Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| GHSA-4869-x4pr-q22x |
|
Vulnerability in praisonai (GHSA-4869-x4pr-q22x)
vulnerability in praisonai (GHSA-4869-x4pr-q22x). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/runs`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-p4pj-vh7h-6cqh |
|
Path Traversal in praisonai (GHSA-p4pj-vh7h-6cqh)
path traversal in praisonai (GHSA-p4pj-vh7h-6cqh). Risk of unauthorized operations or information disclosure. Exploitable via ``agent_file``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-x227-pf99-vffg |
|
Vulnerability in praisonaiagents (GHSA-x227-pf99-vffg)
vulnerability in praisonaiagents (GHSA-x227-pf99-vffg). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-pv2j-rghr-v5r9 |
|
Vulnerability in praisonaiagents (GHSA-pv2j-rghr-v5r9)
vulnerability in praisonaiagents (GHSA-pv2j-rghr-v5r9). Risk of unauthorized operations or information disclosure. Exploitable via ``execute_code``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-6h9p-93hq-q7h6 |
|
SSRF (Server-Side Request Forgery) in praisonaiagents (GHSA-6h9p-93hq-q7h6)
SSRF in praisonaiagents (GHSA-6h9p-93hq-q7h6). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-w6h2-fr4q-xvxv |
|
OS Command Injection in praisonai (GHSA-w6h2-fr4q-xvxv)
OS command injection in praisonai (GHSA-w6h2-fr4q-xvxv). Risk of unauthorized operations or information disclosure. Exploitable via ``LocalManagedAgent``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-v847-hxxw-3pxg |
|
OS Command Injection in praisonai (GHSA-v847-hxxw-3pxg)
OS command injection in praisonai (GHSA-v847-hxxw-3pxg). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/recipes/stream`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-63v4-w882-g4x2 |
|
Cross-Site Scripting (XSS) in praisonai (GHSA-63v4-w882-g4x2)
cross-site scripting in praisonai (GHSA-63v4-w882-g4x2). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai.bots.HTTPApproval``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-fc26-m9pf-v56q |
|
Authentication Bypass in praisonai (GHSA-fc26-m9pf-v56q)
authentication bypass in praisonai (GHSA-fc26-m9pf-v56q). Risk of unauthorized operations or information disclosure. Exploitable via ``LINEAR_WEBHOOK_SECRET``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-j7qx-p75m-wp7g |
|
Path Traversal in praisonai (GHSA-j7qx-p75m-wp7g)
path traversal in praisonai (GHSA-j7qx-p75m-wp7g). Risk of unauthorized operations or information disclosure. Exploitable via ``artifact_tail``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-qvpf-j64c-jmhr |
|
Vulnerability in praisonai (GHSA-qvpf-j64c-jmhr)
vulnerability in praisonai (GHSA-qvpf-j64c-jmhr). Risk of unauthorized operations or information disclosure. Exploitable via ``app_mention``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-5qw8-f2g9-ff29 |
|
Authentication Bypass in praisonai (GHSA-5qw8-f2g9-ff29)
authentication bypass in praisonai (GHSA-5qw8-f2g9-ff29). Risk of unauthorized operations or information disclosure. Exploitable via `GET /v1/recipes`. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-vmf9-xx9w-86wx |
|
Vulnerability in praisonaiagents (GHSA-vmf9-xx9w-86wx)
vulnerability in praisonaiagents (GHSA-vmf9-xx9w-86wx). Risk of unauthorized operations or information disclosure. Exploitable via ``mcp.server.sse.SseServerTransport``. Mitigation: upgrade to `1.6.59` or later.
|
| GHSA-22cj-m4wf-fv2c |
|
Path Traversal in praisonai (GHSA-22cj-m4wf-fv2c)
path traversal in praisonai (GHSA-22cj-m4wf-fv2c). Risk of unauthorized operations or information disclosure. Exploitable via ``history_search``. Mitigation: upgrade to `4.6.59` or later.
|
| GHSA-8579-rgg5-ph2m |
|
Vulnerability in praisonai (GHSA-8579-rgg5-ph2m)
vulnerability in praisonai (GHSA-8579-rgg5-ph2m). Risk of unauthorized operations or information disclosure. Exploitable via ``praisonai.bots.DiscordApproval``. Mitigation: upgrade to `4.6.59` or later.
|
| CVE-2026-55669 |
|
Vulnerability in github.com/zitadel/zitadel (CVE-2026-55669)
vulnerability in github.com/zitadel/zitadel (CVE-2026-55669). Risk of unauthorized operations or information disclosure. Exploitable via ``iss``. Mitigation: upgrade to `1.80.0-v2.20.0.20260615132747-d184e976fc79` or later.
|
| GHSA-wxg7-w2v3-w38g |
|
Vulnerability in github.com/zitadel/zitadel (GHSA-wxg7-w2v3-w38g)
vulnerability in github.com/zitadel/zitadel (GHSA-wxg7-w2v3-w38g). Risk of unauthorized operations or information disclosure. Exploitable via ``exp``. Mitigation: upgrade to `1.80.0-v2.20.0.20260615122908-fad02c6d9f45` or later.
|
| CVE-2026-55672 |
|
Authentication Bypass in github.com/zitadel/zitadel (CVE-2026-55672)
authentication bypass in github.com/zitadel/zitadel (CVE-2026-55672). Confidential information can be exposed externally. Exploitable via ``CodeExchange``. Mitigation: upgrade to `1.80.0-v2.20.0.20260616131956-0973b074b488` or later.
|
| GHSA-35w5-pcw4-jx94 |
|
Vulnerability in praisonaiagents (GHSA-35w5-pcw4-jx94)
vulnerability in praisonaiagents (GHSA-35w5-pcw4-jx94). Risk of unauthorized operations or information disclosure. Exploitable via ``ServerConfig``. Mitigation: upgrade to `1.6.59` or later.
|
| CVE-2026-55670 |
|
Vulnerability in github.com/zitadel/zitadel (CVE-2026-55670)
vulnerability in github.com/zitadel/zitadel (CVE-2026-55670). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.80.0-v2.20.0.20260615092437-6082e59d47c1` or later.
|
| GHSA-47qp-hqvx-6r3f |
|
Vulnerability in org.jline:jline-remote-telnet (GHSA-47qp-hqvx-6r3f)
vulnerability in org.jline:jline-remote-telnet (GHSA-47qp-hqvx-6r3f). Risk of unauthorized operations or information disclosure. Exploitable via ``HashMap``. Mitigation: upgrade to `4.2.1` or later.
|
| GHSA-2r2c-cx56-8933 |
|
Vulnerability in org.jline:jline-remote-telnet (GHSA-2r2c-cx56-8933)
vulnerability in org.jline:jline-remote-telnet (GHSA-2r2c-cx56-8933). Risk of unauthorized operations or information disclosure. Exploitable via ``Telnet``. Mitigation: upgrade to `4.2.1` or later.
|
| CVE-2026-55661 |
|
Cross-Site Scripting (XSS) in tinacms (CVE-2026-55661)
cross-site scripting in tinacms (CVE-2026-55661). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `3.9.3` or later.
|
| GHSA-2c85-rfcc-g74j |
|
Vulnerability in io.karatelabs:karate-core (GHSA-2c85-rfcc-g74j)
vulnerability in io.karatelabs:karate-core (GHSA-2c85-rfcc-g74j). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/echo`. Mitigation: upgrade to `2.1.0` or later.
|
| CVE-2026-55617 |
|
Vulnerability in hydrooj (CVE-2026-55617)
vulnerability in hydrooj (CVE-2026-55617). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.0.2` or later.
|
| CVE-2026-55603 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55603)
vulnerability in http-proxy-middleware (CVE-2026-55603). Data can be tampered with by attackers. Exploitable via ``req.body``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-55602 |
|
Vulnerability in http-proxy-middleware (CVE-2026-55602)
vulnerability in http-proxy-middleware (CVE-2026-55602). Data can be tampered with by attackers. Exploitable via ``router``. Mitigation: upgrade to `2.0.10` or later.
|
| CVE-2026-55254 |
|
Vulnerability in NCalc.Core (CVE-2026-55254)
vulnerability in NCalc.Core (CVE-2026-55254). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.1.1` or later.
|
| CVE-2026-55388 |
|
Code Injection in piscina (CVE-2026-55388)
code injection in piscina (CVE-2026-55388). Successful exploitation can lead to full system takeover. Exploitable via `POST /upload`. Mitigation: upgrade to `6.0.0-rc.2` or later.
|
| CVE-2026-55887 |
|
Vulnerability in github.com/docker/mcp-gateway (CVE-2026-55887)
vulnerability in github.com/docker/mcp-gateway (CVE-2026-55887). Risk of unauthorized operations or information disclosure. Exploitable via ``io.docker.server.metadata``. Mitigation: upgrade to `0.42.2` or later.
|
| CVE-2026-55886 |
|
Vulnerability in jodit (CVE-2026-55886)
vulnerability in jodit (CVE-2026-55886). Risk of unauthorized operations or information disclosure. Exploitable via ``chain``. Mitigation: upgrade to `4.12.26` or later.
|
| CVE-2026-55229 |
|
SSRF (Server-Side Request Forgery) in github.com/gotenberg/gotenberg/v8 (CVE-2026-55229)
SSRF in github.com/gotenberg/gotenberg/v8 (CVE-2026-55229). Confidential information can be exposed externally. Exploitable via `GET /secretendpoint`. Mitigation: upgrade to `8.34.0` or later.
|
| CVE-2026-55226 |
|
Privilege Escalation in io.strimzi:strimzi (CVE-2026-55226)
vulnerability in io.strimzi:strimzi (CVE-2026-55226). Risk of unauthorized operations or information disclosure. Exploitable via ``Kafka``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-55225 |
|
Privilege Escalation in io.strimzi:strimzi (CVE-2026-55225)
vulnerability in io.strimzi:strimzi (CVE-2026-55225). Risk of unauthorized operations or information disclosure. Exploitable via ``watchedNamespace``. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-55671 |
|
SSRF (Server-Side Request Forgery) in github.com/zitadel/zitadel (CVE-2026-55671)
SSRF in github.com/zitadel/zitadel (CVE-2026-55671). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.80.0-v2.20.0.20260615133614-8e82ec1cb9a2` or later.
|
| CVE-2026-55746 |
|
Cross-Site Scripting (XSS) in cotonti/cotonti (CVE-2026-55746)
cross-site scripting in cotonti/cotonti (CVE-2026-55746). Confidential information can be exposed externally.
|
| CVE-2026-55745 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55745)
vulnerability in cotonti/cotonti (CVE-2026-55745). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9815 |
|
Vulnerability in wordpress (CVE-2026-9815)
vulnerability in wordpress (CVE-2026-9815). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55742 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55742)
vulnerability in cotonti/cotonti (CVE-2026-55742). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12136 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12136)
cross-site scripting in wordpress (CVE-2026-12136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55744 |
|
Cross-Site Request Forgery (CSRF) in cotonti/cotonti (CVE-2026-55744)
vulnerability in cotonti/cotonti (CVE-2026-55744). Confidential information can be exposed externally.
|
| CVE-2026-12137 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12137)
cross-site scripting in wordpress (CVE-2026-12137). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28573 |
|
Vulnerability in dos (CVE-2026-28573)
vulnerability in dos (CVE-2026-28573). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55741 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-55741)
vulnerability in csrf (CVE-2026-55741). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11395 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-11395)
SSRF in wordpress (CVE-2026-11395). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12111 |
|
Information Disclosure in wordpress (CVE-2026-12111)
vulnerability in wordpress (CVE-2026-12111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12098 |
|
Cross-Site Scripting (XSS) in wordpress (CVE-2026-12098)
cross-site scripting in wordpress (CVE-2026-12098). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12102 |
|
Vulnerability in wordpress (CVE-2026-12102)
vulnerability in wordpress (CVE-2026-12102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9860 |
|
Unrestricted File Upload in wordpress (CVE-2026-9860)
vulnerability in wordpress (CVE-2026-9860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55740 |
|
SQL Injection in sqli (CVE-2026-55740)
SQL injection in sqli (CVE-2026-55740). Successful exploitation can lead to full system takeover.
|