Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54773 |
|
Vulnerability in CoreWCF.Primitives (CVE-2026-54773)
vulnerability in CoreWCF.Primitives (CVE-2026-54773). Data can be tampered with by attackers. Exploitable via ``KeyInfo``. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-54772 |
|
Vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772)
vulnerability in CoreWCF.NetFramingBase (CVE-2026-54772). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.9.1` or later.
|
| CVE-2026-55865 |
|
Vulnerability in python-liquid (CVE-2026-55865)
vulnerability in python-liquid (CVE-2026-55865). Risk of unauthorized operations or information disclosure. Exploitable via ``liquid.TokenStream.eof``. Mitigation: upgrade to `2.2.1` or later.
|
| CVE-2026-49345 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-49345)
SSRF in ssrf (CVE-2026-49345). Risk of unauthorized operations or information disclosure. Exploitable via ``ConfigurationController``.
|
| CVE-2026-49344 |
|
Vulnerability in CVE-2026-49344 (CVE-2026-49344)
vulnerability in CVE-2026-49344 (CVE-2026-49344). Risk of unauthorized operations or information disclosure. Exploitable via ``from``.
|
| CVE-2026-49342 |
|
Path Traversal in yard (CVE-2026-49342)
path traversal in yard (CVE-2026-49342). Risk of unauthorized operations or information disclosure. Exploitable via ``adapter.document_root``. Mitigation: upgrade to `0.9.44` or later.
|
| CVE-2026-48787 |
|
OS Command Injection in vue (CVE-2026-48787)
OS command injection in vue (CVE-2026-48787). Risk of unauthorized operations or information disclosure. Exploitable via `POST /autoCode/addFunc`.
|
| CVE-2026-48774 |
|
Vulnerability in CVE-2026-48774 (CVE-2026-48774)
vulnerability in CVE-2026-48774 (CVE-2026-48774). Data can be tampered with by attackers. Exploitable via ``run_sql_readonly``.
|
| CVE-2026-48773 |
|
Out-of-Bounds Write in CVE-2026-48773 (CVE-2026-48773)
out-of-bounds write in CVE-2026-48773 (CVE-2026-48773). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48772 |
|
Vulnerability in CVE-2026-48772 (CVE-2026-48772)
vulnerability in CVE-2026-48772 (CVE-2026-48772). Confidential information can be exposed externally. Exploitable via ``UNKNOWN``.
|
| CVE-2026-48715 |
|
Vulnerability in radvdlitech (CVE-2026-48715)
vulnerability in radvdlitech (CVE-2026-48715). Successful exploitation can lead to full system takeover. Exploitable via ``radvdump``.
|
| CVE-2026-54898 |
|
Use-After-Free in oj (CVE-2026-54898)
vulnerability in oj (CVE-2026-54898). Risk of unauthorized operations or information disclosure. Exploitable via ``hash_start``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54897 |
|
Use-After-Free in oj (CVE-2026-54897)
vulnerability in oj (CVE-2026-54897). Risk of unauthorized operations or information disclosure. Exploitable via ``each_value``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54896 |
|
Vulnerability in oj (CVE-2026-54896)
vulnerability in oj (CVE-2026-54896). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-55778 |
|
Unrestricted File Upload in parse-server (CVE-2026-55778)
vulnerability in parse-server (CVE-2026-55778). Risk of unauthorized operations or information disclosure. Exploitable via ``fileUpload.fileExtensions``. Mitigation: upgrade to `8.6.81` or later.
|
| CVE-2026-54592 |
|
Out-of-Bounds Read in oj (CVE-2026-54592)
vulnerability in oj (CVE-2026-54592). Risk of unauthorized operations or information disclosure. Exploitable via ``doc_each_child``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54528 |
|
Vulnerability in jupyterlab-git (CVE-2026-54528)
vulnerability in jupyterlab-git (CVE-2026-54528). Confidential information can be exposed externally. Exploitable via `POST /git/project/secrets/status`. Mitigation: upgrade to `0.54.0` or later.
|
| CVE-2026-54527 |
|
Cross-Site Scripting (XSS) in jupyterlab-git (CVE-2026-54527)
cross-site scripting in jupyterlab-git (CVE-2026-54527). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/terminals`. Mitigation: upgrade to `0.54.0` or later.
|
| CVE-2026-54500 |
|
Out-of-Bounds Read in oj (CVE-2026-54500)
vulnerability in oj (CVE-2026-54500). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.load``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-54499 |
|
Unsafe Deserialization in stanza (CVE-2026-54499)
vulnerability in stanza (CVE-2026-54499). Successful exploitation can lead to full system takeover. Exploitable via ``pickle.UnpicklingError``. Mitigation: upgrade to `1.12.2` or later.
|
| CVE-2026-54317 |
|
Information Disclosure in homeassistant (CVE-2026-54317)
vulnerability in homeassistant (CVE-2026-54317). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `2026.6.0` or later.
|
| CVE-2026-54297 |
|
Vulnerability in faraday (CVE-2026-54297)
vulnerability in faraday (CVE-2026-54297). Risk of unauthorized operations or information disclosure. Exploitable via ``Hash``. Mitigation: upgrade to `1.10.6` or later.
|
| CVE-2026-53492 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53492). Confidential information can be exposed externally. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-53489 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53489)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-53489). Confidential information can be exposed externally. Exploitable via ``container.log``. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-53488 |
|
Vulnerability in github.com/containerd/containerd (CVE-2026-53488)
vulnerability in github.com/containerd/containerd (CVE-2026-53488). Successful exploitation can lead to full system takeover. Exploitable via ``LABEL``. Mitigation: upgrade to `1.7.33` or later.
|
| CVE-2026-54502 |
|
Vulnerability in oj (CVE-2026-54502)
vulnerability in oj (CVE-2026-54502). Risk of unauthorized operations or information disclosure. Exploitable via ``Oj.dump``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-49216 |
|
Cross-Site Scripting (XSS) in symfony/ux-autocomplete (CVE-2026-49216)
cross-site scripting in symfony/ux-autocomplete (CVE-2026-49216). Risk of unauthorized operations or information disclosure. Exploitable via ``text``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-49215 |
|
Cross-Site Request Forgery (CSRF) in symfony/ux-live-component (CVE-2026-49215)
vulnerability in symfony/ux-live-component (CVE-2026-49215). Risk of unauthorized operations or information disclosure. Exploitable via ``Accept``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-49212 |
|
Vulnerability in symfony/ux-live-component (CVE-2026-49212)
vulnerability in symfony/ux-live-component (CVE-2026-49212). Risk of unauthorized operations or information disclosure. Exploitable via ``propsFromParent``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-49211 |
|
Information Disclosure in symfony/ux-autocomplete (CVE-2026-49211)
vulnerability in symfony/ux-autocomplete (CVE-2026-49211). Risk of unauthorized operations or information disclosure. Exploitable via ``LIKE``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-49210 |
|
Cross-Site Scripting (XSS) in symfony/ux-live-component (CVE-2026-49210)
cross-site scripting in symfony/ux-live-component (CVE-2026-49210). Risk of unauthorized operations or information disclosure. Exploitable via ``LiveComponentSubscriber``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-49209 |
|
Vulnerability in symfony/ux-live-component (CVE-2026-49209)
vulnerability in symfony/ux-live-component (CVE-2026-49209). Risk of unauthorized operations or information disclosure. Exploitable via ``actions``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-47262 |
|
Vulnerability in github.com/containerd/containerd/v2 (CVE-2026-47262)
vulnerability in github.com/containerd/containerd/v2 (CVE-2026-47262). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-54899 |
|
Use-After-Free in oj (CVE-2026-54899)
vulnerability in oj (CVE-2026-54899). Risk of unauthorized operations or information disclosure. Exploitable via ``symbol_keys``. Mitigation: upgrade to `3.17.3` or later.
|
| CVE-2026-49208 |
|
Vulnerability in symfony/ux-live-component (CVE-2026-49208)
vulnerability in symfony/ux-live-component (CVE-2026-49208). Risk of unauthorized operations or information disclosure. Exploitable via ``DateTimeInterface``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-23879 |
|
Vulnerability in py7zr (CVE-2026-23879)
vulnerability in py7zr (CVE-2026-23879). Successful exploitation can lead to full system takeover. Exploitable via ``py7zr``. Mitigation: upgrade to `1.1.3` or later.
|
| GHSA-9ggv-8w38-r7pm |
|
SQL Injection in typeorm (GHSA-9ggv-8w38-r7pm)
SQL injection in typeorm (GHSA-9ggv-8w38-r7pm). Risk of unauthorized operations or information disclosure. Exploitable via ``UpdateQueryBuilder``. Mitigation: upgrade to `0.3.29` or later.
|
| GHSA-r46f-3rpw-hxrv |
|
SSRF (Server-Side Request Forgery) in github.com/gohugoio/hugo (GHSA-r46f-3rpw-hxrv)
SSRF in github.com/gohugoio/hugo (GHSA-r46f-3rpw-hxrv). Risk of unauthorized operations or information disclosure. Exploitable via ``security.http.urls``. Mitigation: upgrade to `0.163.1` or later.
|
| CVE-2026-49340 |
|
Path Traversal in go.senan.xyz/gonic (CVE-2026-49340)
path traversal in go.senan.xyz/gonic (CVE-2026-49340). Data can be tampered with by attackers. Exploitable via ``ServeCreateOrUpdatePlaylist``. Mitigation: upgrade to `0.21.0` or later.
|
| CVE-2026-49339 |
|
Path Traversal in go.senan.xyz/gonic (CVE-2026-49339)
path traversal in go.senan.xyz/gonic (CVE-2026-49339). Data can be tampered with by attackers. Exploitable via ``playlist.UserID``. Mitigation: upgrade to `0.21.0` or later.
|
| CVE-2026-49338 |
|
Vulnerability in go.senan.xyz/gonic (CVE-2026-49338)
vulnerability in go.senan.xyz/gonic (CVE-2026-49338). Data can be tampered with by attackers. Exploitable via `GET /rest/deletePlaylist.view`. Mitigation: upgrade to `0.21.0` or later.
|
| CVE-2026-49336 |
|
Vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336)
vulnerability in @microsoft/kiota-http-fetchlibrary (CVE-2026-49336). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.0.0-preview.102` or later.
|
| CVE-2026-49293 |
|
Vulnerability in js-toml (CVE-2026-49293)
vulnerability in js-toml (CVE-2026-49293). Risk of unauthorized operations or information disclosure. Exploitable via ``parseBigInt``. Mitigation: upgrade to `1.1.1` or later.
|
| CVE-2026-49291 |
|
Vulnerability in mcp-memory-service (CVE-2026-49291)
vulnerability in mcp-memory-service (CVE-2026-49291). Data can be tampered with by attackers. Exploitable via `POST /api/memories`. Mitigation: upgrade to `10.65.3` or later.
|
| CVE-2026-49288 |
|
Information Disclosure in statamic/cms (CVE-2026-49288)
vulnerability in statamic/cms (CVE-2026-49288). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.73.23` or later.
|
| CVE-2019-25758 |
|
Unrestricted File Upload in CVE-2019-25758 (CVE-2019-25758)
vulnerability in CVE-2019-25758 (CVE-2019-25758). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25761 |
|
SQL Injection in sqli (CVE-2019-25761)
SQL injection in sqli (CVE-2019-25761). Confidential information can be exposed externally.
|
| CVE-2019-25759 |
|
SQL Injection in sqli (CVE-2019-25759)
SQL injection in sqli (CVE-2019-25759). Confidential information can be exposed externally.
|
| CVE-2019-25760 |
|
Vulnerability in CVE-2019-25760 (CVE-2019-25760)
vulnerability in CVE-2019-25760 (CVE-2019-25760). Confidential information can be exposed externally.
|
| CVE-2019-25762 |
|
Vulnerability in CVE-2019-25762 (CVE-2019-25762)
vulnerability in CVE-2019-25762 (CVE-2019-25762). Confidential information can be exposed externally.
|