Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-56020 |
|
Vulnerability in CVE-2026-56020 (CVE-2026-56020)
vulnerability in CVE-2026-56020 (CVE-2026-56020). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.641` or later.
|
| CVE-2026-54105 |
|
Vulnerability in CVE-2026-54105 (CVE-2026-54105)
vulnerability in CVE-2026-54105 (CVE-2026-54105). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48617 |
|
Vulnerability in CVE-2026-48617 (CVE-2026-48617)
vulnerability in CVE-2026-48617 (CVE-2026-48617). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54103 |
|
Vulnerability in CVE-2026-54103 (CVE-2026-54103)
vulnerability in CVE-2026-54103 (CVE-2026-54103). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38717 |
|
Command Injection in inhandnetworks (CVE-2026-38717)
command injection in inhandnetworks (CVE-2026-38717). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38715 |
|
Command Injection in inhandnetworks (CVE-2026-38715)
command injection in inhandnetworks (CVE-2026-38715). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10687 |
|
Vulnerability in CVE-2026-10687 (CVE-2026-10687)
vulnerability in CVE-2026-10687 (CVE-2026-10687). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11982 |
|
Cross-Site Scripting (XSS) in CVE-2026-11982 (CVE-2026-11982)
cross-site scripting in CVE-2026-11982 (CVE-2026-11982). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-38716 |
|
Command Injection in inhandnetworks (CVE-2026-38716)
command injection in inhandnetworks (CVE-2026-38716). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38714 |
|
Command Injection in inhandnetworks (CVE-2026-38714)
command injection in inhandnetworks (CVE-2026-38714). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48986 |
|
Vulnerability in dos (CVE-2026-48986)
vulnerability in dos (CVE-2026-48986). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48985 |
|
Vulnerability in CVE-2026-48985 (CVE-2026-48985)
vulnerability in CVE-2026-48985 (CVE-2026-48985). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48984 |
|
Vulnerability in CVE-2026-48984 (CVE-2026-48984)
vulnerability in CVE-2026-48984 (CVE-2026-48984). Confidential information can be exposed externally.
|
| CVE-2026-12475 |
|
Vulnerability in CVE-2026-12475 (CVE-2026-12475)
vulnerability in CVE-2026-12475 (CVE-2026-12475). Risk of unauthorized operations or information disclosure.
|
| GHSA-wm69-2pc3-rmmf |
|
SSRF (Server-Side Request Forgery) in crawl4ai (GHSA-wm69-2pc3-rmmf)
SSRF in crawl4ai (GHSA-wm69-2pc3-rmmf). Risk of unauthorized operations or information disclosure. Exploitable via `POST /crawl/stream`. Mitigation: upgrade to `0.9.0` or later.
|
| GHSA-r253-r9jw-qg44 |
|
Vulnerability in crawl4ai (GHSA-r253-r9jw-qg44)
vulnerability in crawl4ai (GHSA-r253-r9jw-qg44). Risk of unauthorized operations or information disclosure. Exploitable via ``browser_config.extra_args``. Mitigation: upgrade to `0.9.0` or later.
|
| GHSA-2jq4-q6vv-4cp3 |
|
Path Traversal in crawl4ai (GHSA-2jq4-q6vv-4cp3)
path traversal in crawl4ai (GHSA-2jq4-q6vv-4cp3). Risk of unauthorized operations or information disclosure. Exploitable via ``AsyncHTTPCrawlerStrategy``. Mitigation: upgrade to `0.9.0` or later.
|
| GHSA-qqf5-x7mj-v43p |
|
SQL Injection in budibase (GHSA-qqf5-x7mj-v43p)
SQL injection in budibase (GHSA-qqf5-x7mj-v43p). Risk of unauthorized operations or information disclosure. Exploitable via ``xp_cmdshell``. Mitigation: upgrade to `3.39.19` or later.
|
| CVE-2026-58399 |
|
Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
|
| CVE-2026-11752 |
|
Vulnerability in com.linecorp.armeria:armeria-xds (CVE-2026-11752)
vulnerability in com.linecorp.armeria:armeria-xds (CVE-2026-11752). Risk of unauthorized operations or information disclosure. Exploitable via ``DataSourceStream``. Mitigation: upgrade to `1.40.0` or later.
|
| GHSA-hxpf-9xvq-wph8 |
|
Path Traversal in netlicensing-mcp (GHSA-hxpf-9xvq-wph8)
path traversal in netlicensing-mcp (GHSA-hxpf-9xvq-wph8). Risk of unauthorized operations or information disclosure. Exploitable via ``netlicensing_get_product``. Mitigation: upgrade to `0.1.8` or later.
|
| GHSA-fq4x-789w-jg5h |
|
Vulnerability in @agenticmail/core (GHSA-fq4x-789w-jg5h)
vulnerability in @agenticmail/core (GHSA-fq4x-789w-jg5h). Risk of unauthorized operations or information disclosure. Exploitable via `POST /mail/inbound`. Mitigation: upgrade to `0.9.43` or later.
|
| GHSA-hjwc-26pj-v3pm |
|
Vulnerability in @agenticmail/api (GHSA-hjwc-26pj-v3pm)
vulnerability in @agenticmail/api (GHSA-hjwc-26pj-v3pm). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/agenticmail/tasks/pending`. Mitigation: upgrade to `0.9.64` or later.
|
| CVE-2026-54683 |
|
Vulnerability in nl.nl-portal:documenten-api (CVE-2026-54683)
vulnerability in nl.nl-portal:documenten-api (CVE-2026-54683). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/documentapi/{documentapi}/document/{documentId}/content`. Mitigation: upgrade to `3.0.1` or later.
|
| CVE-2026-54319 |
|
Path Traversal in github.com/daytonaio/daytona (CVE-2026-54319)
path traversal in github.com/daytonaio/daytona (CVE-2026-54319). Risk of unauthorized operations or information disclosure. Exploitable via ``volumeId``. Mitigation: upgrade to `0.186.0` or later.
|
| CVE-2026-55237 |
|
Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
|
| CVE-2025-32437 |
|
Vulnerability in dos (CVE-2025-32437)
vulnerability in dos (CVE-2025-32437). Risk of unauthorized operations or information disclosure. Exploitable via ``MediaDurationBlock``.
|
| CVE-2025-32436 |
|
Vulnerability in dos (CVE-2025-32436)
vulnerability in dos (CVE-2025-32436). Risk of unauthorized operations or information disclosure. Exploitable via ``AddAudioToVideoBlock``.
|
| CVE-2025-32424 |
|
Vulnerability in dos (CVE-2025-32424)
vulnerability in dos (CVE-2025-32424). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
|
| CVE-2025-32422 |
|
Vulnerability in dos (CVE-2025-32422)
vulnerability in dos (CVE-2025-32422). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
|
| CVE-2025-32392 |
|
Vulnerability in dos (CVE-2025-32392)
vulnerability in dos (CVE-2025-32392). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40624 |
|
Vulnerability in cisa (CVE-2026-40624)
vulnerability in cisa (CVE-2026-40624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8806 |
|
Vulnerability in cisa (CVE-2026-8806)
vulnerability in cisa (CVE-2026-8806). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46580 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-46580)
vulnerability in @theia/ai-chat-ui (CVE-2026-46580). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-44691 |
|
Vulnerability in @theia/debug (CVE-2026-44691)
vulnerability in @theia/debug (CVE-2026-44691). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.69.0` or later.
|
| CVE-2026-44688 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-44688)
vulnerability in @theia/ai-chat-ui (CVE-2026-44688). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-22551 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-22551)
vulnerability in @theia/ai-chat-ui (CVE-2026-22551). Confidential information can be exposed externally. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-11791 |
|
Use-After-Free in dos (CVE-2026-11791)
vulnerability in dos (CVE-2026-11791). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56012 |
|
SQL Injection in sqli (CVE-2026-56012)
SQL injection in sqli (CVE-2026-56012). Confidential information can be exposed externally.
|
| CVE-2026-9158 |
|
Use-After-Free in eclipse (CVE-2026-9158)
vulnerability in eclipse (CVE-2026-9158). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8024 |
|
Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8461 |
|
Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54419 |
|
SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54223 |
|
Path Traversal in path-traversal (CVE-2026-54223)
path traversal in path-traversal (CVE-2026-54223). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54224 |
|
Vulnerability in dos (CVE-2026-54224)
vulnerability in dos (CVE-2026-54224). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56007 |
|
Cross-Site Scripting (XSS) in CVE-2026-56007 (CVE-2026-56007)
cross-site scripting in CVE-2026-56007 (CVE-2026-56007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54219 |
|
Cross-Site Scripting (XSS) in CVE-2026-54219 (CVE-2026-54219)
cross-site scripting in CVE-2026-54219 (CVE-2026-54219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42490 |
|
Vulnerability in flask (CVE-2026-42490)
vulnerability in flask (CVE-2026-42490). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40455 |
|
SQL Injection in sqli (CVE-2026-40455)
SQL injection in sqli (CVE-2026-40455). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56009 |
|
Cross-Site Scripting (XSS) in CVE-2026-56009 (CVE-2026-56009)
cross-site scripting in CVE-2026-56009 (CVE-2026-56009). Risk of unauthorized operations or information disclosure.
|