Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-49231 Vulnerability in apache (CVE-2026-49231)
vulnerability in apache (CVE-2026-49231). Risk of unauthorized operations or information disclosure.
CVE-2026-48895 Open Redirect in apache (CVE-2026-48895)
vulnerability in apache (CVE-2026-48895). Risk of unauthorized operations or information disclosure.
CVE-2026-4026 Vulnerability in CVE-2026-4026 (CVE-2026-4026)
vulnerability in CVE-2026-4026 (CVE-2026-4026). Risk of unauthorized operations or information disclosure.
CVE-2026-49871 Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
CVE-2026-4027 Vulnerability in CVE-2026-4027 (CVE-2026-4027)
vulnerability in CVE-2026-4027 (CVE-2026-4027). Risk of unauthorized operations or information disclosure.
CVE-2026-49872 Authentication Bypass in apache (CVE-2026-49872)
authentication bypass in apache (CVE-2026-49872). Confidential information can be exposed externally.
CVE-2026-39998 Vulnerability in apache (CVE-2026-39998)
vulnerability in apache (CVE-2026-39998). Successful exploitation can lead to full system takeover.
CVE-2026-44046 Vulnerability in apache (CVE-2026-44046)
vulnerability in apache (CVE-2026-44046). Risk of unauthorized operations or information disclosure.
CVE-2026-44915 Open Redirect in apache (CVE-2026-44915)
vulnerability in apache (CVE-2026-44915). Risk of unauthorized operations or information disclosure.
CVE-2026-47339 Authorization Flaw in apache (CVE-2026-47339)
vulnerability in apache (CVE-2026-47339). Confidential information can be exposed externally.
CVE-2026-39999 Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
CVE-2026-47341 Vulnerability in apache (CVE-2026-47341)
vulnerability in apache (CVE-2026-47341). Risk of unauthorized operations or information disclosure.
CVE-2026-44087 Vulnerability in apache (CVE-2026-44087)
vulnerability in apache (CVE-2026-44087). Confidential information can be exposed externally.
CVE-2026-12104 OS Command Injection in CVE-2026-12104 (CVE-2026-12104)
OS command injection in CVE-2026-12104 (CVE-2026-12104). Risk of unauthorized operations or information disclosure.
CVE-2025-62821 Out-of-Bounds Read in microsoft (CVE-2025-62821)
vulnerability in microsoft (CVE-2025-62821). Confidential information can be exposed externally.
CVE-2026-49358 Vulnerability in pontedilana/php-weasyprint (CVE-2026-49358)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49358). Risk of unauthorized operations or information disclosure. Exploitable via ``realpath``. Mitigation: upgrade to `2.6.0` or later.
GHSA-vcv2-r9jh-99m5 OS Command Injection in agentic-flow (GHSA-vcv2-r9jh-99m5)
OS command injection in agentic-flow (GHSA-vcv2-r9jh-99m5). Risk of unauthorized operations or information disclosure. Exploitable via ``agent``. Mitigation: upgrade to `2.0.14` or later.
GHSA-jv2h-4p9v-wf5w Vulnerability in ouroboros-ai (GHSA-jv2h-4p9v-wf5w)
vulnerability in ouroboros-ai (GHSA-jv2h-4p9v-wf5w). Risk of unauthorized operations or information disclosure. Exploitable via ``_UNTRUSTED_ENV_DENYLIST``. Mitigation: upgrade to `0.42.1` or later.
GHSA-vmhf-c436-hxj4 Vulnerability in jupyterlab (GHSA-vmhf-c436-hxj4)
vulnerability in jupyterlab (GHSA-vmhf-c436-hxj4). Risk of unauthorized operations or information disclosure. Exploitable via ``homepage_url``. Mitigation: upgrade to `4.5.9` or later.
GHSA-2rm3-333w-xvc4 Unrestricted File Upload in DotVVM (GHSA-2rm3-333w-xvc4)
vulnerability in DotVVM (GHSA-2rm3-333w-xvc4). Risk of unauthorized operations or information disclosure. Exploitable via ``AddUploadedFileStorage``. Mitigation: upgrade to `5.0.0-preview09-final` or later.
GHSA-c8qj-jx8j-fg2w Vulnerability in DotVVM (GHSA-c8qj-jx8j-fg2w)
vulnerability in DotVVM (GHSA-c8qj-jx8j-fg2w). Risk of unauthorized operations or information disclosure. Exploitable via ``AuthorizeActionFilter``. Mitigation: upgrade to `5.0.0-preview09-final` or later.
GHSA-c2g3-c4gc-w5wg Vulnerability in DotVVM (GHSA-c2g3-c4gc-w5wg)
vulnerability in DotVVM (GHSA-c2g3-c4gc-w5wg). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.0-preview09-final` or later.
GHSA-wg5p-8h9p-3mr7 OS Command Injection in agent-coderag (GHSA-wg5p-8h9p-3mr7)
OS command injection in agent-coderag (GHSA-wg5p-8h9p-3mr7). Risk of unauthorized operations or information disclosure. Exploitable via ``gradlew``. Mitigation: upgrade to `1.3.1` or later.
GHSA-2h46-9x5w-4wf7 Path Traversal in github.com/entireio/cli (GHSA-2h46-9x5w-4wf7)
path traversal in github.com/entireio/cli (GHSA-2h46-9x5w-4wf7). Risk of unauthorized operations or information disclosure. Exploitable via ``SessionID``. Mitigation: upgrade to `0.7.7` or later.
GHSA-cgxm-vr2f-6fj8 Vulnerability in parse-server (GHSA-cgxm-vr2f-6fj8)
vulnerability in parse-server (GHSA-cgxm-vr2f-6fj8). Risk of unauthorized operations or information disclosure. Exploitable via ``requestComplexity.queryDepth``. Mitigation: upgrade to `8.6.82` or later.
CVE-2026-55832 Path Traversal in tract-onnx (CVE-2026-55832)
path traversal in tract-onnx (CVE-2026-55832). Risk of unauthorized operations or information disclosure. Exploitable via ``tract``. Mitigation: upgrade to `0.23.2` or later.
CVE-2026-55773 Code Injection in com.cedarpolicy:cedar-java (CVE-2026-55773)
code injection in com.cedarpolicy:cedar-java (CVE-2026-55773). Risk of unauthorized operations or information disclosure. Exploitable via ``forbid``. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-55772 Vulnerability in com.cedarpolicy:cedar-java (CVE-2026-55772)
vulnerability in com.cedarpolicy:cedar-java (CVE-2026-55772). Risk of unauthorized operations or information disclosure. Exploitable via ``__entity``. Mitigation: upgrade to `4.9.0` or later.
CVE-2026-55767 Vulnerability in guzzlehttp/guzzle (CVE-2026-55767)
vulnerability in guzzlehttp/guzzle (CVE-2026-55767). Risk of unauthorized operations or information disclosure. Exploitable via ``CookieJar``. Mitigation: upgrade to `7.12.1` or later.
CVE-2026-55766 Vulnerability in guzzlehttp/psr7 (CVE-2026-55766)
vulnerability in guzzlehttp/psr7 (CVE-2026-55766). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `2.12.1` or later.
CVE-2026-55689 Authentication Bypass in github.com/openfga/openfga (CVE-2026-55689)
authentication bypass in github.com/openfga/openfga (CVE-2026-55689). Confidential information can be exposed externally. Exploitable via ``aud``. Mitigation: upgrade to `1.18.0` or later.
CVE-2026-55568 Vulnerability in guzzlehttp/guzzle (CVE-2026-55568)
vulnerability in guzzlehttp/guzzle (CVE-2026-55568). Confidential information can be exposed externally. Exploitable via ``proxy``. Mitigation: upgrade to `7.12.1` or later.
CVE-2026-55414 Vulnerability in nl.nl-portal:form (CVE-2026-55414)
vulnerability in nl.nl-portal:form (CVE-2026-55414). Risk of unauthorized operations or information disclosure. Exploitable via `POST /graphql`. Mitigation: upgrade to `3.0.4.RELEASE` or later.
CVE-2026-55375 Vulnerability in jleehr/canto-saas-api (CVE-2026-55375)
vulnerability in jleehr/canto-saas-api (CVE-2026-55375). Risk of unauthorized operations or information disclosure. Exploitable via ``app_id``. Mitigation: upgrade to `3.0.0` or later.
CVE-2026-9143 Vulnerability in ni (CVE-2026-9143)
vulnerability in ni (CVE-2026-9143). Risk of unauthorized operations or information disclosure.
CVE-2026-9142 Vulnerability in ni (CVE-2026-9142)
vulnerability in ni (CVE-2026-9142). Confidential information can be exposed externally.
CVE-2026-49357 Vulnerability in line-desktop-mcp (CVE-2026-49357)
vulnerability in line-desktop-mcp (CVE-2026-49357). Risk of unauthorized operations or information disclosure. Exploitable via ``fbed0d2d3048e63f48a356a1267ed8ec5e78f3ae``. Mitigation: upgrade to `1.1.2` or later.
CVE-2026-48141 Vulnerability in dos (CVE-2026-48141)
vulnerability in dos (CVE-2026-48141). Risk of unauthorized operations or information disclosure.
CVE-2026-48140 Vulnerability in dos (CVE-2026-48140)
vulnerability in dos (CVE-2026-48140). Risk of unauthorized operations or information disclosure.
CVE-2026-48139 Vulnerability in dos (CVE-2026-48139)
vulnerability in dos (CVE-2026-48139). Risk of unauthorized operations or information disclosure.
CVE-2026-48138 Out-of-Bounds Read in dos (CVE-2026-48138)
vulnerability in dos (CVE-2026-48138). Risk of unauthorized operations or information disclosure.
CVE-2026-48137 Vulnerability in ni (CVE-2026-48137)
vulnerability in ni (CVE-2026-48137). Confidential information can be exposed externally.
CVE-2026-55374 Vulnerability in jleehr/canto-saas-api (CVE-2026-55374)
vulnerability in jleehr/canto-saas-api (CVE-2026-55374). Risk of unauthorized operations or information disclosure. Exploitable via ``GetContentDetailsRequest``. Mitigation: upgrade to `3.0.0` or later.
CVE-2026-55884 Vulnerability in github.com/tilt-dev/tilt (CVE-2026-55884)
vulnerability in github.com/tilt-dev/tilt (CVE-2026-55884). Risk of unauthorized operations or information disclosure. Exploitable via ``cookieWrapper``. Mitigation: upgrade to `0.37.4` or later.
CVE-2026-55883 Vulnerability in github.com/tilt-dev/tilt (CVE-2026-55883)
vulnerability in github.com/tilt-dev/tilt (CVE-2026-55883). Risk of unauthorized operations or information disclosure. Exploitable via ``Origin``. Mitigation: upgrade to `0.37.4` or later.
CVE-2026-55882 Information Disclosure in github.com/tilt-dev/tilt (CVE-2026-55882)
vulnerability in github.com/tilt-dev/tilt (CVE-2026-55882). Risk of unauthorized operations or information disclosure. Exploitable via ``http.DefaultServeMux``. Mitigation: upgrade to `0.37.4` or later.
CVE-2026-54051 OS Command Injection in network-ai (CVE-2026-54051)
OS command injection in network-ai (CVE-2026-54051). Risk of unauthorized operations or information disclosure. Exploitable via ``SandboxPolicy.isCommandAllowed``. Mitigation: upgrade to `5.9.1` or later.
CVE-2026-56142 Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
CVE-2026-56141 Vulnerability in jetbrains (CVE-2026-56141)
vulnerability in jetbrains (CVE-2026-56141). Successful exploitation can lead to full system takeover.
CVE-2026-53915 Vulnerability in jetbrains (CVE-2026-53915)
vulnerability in jetbrains (CVE-2026-53915). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →