Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-55423 Vulnerability in langflow (CVE-2026-55423)
vulnerability in langflow (CVE-2026-55423). Confidential information can be exposed externally. Exploitable via ``access_token_lf``. Mitigation: upgrade to `1.7.1` or later.
CVE-2026-48129 Path Traversal in CVE-2026-48129 (CVE-2026-48129)
path traversal in CVE-2026-48129 (CVE-2026-48129). Data can be tampered with by attackers. Exploitable via ``inputFiles``.
CVE-2026-55255 KEV [KEV] Vulnerability in langflow (CVE-2026-55255)
vulnerability in langflow (CVE-2026-55255). Confidential information can be exposed externally. Exploitable via ``get_flow_by_id_or_endpoint_name``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-55206 Vulnerability in py7zr (CVE-2026-55206)
vulnerability in py7zr (CVE-2026-55206). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.3` or later.
CVE-2026-55195 Vulnerability in py7zr (CVE-2026-55195)
vulnerability in py7zr (CVE-2026-55195). Risk of unauthorized operations or information disclosure. Exploitable via ``zipfile``. Mitigation: upgrade to `1.1.3` or later.
CVE-2026-55187 SSRF (Server-Side Request Forgery) in github.com/axllent/mailpit (CVE-2026-55187)
SSRF in github.com/axllent/mailpit (CVE-2026-55187). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/message/{ID}/link-check`. Mitigation: upgrade to `1.30.2` or later.
CVE-2026-55185 Open Redirect in miniflux.app/v2 (CVE-2026-55185)
vulnerability in miniflux.app/v2 (CVE-2026-55185). Risk of unauthorized operations or information disclosure. Exploitable via `POST /login`. Mitigation: upgrade to `2.3.1` or later.
GHSA-c7jm-38gq-h67h Vulnerability in org.http4k:http4k-security-digest (GHSA-c7jm-38gq-h67h)
vulnerability in org.http4k:http4k-security-digest (GHSA-c7jm-38gq-h67h). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerFilters.DigestAuth``. Mitigation: upgrade to `4.51.0.0` or later.
GHSA-pr33-38xx-6r26 Information Disclosure in org.http4k:http4k-core (GHSA-pr33-38xx-6r26)
vulnerability in org.http4k:http4k-core (GHSA-pr33-38xx-6r26). Risk of unauthorized operations or information disclosure. Exploitable via ``BasicCookieStorage``. Mitigation: upgrade to `4.51.0.0` or later.
GHSA-m4w9-hjfw-vwj4 Vulnerability in org.http4k:http4k-core (GHSA-m4w9-hjfw-vwj4)
vulnerability in org.http4k:http4k-core (GHSA-m4w9-hjfw-vwj4). Risk of unauthorized operations or information disclosure. Exploitable via ``HmacSha256``. Mitigation: upgrade to `6.49.0.0` or later.
GHSA-jrpc-7vxp-69p6 Vulnerability in org.http4k:http4k-core (GHSA-jrpc-7vxp-69p6)
vulnerability in org.http4k:http4k-core (GHSA-jrpc-7vxp-69p6). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``. Mitigation: upgrade to `4.51.0.0` or later.
CVE-2026-54762 Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54762). Confidential information can be exposed externally. Exploitable via ``digest``. Mitigation: upgrade to `3.7.5` or later.
CVE-2026-55847 Cross-Site Scripting (XSS) in io.qameta.allure:allure-generator (CVE-2026-55847)
cross-site scripting in io.qameta.allure:allure-generator (CVE-2026-55847). Risk of unauthorized operations or information disclosure. Exploitable via ``ansi.js``. Mitigation: upgrade to `2.39.0` or later.
CVE-2026-55846 Path Traversal in io.qameta.allure:allure-commandline (CVE-2026-55846)
path traversal in io.qameta.allure:allure-commandline (CVE-2026-55846). Risk of unauthorized operations or information disclosure. Exploitable via ``reportDirectory``. Mitigation: upgrade to `2.39.0` or later.
GHSA-rpj2-4hq8-938g Unsafe Deserialization in vcrpy (GHSA-rpj2-4hq8-938g)
vulnerability in vcrpy (GHSA-rpj2-4hq8-938g). Risk of unauthorized operations or information disclosure. Exploitable via ``yaml.CLoader``. Mitigation: upgrade to `8.2.1` or later.
CVE-2026-55837 Information Disclosure in dbt-mcp (CVE-2026-55837)
vulnerability in dbt-mcp (CVE-2026-55837). Risk of unauthorized operations or information disclosure. Exploitable via `GET /dbt_platform_context`. Mitigation: upgrade to `1.20.0` or later.
GHSA-p5wc-9w9r-m232 Vulnerability in ultimate-sitemap-parser (GHSA-p5wc-9w9r-m232)
vulnerability in ultimate-sitemap-parser (GHSA-p5wc-9w9r-m232). Risk of unauthorized operations or information disclosure. Exploitable via ``xml.parsers.expat``. Mitigation: upgrade to `1.8.1` or later.
GHSA-8823-qg2x-pv9f Vulnerability in ultimate-sitemap-parser (GHSA-8823-qg2x-pv9f)
vulnerability in ultimate-sitemap-parser (GHSA-8823-qg2x-pv9f). Risk of unauthorized operations or information disclosure. Exploitable via ``ungzipped_response_content``. Mitigation: upgrade to `1.8.1` or later.
CVE-2026-55828 Path Traversal in go.qbee.io/transport (CVE-2026-55828)
path traversal in go.qbee.io/transport (CVE-2026-55828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.25` or later.
CVE-2026-55660 Cross-Site Scripting (XSS) in tinacms (CVE-2026-55660)
cross-site scripting in tinacms (CVE-2026-55660). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-55795 Vulnerability in craftcms/commerce (CVE-2026-55795)
vulnerability in craftcms/commerce (CVE-2026-55795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.11.2` or later.
GHSA-78vr-q6cf-c7p6 Vulnerability in craftcms/commerce (GHSA-78vr-q6cf-c7p6)
vulnerability in craftcms/commerce (GHSA-78vr-q6cf-c7p6). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.11.2` or later.
CVE-2026-55791 Cross-Site Scripting (XSS) in craftcms/cms (CVE-2026-55791)
cross-site scripting in craftcms/cms (CVE-2026-55791). Risk of unauthorized operations or information disclosure. Exploitable via ``trustedHosts``. Mitigation: upgrade to `4.18` or later.
CVE-2026-54074 Code Injection in @tinacms/cli (CVE-2026-54074)
code injection in @tinacms/cli (CVE-2026-54074). Successful exploitation can lead to full system takeover. Exploitable via ``addVariablesToCode``. Mitigation: upgrade to `2.4.3` or later.
CVE-2026-55691 Cross-Site Scripting (XSS) in starcitizenwiki/embedvideo (CVE-2026-55691)
cross-site scripting in starcitizenwiki/embedvideo (CVE-2026-55691). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.0` or later.
CVE-2026-55690 Cross-Site Scripting (XSS) in starcitizenwiki/embedvideo (CVE-2026-55690)
cross-site scripting in starcitizenwiki/embedvideo (CVE-2026-55690). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.0` or later.
GHSA-wfqx-gjrf-g28r Vulnerability in github.com/crossplane/crossplane/v2 (GHSA-wfqx-gjrf-g28r)
vulnerability in github.com/crossplane/crossplane/v2 (GHSA-wfqx-gjrf-g28r). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageConfig``.
CVE-2026-55091 Vulnerability in flat-to-nested (CVE-2026-55091)
vulnerability in flat-to-nested (CVE-2026-55091). Risk of unauthorized operations or information disclosure. Exploitable via ``parent``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-55849 OS Command Injection in @cyclonedx/cyclonedx-npm (CVE-2026-55849)
OS command injection in @cyclonedx/cyclonedx-npm (CVE-2026-55849). Risk of unauthorized operations or information disclosure. Exploitable via ``npm_execpath``. Mitigation: upgrade to `5.0.0` or later.
GHSA-x845-2f78-7v36 Vulnerability in github.com/0xERR0R/blocky (GHSA-x845-2f78-7v36)
vulnerability in github.com/0xERR0R/blocky (GHSA-x845-2f78-7v36). Risk of unauthorized operations or information disclosure. Exploitable via ``Insecure``. Mitigation: upgrade to `0.32.0` or later.
CVE-2026-54911 Vulnerability in ujson (CVE-2026-54911)
vulnerability in ujson (CVE-2026-54911). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.13.0` or later.
CVE-2026-54906 Vulnerability in concurrent-ruby (CVE-2026-54906)
vulnerability in concurrent-ruby (CVE-2026-54906). Successful exploitation can lead to full system takeover. Exploitable via ``release_write_lock``. Mitigation: upgrade to `1.3.7` or later.
CVE-2026-54905 Vulnerability in concurrent-ruby (CVE-2026-54905)
vulnerability in concurrent-ruby (CVE-2026-54905). Confidential information can be exposed externally. Exploitable via ``WRITE_LOCK_HELD``. Mitigation: upgrade to `1.3.7` or later.
CVE-2026-54904 Vulnerability in concurrent-ruby (CVE-2026-54904)
vulnerability in concurrent-ruby (CVE-2026-54904). Risk of unauthorized operations or information disclosure. Exploitable via ``compare_and_set``. Mitigation: upgrade to `1.3.7` or later.
CVE-2026-54903 Vulnerability in oj (CVE-2026-54903)
vulnerability in oj (CVE-2026-54903). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54902 Use-After-Free in oj (CVE-2026-54902)
vulnerability in oj (CVE-2026-54902). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_end``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54901 Use-After-Free in oj (CVE-2026-54901)
vulnerability in oj (CVE-2026-54901). Risk of unauthorized operations or information disclosure. Exploitable via ``array_class``. Mitigation: upgrade to `3.17.3` or later.
CVE-2026-54900 Vulnerability in oj (CVE-2026-54900)
vulnerability in oj (CVE-2026-54900). Risk of unauthorized operations or information disclosure. Exploitable via ``create_id``. Mitigation: upgrade to `3.17.3` or later.
GHSA-v52w-28xh-v562 Vulnerability in kozou (GHSA-v52w-28xh-v562)
vulnerability in kozou (GHSA-v52w-28xh-v562). Risk of unauthorized operations or information disclosure. Exploitable via ``Host``. Mitigation: upgrade to `1.8.1` or later.
CVE-2026-54784 Vulnerability in CoreWCF.Primitives (CVE-2026-54784)
vulnerability in CoreWCF.Primitives (CVE-2026-54784). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54783 Vulnerability in CoreWCF.Primitives (CVE-2026-54783)
vulnerability in CoreWCF.Primitives (CVE-2026-54783). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54782 Vulnerability in CoreWCF.Primitives (CVE-2026-54782)
vulnerability in CoreWCF.Primitives (CVE-2026-54782). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54781 Authentication Bypass in CoreWCF.Primitives (CVE-2026-54781)
authentication bypass in CoreWCF.Primitives (CVE-2026-54781). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54780 Vulnerability in CoreWCF.Primitives (CVE-2026-54780)
vulnerability in CoreWCF.Primitives (CVE-2026-54780). Risk of unauthorized operations or information disclosure. Exploitable via ``SignatureMethod``. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54779 Vulnerability in CoreWCF.Primitives (CVE-2026-54779)
vulnerability in CoreWCF.Primitives (CVE-2026-54779). Data can be tampered with by attackers. Exploitable via ``ITokenReplayCache``. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54778 Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54778). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54777 Vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777)
vulnerability in CoreWCF.NetNamedPipe (CVE-2026-54777). Confidential information can be exposed externally. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54776 Vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776)
vulnerability in CoreWCF.UnixDomainSocket (CVE-2026-54776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54775 Vulnerability in CoreWCF.Kafka (CVE-2026-54775)
vulnerability in CoreWCF.Kafka (CVE-2026-54775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-54774 Vulnerability in CoreWCF.Primitives (CVE-2026-54774)
vulnerability in CoreWCF.Primitives (CVE-2026-54774). Confidential information can be exposed externally. Exploitable via ``BinarySecretSecurityToken``. Mitigation: upgrade to `1.9.1` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →