Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54222 |
|
SQL Injection in sqli (CVE-2026-54222)
SQL injection in sqli (CVE-2026-54222). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12527 |
|
Vulnerability in CVE-2026-12527 (CVE-2026-12527)
vulnerability in CVE-2026-12527 (CVE-2026-12527). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42488 |
|
Buffer Overflow in CVE-2026-42488 (CVE-2026-42488)
vulnerability in CVE-2026-42488 (CVE-2026-42488). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54221 |
|
Cross-Site Scripting (XSS) in CVE-2026-54221 (CVE-2026-54221)
cross-site scripting in CVE-2026-54221 (CVE-2026-54221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54220 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-54220)
vulnerability in csrf (CVE-2026-54220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40457 |
|
Cross-Site Scripting (XSS) in CVE-2026-40457 (CVE-2026-40457)
cross-site scripting in CVE-2026-40457 (CVE-2026-40457). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42489 |
|
Vulnerability in flask (CVE-2026-42489)
vulnerability in flask (CVE-2026-42489). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44942 |
|
Vulnerability in path-traversal (CVE-2026-44942)
vulnerability in path-traversal (CVE-2026-44942). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12039 |
|
Vulnerability in CVE-2026-12039 (CVE-2026-12039)
vulnerability in CVE-2026-12039 (CVE-2026-12039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11719 |
|
Vulnerability in github.com/googleapis/mcp-toolbox (CVE-2026-11719)
vulnerability in github.com/googleapis/mcp-toolbox (CVE-2026-11719). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-42487 |
|
Vulnerability in c (CVE-2026-42487)
vulnerability in c (CVE-2026-42487). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12539 |
|
Vulnerability in CVE-2026-12539 (CVE-2026-12539)
vulnerability in CVE-2026-12539 (CVE-2026-12539). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40456 |
|
OS Command Injection in CVE-2026-40456 (CVE-2026-40456)
OS command injection in CVE-2026-40456 (CVE-2026-40456). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11718 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11718). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-2021 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-2021)
cross-site scripting in wordpress (CVE-2026-2021). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8811 |
|
Path Traversal in CVE-2026-8811 (CVE-2026-8811)
path traversal in CVE-2026-8811 (CVE-2026-8811). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10560 |
|
Vulnerability in CVE-2025-10560 (CVE-2025-10560)
vulnerability in CVE-2025-10560 (CVE-2025-10560). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8039 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-8039)
cross-site scripting in wordpress (CVE-2026-8039). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50643 |
|
Out-of-Bounds Read in CVE-2026-50643 (CVE-2026-50643)
vulnerability in CVE-2026-50643 (CVE-2026-50643). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11717 |
|
Authentication Bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717)
authentication bypass in github.com/googleapis/mcp-toolbox (CVE-2026-11717). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-55170 |
|
Vulnerability in github.com/openfga/openfga (CVE-2026-55170)
vulnerability in github.com/openfga/openfga (CVE-2026-55170). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.18.0` or later.
|
| CVE-2026-55093 |
|
Out-of-Bounds Read in tract-nnef (CVE-2026-55093)
vulnerability in tract-nnef (CVE-2026-55093). Risk of unauthorized operations or information disclosure. Exploitable via ``DatLoader``. Mitigation: upgrade to `0.21.16` or later.
|
| CVE-2026-54711 |
|
Vulnerability in pghoard (CVE-2026-54711)
vulnerability in pghoard (CVE-2026-54711). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54695 |
|
Vulnerability in pipecat-ai (CVE-2026-54695)
vulnerability in pipecat-ai (CVE-2026-54695). Risk of unauthorized operations or information disclosure. Exploitable via `POST /start`. Mitigation: upgrade to `1.4.0` or later.
|
| CVE-2026-55701 |
|
Authorization Flaw in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/githubreceiver (CVE-2026-55701)
vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/githubreceiver (CVE-2026-55701). Risk of unauthorized operations or information disclosure. Exploitable via ``required_headers``. Mitigation: upgrade to `0.151.0` or later.
|
| CVE-2026-54005 |
|
Vulnerability in getkirby/cms (CVE-2026-54005)
vulnerability in getkirby/cms (CVE-2026-54005). Risk of unauthorized operations or information disclosure. Exploitable via ``pages.access``. Mitigation: upgrade to `5.4.4` or later.
|
| CVE-2026-54004 |
|
Vulnerability in getkirby/cms (CVE-2026-54004)
vulnerability in getkirby/cms (CVE-2026-54004). Risk of unauthorized operations or information disclosure. Exploitable via ``content.fileRedirects``. Mitigation: upgrade to `5.4.4` or later.
|
| CVE-2026-54003 |
|
Vulnerability in getkirby/cms (CVE-2026-54003)
vulnerability in getkirby/cms (CVE-2026-54003). Risk of unauthorized operations or information disclosure. Exploitable via ``panel.install``. Mitigation: upgrade to `5.4.4` or later.
|
| CVE-2026-54002 |
|
Cross-Site Scripting (XSS) in getkirby/cms (CVE-2026-54002)
cross-site scripting in getkirby/cms (CVE-2026-54002). Risk of unauthorized operations or information disclosure. Exploitable via ``writer``. Mitigation: upgrade to `5.4.4` or later.
|
| CVE-2026-50188 |
|
Vulnerability in getkirby/cms (CVE-2026-50188)
vulnerability in getkirby/cms (CVE-2026-50188). Risk of unauthorized operations or information disclosure. Exploitable via ``headers``. Mitigation: upgrade to `5.4.4` or later.
|
| CVE-2026-49276 |
|
Vulnerability in getkirby/cms (CVE-2026-49276)
vulnerability in getkirby/cms (CVE-2026-49276). Risk of unauthorized operations or information disclosure. Exploitable via ``writer``. Mitigation: upgrade to `5.4.4` or later.
|
| CVE-2026-49274 |
|
Vulnerability in getkirby/cms (CVE-2026-49274)
vulnerability in getkirby/cms (CVE-2026-49274). Risk of unauthorized operations or information disclosure. Exploitable via ``pages``. Mitigation: upgrade to `5.4.4` or later.
|
| CVE-2026-47256 |
|
Path Traversal in github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter (CVE-2026-47256)
path traversal in github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter (CVE-2026-47256). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.154.0` or later.
|
| CVE-2026-44727 |
|
Cross-Site Scripting (XSS) in jupyter-server (CVE-2026-44727)
cross-site scripting in jupyter-server (CVE-2026-44727). Risk of unauthorized operations or information disclosure. Exploitable via ``nbconvert.HTMLExporter``. Mitigation: upgrade to `2.20.0` or later.
|
| CVE-2026-12567 |
|
Vulnerability in bbot (CVE-2026-12567)
vulnerability in bbot (CVE-2026-12567). Risk of unauthorized operations or information disclosure. Exploitable via ``github_workflows``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-12568 |
|
Path Traversal in bbot (CVE-2026-12568)
path traversal in bbot (CVE-2026-12568). Data can be tampered with by attackers. Exploitable via ``postman_download``. Mitigation: upgrade to `2.8.6` or later.
|
| CVE-2026-12566 |
|
SSRF (Server-Side Request Forgery) in bbot (CVE-2026-12566)
SSRF in bbot (CVE-2026-12566). Risk of unauthorized operations or information disclosure. Exploitable via ``docker_pull``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-12565 |
|
Path Traversal in bbot (CVE-2026-12565)
path traversal in bbot (CVE-2026-12565). Data can be tampered with by attackers. Exploitable via ``unarchive``. Mitigation: upgrade to `2.8.5` or later.
|
| CVE-2026-55890 |
|
Cross-Site Scripting (XSS) in getgrav/grav (CVE-2026-55890)
cross-site scripting in getgrav/grav (CVE-2026-55890). Risk of unauthorized operations or information disclosure. Exploitable via ``style``. Mitigation: upgrade to `2.0.0-rc.9` or later.
|
| GHSA-2fjj-qqg8-fg7x |
|
Vulnerability in praisonai-platform (GHSA-2fjj-qqg8-fg7x)
vulnerability in praisonai-platform (GHSA-2fjj-qqg8-fg7x). Risk of unauthorized operations or information disclosure. Exploitable via `GET /workspaces/W_A/projects/P_A/stats`. Mitigation: upgrade to `0.1.4` or later.
|
| CVE-2026-55885 |
|
Vulnerability in getgrav/grav (CVE-2026-55885)
vulnerability in getgrav/grav (CVE-2026-55885). Confidential information can be exposed externally. Exploitable via ``root``. Mitigation: upgrade to `1.7.53` or later.
|
| GHSA-j99q-93c9-h869 |
|
Vulnerability in @bitbonsai/mcpvault (GHSA-j99q-93c9-h869)
vulnerability in @bitbonsai/mcpvault (GHSA-j99q-93c9-h869). Risk of unauthorized operations or information disclosure. Exploitable via ``node_modules``. Mitigation: upgrade to `0.11.4` or later.
|
| GHSA-jm82-fx9c-mx94 |
|
Vulnerability in pypdf (GHSA-jm82-fx9c-mx94)
vulnerability in pypdf (GHSA-jm82-fx9c-mx94). Risk of unauthorized operations or information disclosure. Exploitable via ``MAX_DECLARED_STREAM_LENGTH``. Mitigation: upgrade to `6.13.3` or later.
|
| CVE-2026-55686 |
|
Vulnerability in github.com/containers/podman/v5 (CVE-2026-55686)
vulnerability in github.com/containers/podman/v5 (CVE-2026-55686). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.7.1` or later.
|
| GHSA-p6gq-j5cr-w38f |
|
Vulnerability in nodemailer (GHSA-p6gq-j5cr-w38f)
vulnerability in nodemailer (GHSA-p6gq-j5cr-w38f). Risk of unauthorized operations or information disclosure. Exploitable via ``raw``. Mitigation: upgrade to `9.0.1` or later.
|
| GHSA-cmwh-pvxp-8882 |
|
Cross-Site Scripting (XSS) in dompurify (GHSA-cmwh-pvxp-8882)
cross-site scripting in dompurify (GHSA-cmwh-pvxp-8882). Risk of unauthorized operations or information disclosure. Exploitable via ``uponSanitizeAttribute``. Mitigation: upgrade to `3.4.11` or later.
|
| GHSA-cwj8-7gp2-ggcw |
|
Vulnerability in praisonai-platform (GHSA-cwj8-7gp2-ggcw)
vulnerability in praisonai-platform (GHSA-cwj8-7gp2-ggcw). Risk of unauthorized operations or information disclosure. Exploitable via ``PLATFORM_JWT_SECRET``. Mitigation: upgrade to `0.1.6` or later.
|
| GHSA-6jcq-6546-qrrw |
|
Vulnerability in praisonai (GHSA-6jcq-6546-qrrw)
vulnerability in praisonai (GHSA-6jcq-6546-qrrw). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai.sandbox.SandlockSandbox``. Mitigation: upgrade to `4.6.61` or later.
|
| GHSA-8ccj-p46r-jwqq |
|
Authentication Bypass in praisonai (GHSA-8ccj-p46r-jwqq)
authentication bypass in praisonai (GHSA-8ccj-p46r-jwqq). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/agents/any-agent/invoke`. Mitigation: upgrade to `4.6.61` or later.
|
| GHSA-4pcv-mg8v-vrgf |
|
Vulnerability in praisonaiagents (GHSA-4pcv-mg8v-vrgf)
vulnerability in praisonaiagents (GHSA-4pcv-mg8v-vrgf). Risk of unauthorized operations or information disclosure. Exploitable via ``search_web``. Mitigation: upgrade to `1.6.61` or later.
|