Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54764 |
|
Vulnerability in traefik (CVE-2026-54764)
vulnerability in traefik (CVE-2026-54764). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54763 |
|
Vulnerability in traefik (CVE-2026-54763)
vulnerability in traefik (CVE-2026-54763). Confidential information can be exposed externally.
|
| CVE-2026-54709 |
|
Vulnerability in CVE-2026-54709 (CVE-2026-54709)
vulnerability in CVE-2026-54709 (CVE-2026-54709). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54234 |
|
Vulnerability in dos (CVE-2026-54234)
vulnerability in dos (CVE-2026-54234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42341 |
|
Vulnerability in CVE-2026-42341 (CVE-2026-42341)
vulnerability in CVE-2026-42341 (CVE-2026-42341). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42331 |
|
Vulnerability in CVE-2026-42331 (CVE-2026-42331)
vulnerability in CVE-2026-42331 (CVE-2026-42331). Risk of unauthorized operations or information disclosure. Exploitable via ``gateway_id``.
|
| CVE-2026-34038 |
|
OS Command Injection in CVE-2026-34038 (CVE-2026-34038)
OS command injection in CVE-2026-34038 (CVE-2026-34038). Successful exploitation can lead to full system takeover.
|
| CVE-2026-33734 |
|
SQL Injection in sqli (CVE-2026-33734)
SQL injection in sqli (CVE-2026-33734). Risk of unauthorized operations or information disclosure. Exploitable via ``Massmailer``.
|
| CVE-2026-55438 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55438)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55438). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55426 |
|
OS Command Injection in linuxfabrik-lib (CVE-2026-55426)
OS command injection in linuxfabrik-lib (CVE-2026-55426). Risk of unauthorized operations or information disclosure. Exploitable via ``shell_exec``. Mitigation: upgrade to `5.0.0` or later.
|
| CVE-2026-55437 |
|
Cross-Site Scripting (XSS) in github.com/coder/coder/v2 (CVE-2026-55437)
cross-site scripting in github.com/coder/coder/v2 (CVE-2026-55437). Risk of unauthorized operations or information disclosure. Exploitable via ``AgentLogLine``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55436 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55436)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55436). Confidential information can be exposed externally. Exploitable via ``aibridgeproxyd``. Mitigation: upgrade to `2.32.7` or later.
|
| CVE-2026-55435 |
|
Authorization Flaw in github.com/coder/coder/v2 (CVE-2026-55435)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55435). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /api/v2/users/{user}/keys`. Mitigation: upgrade to `2.32.7` or later.
|
| CVE-2026-55434 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55434)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55434). Risk of unauthorized operations or information disclosure. Exploitable via ``io.ReadAll``. Mitigation: upgrade to `2.33.8` or later.
|
| CVE-2026-55433 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55433)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55433). Risk of unauthorized operations or information disclosure. Exploitable via ``ActionRead``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55432 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55432)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55432). Risk of unauthorized operations or information disclosure. Exploitable via ``CreateSubAgent``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55431 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55431)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55431). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55078 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55078)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55078). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/files`. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55430 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55430)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55430). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55428 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55428)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55428). Confidential information can be exposed externally. Exploitable via ``Addresses``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55429 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55429)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55429). Confidential information can be exposed externally. Exploitable via ``UpsertWorkspaceApp``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55079 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55079)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55079). Risk of unauthorized operations or information disclosure. Exploitable via ``NewDataBuilder``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55427 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55427)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55427). Successful exploitation can lead to full system takeover. Exploitable via ``HostnameSuffix``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55077 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55077)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55077). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v2/users/{user}/password`. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55075 |
|
Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55075)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55075). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55076 |
|
Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55076)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55076). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-54640 |
|
XXE (XML External Entity) in io.openremote:openremote-agent (CVE-2026-54640)
vulnerability in io.openremote:openremote-agent (CVE-2026-54640). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/{realm}/agent/{agentId}/import`. Mitigation: upgrade to `1.24.2` or later.
|
| CVE-2026-54641 |
|
Vulnerability in io.openremote:openremote-manager (CVE-2026-54641)
vulnerability in io.openremote:openremote-manager (CVE-2026-54641). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.2` or later.
|
| CVE-2026-53935 |
|
Authorization Flaw in github.com/cilium/cilium (CVE-2026-53935)
vulnerability in github.com/cilium/cilium (CVE-2026-53935). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.17.16` or later.
|
| CVE-2026-53624 |
|
Vulnerability in github.com/gofiber/fiber (CVE-2026-53624)
vulnerability in github.com/gofiber/fiber (CVE-2026-53624). Risk of unauthorized operations or information disclosure. Exploitable via ``helmet``. Mitigation: upgrade to `3.4.0` or later.
|
| CVE-2026-54771 |
|
Vulnerability in langroid (CVE-2026-54771)
vulnerability in langroid (CVE-2026-54771). Risk of unauthorized operations or information disclosure. Exploitable via ``Entity.USER``. Mitigation: upgrade to `0.65.3` or later.
|
| CVE-2026-54769 |
|
Code Injection in langroid (CVE-2026-54769)
code injection in langroid (CVE-2026-54769). Risk of unauthorized operations or information disclosure. Exploitable via ``TableChatAgent``. Mitigation: upgrade to `0.65.2` or later.
|
| CVE-2026-54760 |
|
Path Traversal in langroid (CVE-2026-54760)
path traversal in langroid (CVE-2026-54760). Risk of unauthorized operations or information disclosure. Exploitable via ``_validate_query``. Mitigation: upgrade to `0.65.1` or later.
|
| CVE-2026-54637 |
|
SSRF (Server-Side Request Forgery) in d7y.io/dragonfly/v2 (CVE-2026-54637)
SSRF in d7y.io/dragonfly/v2 (CVE-2026-54637). Risk of unauthorized operations or information disclosure. Exploitable via `GET /download/dea/deadbeefcafebabedeadbeefcafebabedeadbeefcafebabedeadbeefcafebabe`. Mitigation: upgrade to `2.4.4-rc.3` or later.
|
| CVE-2026-53759 |
|
Vulnerability in linuxfabrik-lib (CVE-2026-53759)
vulnerability in linuxfabrik-lib (CVE-2026-53759). Risk of unauthorized operations or information disclosure. Exploitable via ``PrivateTemp``. Mitigation: upgrade to `4.2.0` or later.
|
| GHSA-x76w-8c62-48mg |
|
Information Disclosure in craftcms/cms (GHSA-x76w-8c62-48mg)
vulnerability in craftcms/cms (GHSA-x76w-8c62-48mg). Risk of unauthorized operations or information disclosure. Exploitable via ``assetId``. Mitigation: upgrade to `5.9.14` or later.
|
| CVE-2026-53486 |
|
Path Traversal in @xhmikosr/decompress (CVE-2026-53486)
path traversal in @xhmikosr/decompress (CVE-2026-53486). Risk of unauthorized operations or information disclosure. Exploitable via ``path.relative``. Mitigation: upgrade to `11.1.3` or later.
|
| CVE-2026-35366 |
|
Vulnerability in uu_printenv (CVE-2026-35366)
vulnerability in uu_printenv (CVE-2026-35366). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.0` or later.
|
| CVE-2026-35362 |
|
Vulnerability in uucore (CVE-2026-35362)
vulnerability in uucore (CVE-2026-35362). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.0` or later.
|
| CVE-2026-35365 |
|
Vulnerability in uu_mv (CVE-2026-35365)
vulnerability in uu_mv (CVE-2026-35365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0` or later.
|
| CVE-2026-35358 |
|
Vulnerability in uu_cp (CVE-2026-35358)
vulnerability in uu_cp (CVE-2026-35358). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0` or later.
|
| CVE-2026-35347 |
|
Vulnerability in uu_comm (CVE-2026-35347)
vulnerability in uu_comm (CVE-2026-35347). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.0` or later.
|
| CVE-2026-59089 |
|
Vulnerability in dos (CVE-2026-59089)
vulnerability in dos (CVE-2026-59089). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58404 |
|
SSRF (Server-Side Request Forgery) in gohugo (CVE-2026-58404)
SSRF in gohugo (CVE-2026-58404). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
|
| CVE-2026-58403 |
|
Vulnerability in gohugo (CVE-2026-58403)
vulnerability in gohugo (CVE-2026-58403). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
|
| CVE-2026-58402 |
|
Cross-Site Scripting (XSS) in gohugo (CVE-2026-58402)
cross-site scripting in gohugo (CVE-2026-58402). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.163.3` or later.
|
| CVE-2026-55646 |
|
Vulnerability in vllm (CVE-2026-55646)
vulnerability in vllm (CVE-2026-55646). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53763 |
|
Vulnerability in trustedfirmware (CVE-2026-53763)
vulnerability in trustedfirmware (CVE-2026-53763). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44362 |
|
Vulnerability in c (CVE-2026-44362)
vulnerability in c (CVE-2026-44362). Data can be tampered with by attackers. Exploitable via ``subkey_version``.
|
| CVE-2026-42546 |
|
Vulnerability in c (CVE-2026-42546)
vulnerability in c (CVE-2026-42546). Risk of unauthorized operations or information disclosure. Exploitable via ``OPTEE_MSG_ATTR_TYPE_MASK``.
|