Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49231 |
|
Vulnerability in apache (CVE-2026-49231)
vulnerability in apache (CVE-2026-49231). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48895 |
|
Open Redirect in apache (CVE-2026-48895)
vulnerability in apache (CVE-2026-48895). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4026 |
|
Vulnerability in CVE-2026-4026 (CVE-2026-4026)
vulnerability in CVE-2026-4026 (CVE-2026-4026). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49871 |
|
Cross-Site Request Forgery (CSRF) in apache (CVE-2026-49871)
vulnerability in apache (CVE-2026-49871). Confidential information can be exposed externally.
|
| CVE-2026-4027 |
|
Vulnerability in CVE-2026-4027 (CVE-2026-4027)
vulnerability in CVE-2026-4027 (CVE-2026-4027). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49872 |
|
Authentication Bypass in apache (CVE-2026-49872)
authentication bypass in apache (CVE-2026-49872). Confidential information can be exposed externally.
|
| CVE-2026-39998 |
|
Vulnerability in apache (CVE-2026-39998)
vulnerability in apache (CVE-2026-39998). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44046 |
|
Vulnerability in apache (CVE-2026-44046)
vulnerability in apache (CVE-2026-44046). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44915 |
|
Open Redirect in apache (CVE-2026-44915)
vulnerability in apache (CVE-2026-44915). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47339 |
|
Authorization Flaw in apache (CVE-2026-47339)
vulnerability in apache (CVE-2026-47339). Confidential information can be exposed externally.
|
| CVE-2026-39999 |
|
Vulnerability in apache (CVE-2026-39999)
vulnerability in apache (CVE-2026-39999). Confidential information can be exposed externally.
|
| CVE-2026-47341 |
|
Vulnerability in apache (CVE-2026-47341)
vulnerability in apache (CVE-2026-47341). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44087 |
|
Vulnerability in apache (CVE-2026-44087)
vulnerability in apache (CVE-2026-44087). Confidential information can be exposed externally.
|
| CVE-2026-12104 |
|
OS Command Injection in CVE-2026-12104 (CVE-2026-12104)
OS command injection in CVE-2026-12104 (CVE-2026-12104). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62821 |
|
Out-of-Bounds Read in microsoft (CVE-2025-62821)
vulnerability in microsoft (CVE-2025-62821). Confidential information can be exposed externally.
|
| CVE-2026-49358 |
|
Vulnerability in pontedilana/php-weasyprint (CVE-2026-49358)
vulnerability in pontedilana/php-weasyprint (CVE-2026-49358). Risk of unauthorized operations or information disclosure. Exploitable via ``realpath``. Mitigation: upgrade to `2.6.0` or later.
|
| GHSA-vcv2-r9jh-99m5 |
|
OS Command Injection in agentic-flow (GHSA-vcv2-r9jh-99m5)
OS command injection in agentic-flow (GHSA-vcv2-r9jh-99m5). Risk of unauthorized operations or information disclosure. Exploitable via ``agent``. Mitigation: upgrade to `2.0.14` or later.
|
| GHSA-jv2h-4p9v-wf5w |
|
Vulnerability in ouroboros-ai (GHSA-jv2h-4p9v-wf5w)
vulnerability in ouroboros-ai (GHSA-jv2h-4p9v-wf5w). Risk of unauthorized operations or information disclosure. Exploitable via ``_UNTRUSTED_ENV_DENYLIST``. Mitigation: upgrade to `0.42.1` or later.
|
| GHSA-vmhf-c436-hxj4 |
|
Vulnerability in jupyterlab (GHSA-vmhf-c436-hxj4)
vulnerability in jupyterlab (GHSA-vmhf-c436-hxj4). Risk of unauthorized operations or information disclosure. Exploitable via ``homepage_url``. Mitigation: upgrade to `4.5.9` or later.
|
| GHSA-2rm3-333w-xvc4 |
|
Unrestricted File Upload in DotVVM (GHSA-2rm3-333w-xvc4)
vulnerability in DotVVM (GHSA-2rm3-333w-xvc4). Risk of unauthorized operations or information disclosure. Exploitable via ``AddUploadedFileStorage``. Mitigation: upgrade to `5.0.0-preview09-final` or later.
|
| GHSA-c8qj-jx8j-fg2w |
|
Vulnerability in DotVVM (GHSA-c8qj-jx8j-fg2w)
vulnerability in DotVVM (GHSA-c8qj-jx8j-fg2w). Risk of unauthorized operations or information disclosure. Exploitable via ``AuthorizeActionFilter``. Mitigation: upgrade to `5.0.0-preview09-final` or later.
|
| GHSA-c2g3-c4gc-w5wg |
|
Vulnerability in DotVVM (GHSA-c2g3-c4gc-w5wg)
vulnerability in DotVVM (GHSA-c2g3-c4gc-w5wg). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.0-preview09-final` or later.
|
| GHSA-wg5p-8h9p-3mr7 |
|
OS Command Injection in agent-coderag (GHSA-wg5p-8h9p-3mr7)
OS command injection in agent-coderag (GHSA-wg5p-8h9p-3mr7). Risk of unauthorized operations or information disclosure. Exploitable via ``gradlew``. Mitigation: upgrade to `1.3.1` or later.
|
| GHSA-2h46-9x5w-4wf7 |
|
Path Traversal in github.com/entireio/cli (GHSA-2h46-9x5w-4wf7)
path traversal in github.com/entireio/cli (GHSA-2h46-9x5w-4wf7). Risk of unauthorized operations or information disclosure. Exploitable via ``SessionID``. Mitigation: upgrade to `0.7.7` or later.
|
| GHSA-cgxm-vr2f-6fj8 |
|
Vulnerability in parse-server (GHSA-cgxm-vr2f-6fj8)
vulnerability in parse-server (GHSA-cgxm-vr2f-6fj8). Risk of unauthorized operations or information disclosure. Exploitable via ``requestComplexity.queryDepth``. Mitigation: upgrade to `8.6.82` or later.
|
| CVE-2026-55832 |
|
Path Traversal in tract-onnx (CVE-2026-55832)
path traversal in tract-onnx (CVE-2026-55832). Risk of unauthorized operations or information disclosure. Exploitable via ``tract``. Mitigation: upgrade to `0.23.2` or later.
|
| CVE-2026-55773 |
|
Code Injection in com.cedarpolicy:cedar-java (CVE-2026-55773)
code injection in com.cedarpolicy:cedar-java (CVE-2026-55773). Risk of unauthorized operations or information disclosure. Exploitable via ``forbid``. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-55772 |
|
Vulnerability in com.cedarpolicy:cedar-java (CVE-2026-55772)
vulnerability in com.cedarpolicy:cedar-java (CVE-2026-55772). Risk of unauthorized operations or information disclosure. Exploitable via ``__entity``. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-55767 |
|
Vulnerability in guzzlehttp/guzzle (CVE-2026-55767)
vulnerability in guzzlehttp/guzzle (CVE-2026-55767). Risk of unauthorized operations or information disclosure. Exploitable via ``CookieJar``. Mitigation: upgrade to `7.12.1` or later.
|
| CVE-2026-55766 |
|
Vulnerability in guzzlehttp/psr7 (CVE-2026-55766)
vulnerability in guzzlehttp/psr7 (CVE-2026-55766). Risk of unauthorized operations or information disclosure. Exploitable via ``Request``. Mitigation: upgrade to `2.12.1` or later.
|
| CVE-2026-55689 |
|
Authentication Bypass in github.com/openfga/openfga (CVE-2026-55689)
authentication bypass in github.com/openfga/openfga (CVE-2026-55689). Confidential information can be exposed externally. Exploitable via ``aud``. Mitigation: upgrade to `1.18.0` or later.
|
| CVE-2026-55568 |
|
Vulnerability in guzzlehttp/guzzle (CVE-2026-55568)
vulnerability in guzzlehttp/guzzle (CVE-2026-55568). Confidential information can be exposed externally. Exploitable via ``proxy``. Mitigation: upgrade to `7.12.1` or later.
|
| CVE-2026-55414 |
|
Vulnerability in nl.nl-portal:form (CVE-2026-55414)
vulnerability in nl.nl-portal:form (CVE-2026-55414). Risk of unauthorized operations or information disclosure. Exploitable via `POST /graphql`. Mitigation: upgrade to `3.0.4.RELEASE` or later.
|
| CVE-2026-55375 |
|
Vulnerability in jleehr/canto-saas-api (CVE-2026-55375)
vulnerability in jleehr/canto-saas-api (CVE-2026-55375). Risk of unauthorized operations or information disclosure. Exploitable via ``app_id``. Mitigation: upgrade to `3.0.0` or later.
|
| CVE-2026-9143 |
|
Vulnerability in ni (CVE-2026-9143)
vulnerability in ni (CVE-2026-9143). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9142 |
|
Vulnerability in ni (CVE-2026-9142)
vulnerability in ni (CVE-2026-9142). Confidential information can be exposed externally.
|
| CVE-2026-49357 |
|
Vulnerability in line-desktop-mcp (CVE-2026-49357)
vulnerability in line-desktop-mcp (CVE-2026-49357). Risk of unauthorized operations or information disclosure. Exploitable via ``fbed0d2d3048e63f48a356a1267ed8ec5e78f3ae``. Mitigation: upgrade to `1.1.2` or later.
|
| CVE-2026-48141 |
|
Vulnerability in dos (CVE-2026-48141)
vulnerability in dos (CVE-2026-48141). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48140 |
|
Vulnerability in dos (CVE-2026-48140)
vulnerability in dos (CVE-2026-48140). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48139 |
|
Vulnerability in dos (CVE-2026-48139)
vulnerability in dos (CVE-2026-48139). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48138 |
|
Out-of-Bounds Read in dos (CVE-2026-48138)
vulnerability in dos (CVE-2026-48138). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48137 |
|
Vulnerability in ni (CVE-2026-48137)
vulnerability in ni (CVE-2026-48137). Confidential information can be exposed externally.
|
| CVE-2026-55374 |
|
Vulnerability in jleehr/canto-saas-api (CVE-2026-55374)
vulnerability in jleehr/canto-saas-api (CVE-2026-55374). Risk of unauthorized operations or information disclosure. Exploitable via ``GetContentDetailsRequest``. Mitigation: upgrade to `3.0.0` or later.
|
| CVE-2026-55884 |
|
Vulnerability in github.com/tilt-dev/tilt (CVE-2026-55884)
vulnerability in github.com/tilt-dev/tilt (CVE-2026-55884). Risk of unauthorized operations or information disclosure. Exploitable via ``cookieWrapper``. Mitigation: upgrade to `0.37.4` or later.
|
| CVE-2026-55883 |
|
Vulnerability in github.com/tilt-dev/tilt (CVE-2026-55883)
vulnerability in github.com/tilt-dev/tilt (CVE-2026-55883). Risk of unauthorized operations or information disclosure. Exploitable via ``Origin``. Mitigation: upgrade to `0.37.4` or later.
|
| CVE-2026-55882 |
|
Information Disclosure in github.com/tilt-dev/tilt (CVE-2026-55882)
vulnerability in github.com/tilt-dev/tilt (CVE-2026-55882). Risk of unauthorized operations or information disclosure. Exploitable via ``http.DefaultServeMux``. Mitigation: upgrade to `0.37.4` or later.
|
| CVE-2026-54051 |
|
OS Command Injection in network-ai (CVE-2026-54051)
OS command injection in network-ai (CVE-2026-54051). Risk of unauthorized operations or information disclosure. Exploitable via ``SandboxPolicy.isCommandAllowed``. Mitigation: upgrade to `5.9.1` or later.
|
| CVE-2026-56142 |
|
Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56141 |
|
Vulnerability in jetbrains (CVE-2026-56141)
vulnerability in jetbrains (CVE-2026-56141). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53915 |
|
Vulnerability in jetbrains (CVE-2026-53915)
vulnerability in jetbrains (CVE-2026-53915). Risk of unauthorized operations or information disclosure.
|