnerability in msgpack (GHSA-6v7p-g79w-8964). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.2.1` or later.
|
| GHSA-6vxv-wg6j-5qwp |
|
Vulnerability in gogs.io/gogs (GHSA-6vxv-wg6j-5qwp)
vulnerability in gogs.io/gogs (GHSA-6vxv-wg6j-5qwp). Risk of unauthorized operations or information disclosure. Exploitable via ``xss.ipynb``. Mitigation: upgrade to `0.14.3` or later.
|
| GHSA-97pr-9hgg-3p8r |
|
Information Disclosure in parse-server (GHSA-97pr-9hgg-3p8r)
vulnerability in parse-server (GHSA-97pr-9hgg-3p8r). Risk of unauthorized operations or information disclosure. Exploitable via ``save``. Mitigation: upgrade to `8.6.83` or later.
|
| GHSA-mrvx-jmjw-vggc |
|
SSRF (Server-Side Request Forgery) in mcp-searxng (GHSA-mrvx-jmjw-vggc)
SSRF in mcp-searxng (GHSA-mrvx-jmjw-vggc). Risk of unauthorized operations or information disclosure. Exploitable via ``web_url_read``. Mitigation: upgrade to `1.7.1` or later.
|
| GHSA-xcqx-9jf5-w339 |
|
Vulnerability in mcp-searxng (GHSA-xcqx-9jf5-w339)
vulnerability in mcp-searxng (GHSA-xcqx-9jf5-w339). Risk of unauthorized operations or information disclosure. Exploitable via ``web_url_read``. Mitigation: upgrade to `1.7.1` or later.
|
| GHSA-48x2-6pr9-2jjf |
|
Path Traversal in network-ai (GHSA-48x2-6pr9-2jjf)
path traversal in network-ai (GHSA-48x2-6pr9-2jjf). Risk of unauthorized operations or information disclosure. Exploitable via ``backupPath``. Mitigation: upgrade to `5.12.2` or later.
|
| GHSA-6x2m-p4xp-wg22 |
|
Path Traversal in network-ai (GHSA-6x2m-p4xp-wg22)
path traversal in network-ai (GHSA-6x2m-p4xp-wg22). Risk of unauthorized operations or information disclosure. Exploitable via ``copied``. Mitigation: upgrade to `5.12.2` or later.
|
| GHSA-mxjx-28vx-xjjj |
|
Cross-Site Request Forgery (CSRF) in network-ai (GHSA-mxjx-28vx-xjjj)
vulnerability in network-ai (GHSA-mxjx-28vx-xjjj). Risk of unauthorized operations or information disclosure. Exploitable via `POST /approvals/`. Mitigation: upgrade to `5.4.5` or later.
|
| GHSA-jvcm-f35g-w78p |
|
Path Traversal in network-ai (GHSA-jvcm-f35g-w78p)
path traversal in network-ai (GHSA-jvcm-f35g-w78p). Risk of unauthorized operations or information disclosure. Exploitable via ``AgentRuntime``. Mitigation: upgrade to `5.12.2` or later.
|
| GHSA-2fmp-9rvw-hc96 |
|
Path Traversal in network-ai (GHSA-2fmp-9rvw-hc96)
path traversal in network-ai (GHSA-2fmp-9rvw-hc96). Risk of unauthorized operations or information disclosure. Exploitable via ``path``. Mitigation: upgrade to `5.12.2` or later.
|
| GHSA-9c83-rr99-vfwj |
|
Path Traversal in @bitbonsai/mcpvault (GHSA-9c83-rr99-vfwj)
path traversal in @bitbonsai/mcpvault (GHSA-9c83-rr99-vfwj). Risk of unauthorized operations or information disclosure. Exploitable via ``node_modules``. Mitigation: upgrade to `0.11.5` or later.
|
| GHSA-h5jc-78hr-3pc9 |
|
Cross-Site Scripting (XSS) in @sveltia/cms (GHSA-h5jc-78hr-3pc9)
cross-site scripting in @sveltia/cms (GHSA-h5jc-78hr-3pc9). Risk of unauthorized operations or information disclosure. Exploitable via ``iframe``. Mitigation: upgrade to `0.167.3` or later.
|
| CVE-2026-55878 |
|
Path Traversal in symfony/ux-toolkit (CVE-2026-55878)
path traversal in symfony/ux-toolkit (CVE-2026-55878). Successful exploitation can lead to full system takeover. Exploitable via ``true``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-55877 |
|
Cross-Site Scripting (XSS) in symfony/ux-icons (CVE-2026-55877)
cross-site scripting in symfony/ux-icons (CVE-2026-55877). Risk of unauthorized operations or information disclosure. Exploitable via ``body``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-55866 |
|
Authorization Flaw in github.com/authzed/spicedb (CVE-2026-55866)
vulnerability in github.com/authzed/spicedb (CVE-2026-55866). Risk of unauthorized operations or information disclosure. Exploitable via ``CheckPermission``. Mitigation: upgrade to `1.54.0` or later.
|
| CVE-2026-55776 |
|
Vulnerability in github.com/openbao/openbao (CVE-2026-55776)
vulnerability in github.com/openbao/openbao (CVE-2026-55776). Risk of unauthorized operations or information disclosure. Exploitable via ``type``. Mitigation: upgrade to `0.0.0-20260617104123-db57c62602b2` or later.
|
| CVE-2026-55775 |
|
Vulnerability in github.com/openbao/openbao (CVE-2026-55775)
vulnerability in github.com/openbao/openbao (CVE-2026-55775). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55774 |
|
Authorization Flaw in github.com/openbao/openbao (CVE-2026-55774)
vulnerability in github.com/openbao/openbao (CVE-2026-55774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.0-20260617103932-b20b999dd404` or later.
|
| CVE-2026-55770 |
|
Vulnerability in github.com/openbao/openbao (CVE-2026-55770)
vulnerability in github.com/openbao/openbao (CVE-2026-55770). Risk of unauthorized operations or information disclosure. Exploitable via ``bindDN``. Mitigation: upgrade to `0.0.0-20260617104213-10b7825c714c` or later.
|
| CVE-2026-55692 |
|
Cross-Site Scripting (XSS) in starcitizenwiki/embedvideo (CVE-2026-55692)
cross-site scripting in starcitizenwiki/embedvideo (CVE-2026-55692). Risk of unauthorized operations or information disclosure. Exploitable via ``archiveorg``. Mitigation: upgrade to `4.1.0` or later.
|
| CVE-2026-48584 |
|
Vulnerability in microsoft (CVE-2026-48584)
vulnerability in microsoft (CVE-2026-48584). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48582 |
|
Vulnerability in microsoft (CVE-2026-48582)
vulnerability in microsoft (CVE-2026-48582). Confidential information can be exposed externally.
|
| CVE-2026-50519 |
|
Vulnerability in microsoft (CVE-2026-50519)
vulnerability in microsoft (CVE-2026-50519). Confidential information can be exposed externally.
|
| CVE-2026-45480 |
|
Authentication Bypass in microsoft (CVE-2026-45480)
authentication bypass in microsoft (CVE-2026-45480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47645 |
|
Open Redirect in microsoft (CVE-2026-47645)
vulnerability in microsoft (CVE-2026-47645). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32208 |
|
Cross-Site Scripting (XSS) in microsoft (CVE-2026-32208)
cross-site scripting in microsoft (CVE-2026-32208). Successful exploitation can lead to full system takeover.
|
| CVE-2026-9375 |
|
Vulnerability in dos (CVE-2026-9375)
vulnerability in dos (CVE-2026-9375). Risk of unauthorized operations or information disclosure. Exploitable via ``response.py``.
|
| CVE-2026-42895 |
|
Command Injection in microsoft (CVE-2026-42895)
command injection in microsoft (CVE-2026-42895). Data can be tampered with by attackers.
|
| CVE-2026-27878 |
|
Vulnerability in dos (CVE-2026-27878)
vulnerability in dos (CVE-2026-27878). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-54357 |
|
Vulnerability in CVE-2023-54357 (CVE-2023-54357)
vulnerability in CVE-2023-54357 (CVE-2023-54357). Confidential information can be exposed externally.
|
| CVE-2026-12726 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-12726 (CVE-2026-12726)
SSRF in CVE-2026-12726 (CVE-2026-12726). Confidential information can be exposed externally.
|
| CVE-2026-12238 |
|
Vulnerability in wordpress (CVE-2026-12238)
vulnerability in wordpress (CVE-2026-12238). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55650 |
|
Cross-Site Scripting (XSS) in @outerbase/studio (CVE-2026-55650)
cross-site scripting in @outerbase/studio (CVE-2026-55650). Risk of unauthorized operations or information disclosure. Exploitable via ``dangerouslySetInnerHTML``.
|
| CVE-2026-55447 |
|
Vulnerability in langflow (CVE-2026-55447)
vulnerability in langflow (CVE-2026-55447). Successful exploitation can lead to full system takeover. Exploitable via ``BaseFileComponent``. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-55446 |
|
Vulnerability in langflow (CVE-2026-55446)
vulnerability in langflow (CVE-2026-55446). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/upload/test`. Mitigation: upgrade to `1.0.19` or later.
|
| CVE-2026-50559 |
|
Authentication Bypass in c (CVE-2026-50559)
authentication bypass in c (CVE-2026-50559). Confidential information can be exposed externally.
|
| CVE-2026-49346 |
|
Vulnerability in struktur (CVE-2026-49346)
vulnerability in struktur (CVE-2026-49346). Risk of unauthorized operations or information disclosure. Exploitable via ``size_t``.
|
| CVE-2026-49337 |
|
Vulnerability in CVE-2026-49337 (CVE-2026-49337)
vulnerability in CVE-2026-49337 (CVE-2026-49337). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49295 |
|
Out-of-Bounds Write in struktur (CVE-2026-49295)
out-of-bounds write in struktur (CVE-2026-49295). Risk of unauthorized operations or information disclosure. Exploitable via ``PocStFoll``.
|
| CVE-2026-48794 |
|
Vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794)
vulnerability in github.com/authelia/authelia/v4 (CVE-2026-48794). Risk of unauthorized operations or information disclosure. Exploitable via ``a.b.example.com``. Mitigation: upgrade to `4.39.20` or later.
|