Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-56020 Vulnerability in CVE-2026-56020 (CVE-2026-56020)
vulnerability in CVE-2026-56020 (CVE-2026-56020). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.641` or later.
CVE-2026-54105 Vulnerability in CVE-2026-54105 (CVE-2026-54105)
vulnerability in CVE-2026-54105 (CVE-2026-54105). Risk of unauthorized operations or information disclosure.
CVE-2026-48617 Vulnerability in CVE-2026-48617 (CVE-2026-48617)
vulnerability in CVE-2026-48617 (CVE-2026-48617). Risk of unauthorized operations or information disclosure.
CVE-2026-54103 Vulnerability in CVE-2026-54103 (CVE-2026-54103)
vulnerability in CVE-2026-54103 (CVE-2026-54103). Successful exploitation can lead to full system takeover.
CVE-2026-38717 Command Injection in inhandnetworks (CVE-2026-38717)
command injection in inhandnetworks (CVE-2026-38717). Successful exploitation can lead to full system takeover.
CVE-2026-38715 Command Injection in inhandnetworks (CVE-2026-38715)
command injection in inhandnetworks (CVE-2026-38715). Successful exploitation can lead to full system takeover.
CVE-2026-10687 Vulnerability in CVE-2026-10687 (CVE-2026-10687)
vulnerability in CVE-2026-10687 (CVE-2026-10687). Risk of unauthorized operations or information disclosure.
CVE-2026-11982 Cross-Site Scripting (XSS) in CVE-2026-11982 (CVE-2026-11982)
cross-site scripting in CVE-2026-11982 (CVE-2026-11982). Risk of unauthorized operations or information disclosure.
CVE-2026-38716 Command Injection in inhandnetworks (CVE-2026-38716)
command injection in inhandnetworks (CVE-2026-38716). Successful exploitation can lead to full system takeover.
CVE-2026-38714 Command Injection in inhandnetworks (CVE-2026-38714)
command injection in inhandnetworks (CVE-2026-38714). Successful exploitation can lead to full system takeover.
CVE-2026-48986 Vulnerability in dos (CVE-2026-48986)
vulnerability in dos (CVE-2026-48986). Risk of unauthorized operations or information disclosure.
CVE-2026-48985 Vulnerability in CVE-2026-48985 (CVE-2026-48985)
vulnerability in CVE-2026-48985 (CVE-2026-48985). Risk of unauthorized operations or information disclosure.
CVE-2026-48984 Vulnerability in CVE-2026-48984 (CVE-2026-48984)
vulnerability in CVE-2026-48984 (CVE-2026-48984). Confidential information can be exposed externally.
CVE-2026-12475 Vulnerability in CVE-2026-12475 (CVE-2026-12475)
vulnerability in CVE-2026-12475 (CVE-2026-12475). Risk of unauthorized operations or information disclosure.
GHSA-wm69-2pc3-rmmf SSRF (Server-Side Request Forgery) in crawl4ai (GHSA-wm69-2pc3-rmmf)
SSRF in crawl4ai (GHSA-wm69-2pc3-rmmf). Risk of unauthorized operations or information disclosure. Exploitable via `POST /crawl/stream`. Mitigation: upgrade to `0.9.0` or later.
GHSA-r253-r9jw-qg44 Vulnerability in crawl4ai (GHSA-r253-r9jw-qg44)
vulnerability in crawl4ai (GHSA-r253-r9jw-qg44). Risk of unauthorized operations or information disclosure. Exploitable via ``browser_config.extra_args``. Mitigation: upgrade to `0.9.0` or later.
GHSA-2jq4-q6vv-4cp3 Path Traversal in crawl4ai (GHSA-2jq4-q6vv-4cp3)
path traversal in crawl4ai (GHSA-2jq4-q6vv-4cp3). Risk of unauthorized operations or information disclosure. Exploitable via ``AsyncHTTPCrawlerStrategy``. Mitigation: upgrade to `0.9.0` or later.
GHSA-qqf5-x7mj-v43p SQL Injection in budibase (GHSA-qqf5-x7mj-v43p)
SQL injection in budibase (GHSA-qqf5-x7mj-v43p). Risk of unauthorized operations or information disclosure. Exploitable via ``xp_cmdshell``. Mitigation: upgrade to `3.39.19` or later.
CVE-2026-58399 Authentication Bypass in @acastellon/auth (CVE-2026-58399)
authentication bypass in @acastellon/auth (CVE-2026-58399). Risk of unauthorized operations or information disclosure. Exploitable via `GET /protected`. Mitigation: upgrade to `2.3.0` or later.
CVE-2026-11752 Vulnerability in com.linecorp.armeria:armeria-xds (CVE-2026-11752)
vulnerability in com.linecorp.armeria:armeria-xds (CVE-2026-11752). Risk of unauthorized operations or information disclosure. Exploitable via ``DataSourceStream``. Mitigation: upgrade to `1.40.0` or later.
GHSA-hxpf-9xvq-wph8 Path Traversal in netlicensing-mcp (GHSA-hxpf-9xvq-wph8)
path traversal in netlicensing-mcp (GHSA-hxpf-9xvq-wph8). Risk of unauthorized operations or information disclosure. Exploitable via ``netlicensing_get_product``. Mitigation: upgrade to `0.1.8` or later.
GHSA-fq4x-789w-jg5h Vulnerability in @agenticmail/core (GHSA-fq4x-789w-jg5h)
vulnerability in @agenticmail/core (GHSA-fq4x-789w-jg5h). Risk of unauthorized operations or information disclosure. Exploitable via `POST /mail/inbound`. Mitigation: upgrade to `0.9.43` or later.
GHSA-hjwc-26pj-v3pm Vulnerability in @agenticmail/api (GHSA-hjwc-26pj-v3pm)
vulnerability in @agenticmail/api (GHSA-hjwc-26pj-v3pm). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/agenticmail/tasks/pending`. Mitigation: upgrade to `0.9.64` or later.
CVE-2026-54683 Vulnerability in nl.nl-portal:documenten-api (CVE-2026-54683)
vulnerability in nl.nl-portal:documenten-api (CVE-2026-54683). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/documentapi/{documentapi}/document/{documentId}/content`. Mitigation: upgrade to `3.0.1` or later.
CVE-2026-54319 Path Traversal in github.com/daytonaio/daytona (CVE-2026-54319)
path traversal in github.com/daytonaio/daytona (CVE-2026-54319). Risk of unauthorized operations or information disclosure. Exploitable via ``volumeId``. Mitigation: upgrade to `0.186.0` or later.
CVE-2026-55237 Vulnerability in CVE-2026-55237 (CVE-2026-55237)
vulnerability in CVE-2026-55237 (CVE-2026-55237). Confidential information can be exposed externally. Exploitable via ``next``.
CVE-2025-32437 Vulnerability in dos (CVE-2025-32437)
vulnerability in dos (CVE-2025-32437). Risk of unauthorized operations or information disclosure. Exploitable via ``MediaDurationBlock``.
CVE-2025-32436 Vulnerability in dos (CVE-2025-32436)
vulnerability in dos (CVE-2025-32436). Risk of unauthorized operations or information disclosure. Exploitable via ``AddAudioToVideoBlock``.
CVE-2025-32424 Vulnerability in dos (CVE-2025-32424)
vulnerability in dos (CVE-2025-32424). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
CVE-2025-32422 Vulnerability in dos (CVE-2025-32422)
vulnerability in dos (CVE-2025-32422). Risk of unauthorized operations or information disclosure. Exploitable via ``StepThroughItemsBlock``.
CVE-2025-32392 Vulnerability in dos (CVE-2025-32392)
vulnerability in dos (CVE-2025-32392). Risk of unauthorized operations or information disclosure.
CVE-2026-40624 Vulnerability in cisa (CVE-2026-40624)
vulnerability in cisa (CVE-2026-40624). Successful exploitation can lead to full system takeover.
CVE-2026-8806 Vulnerability in cisa (CVE-2026-8806)
vulnerability in cisa (CVE-2026-8806). Risk of unauthorized operations or information disclosure.
CVE-2026-46580 Vulnerability in @theia/ai-chat-ui (CVE-2026-46580)
vulnerability in @theia/ai-chat-ui (CVE-2026-46580). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
CVE-2026-44691 Vulnerability in @theia/debug (CVE-2026-44691)
vulnerability in @theia/debug (CVE-2026-44691). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.69.0` or later.
CVE-2026-44688 Vulnerability in @theia/ai-chat-ui (CVE-2026-44688)
vulnerability in @theia/ai-chat-ui (CVE-2026-44688). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
CVE-2026-22551 Vulnerability in @theia/ai-chat-ui (CVE-2026-22551)
vulnerability in @theia/ai-chat-ui (CVE-2026-22551). Confidential information can be exposed externally. Mitigation: upgrade to `1.71.0` or later.
CVE-2026-11791 Use-After-Free in dos (CVE-2026-11791)
vulnerability in dos (CVE-2026-11791). Risk of unauthorized operations or information disclosure.
CVE-2026-56012 SQL Injection in sqli (CVE-2026-56012)
SQL injection in sqli (CVE-2026-56012). Confidential information can be exposed externally.
CVE-2026-9158 Use-After-Free in eclipse (CVE-2026-9158)
vulnerability in eclipse (CVE-2026-9158). Successful exploitation can lead to full system takeover.
CVE-2026-8024 Unsafe Deserialization in deserialization (CVE-2026-8024)
vulnerability in deserialization (CVE-2026-8024). Successful exploitation can lead to full system takeover.
CVE-2026-8461 Out-of-Bounds Write in c (CVE-2026-8461)
out-of-bounds write in c (CVE-2026-8461). Successful exploitation can lead to full system takeover.
CVE-2026-54419 SQL Injection in sqli (CVE-2026-54419)
SQL injection in sqli (CVE-2026-54419). Successful exploitation can lead to full system takeover.
CVE-2026-54223 Path Traversal in path-traversal (CVE-2026-54223)
path traversal in path-traversal (CVE-2026-54223). Risk of unauthorized operations or information disclosure.
CVE-2026-54224 Vulnerability in dos (CVE-2026-54224)
vulnerability in dos (CVE-2026-54224). Risk of unauthorized operations or information disclosure.
CVE-2026-56007 Cross-Site Scripting (XSS) in CVE-2026-56007 (CVE-2026-56007)
cross-site scripting in CVE-2026-56007 (CVE-2026-56007). Risk of unauthorized operations or information disclosure.
CVE-2026-54219 Cross-Site Scripting (XSS) in CVE-2026-54219 (CVE-2026-54219)
cross-site scripting in CVE-2026-54219 (CVE-2026-54219). Risk of unauthorized operations or information disclosure.
CVE-2026-42490 Vulnerability in flask (CVE-2026-42490)
vulnerability in flask (CVE-2026-42490). Risk of unauthorized operations or information disclosure.
CVE-2026-40455 SQL Injection in sqli (CVE-2026-40455)
SQL injection in sqli (CVE-2026-40455). Risk of unauthorized operations or information disclosure.
CVE-2026-56009 Cross-Site Scripting (XSS) in CVE-2026-56009 (CVE-2026-56009)
cross-site scripting in CVE-2026-56009 (CVE-2026-56009). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →