Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-42261 Vulnerability in ssrf (CVE-2026-42261)
vulnerability in ssrf (CVE-2026-42261). Confidential information can be exposed externally. Exploitable via `POST /api/skills/fetch-remote`.
CVE-2026-42264 Vulnerability in axios (CVE-2026-42264)
vulnerability in axios (CVE-2026-42264). Confidential information can be exposed externally. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `1.15.2` or later.
CVE-2026-42203 Vulnerability in litellm (CVE-2026-42203)
vulnerability in litellm (CVE-2026-42203). Successful exploitation can lead to full system takeover. Exploitable via `POST /prompts/test`. Mitigation: upgrade to `1.83.7` or later.
CVE-2026-41900 OS Command Injection in openlearnx (CVE-2026-41900)
OS command injection in openlearnx (CVE-2026-41900). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.0.3` or later.
CVE-2026-8126 Vulnerability in sqli (CVE-2026-8126)
vulnerability in sqli (CVE-2026-8126). Risk of unauthorized operations or information disclosure.
CVE-2026-8128 Vulnerability in sqli (CVE-2026-8128)
vulnerability in sqli (CVE-2026-8128). Risk of unauthorized operations or information disclosure.
CVE-2026-6411 Vulnerability in cisa (CVE-2026-6411)
vulnerability in cisa (CVE-2026-6411). Risk of unauthorized operations or information disclosure.
CVE-2026-7541 Vulnerability in dos (CVE-2026-7541)
vulnerability in dos (CVE-2026-7541). Risk of unauthorized operations or information disclosure.
CVE-2026-41105 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-41105)
SSRF in ssrf (CVE-2026-41105). Confidential information can be exposed externally.
CVE-2026-33111 Command Injection in microsoft (CVE-2026-33111)
command injection in microsoft (CVE-2026-33111). Confidential information can be exposed externally.
CVE-2026-34327 Vulnerability in microsoft (CVE-2026-34327)
vulnerability in microsoft (CVE-2026-34327). Confidential information can be exposed externally.
CVE-2026-35435 Vulnerability in microsoft (CVE-2026-35435)
vulnerability in microsoft (CVE-2026-35435). Confidential information can be exposed externally.
CVE-2026-40213 Authorization Flaw in openstack-cyborg (CVE-2026-40213)
vulnerability in openstack-cyborg (CVE-2026-40213). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.0.1` or later.
CVE-2026-26129 Vulnerability in microsoft (CVE-2026-26129)
vulnerability in microsoft (CVE-2026-26129). Confidential information can be exposed externally.
CVE-2026-26164 Vulnerability in microsoft (CVE-2026-26164)
vulnerability in microsoft (CVE-2026-26164). Confidential information can be exposed externally.
CVE-2026-32207 Cross-Site Scripting (XSS) in microsoft (CVE-2026-32207)
cross-site scripting in microsoft (CVE-2026-32207). Successful exploitation can lead to full system takeover.
CVE-2026-44742 Cross-Site Scripting (XSS) in postorius (CVE-2026-44742)
cross-site scripting in postorius (CVE-2026-44742). Risk of unauthorized operations or information disclosure.
CVE-2026-42449 SSRF (Server-Side Request Forgery) in n8n-mcp (CVE-2026-42449)
SSRF in n8n-mcp (CVE-2026-42449). Confidential information can be exposed externally. Exploitable via ``N8NDocumentationMCPServer``. Mitigation: upgrade to `2.47.14` or later.
CVE-2026-8098 Vulnerability in sqli (CVE-2026-8098)
vulnerability in sqli (CVE-2026-8098). Risk of unauthorized operations or information disclosure.
CVE-2026-42047 Information Disclosure in inngest (CVE-2026-42047)
vulnerability in inngest (CVE-2026-42047). Confidential information can be exposed externally. Exploitable via ``GET``. Mitigation: upgrade to `3.54.0` or later.
CVE-2026-42499 Vulnerability in golang (CVE-2026-42499)
vulnerability in golang (CVE-2026-42499). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-42501 Vulnerability in golang (CVE-2026-42501)
vulnerability in golang (CVE-2026-42501). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39820 Vulnerability in golang (CVE-2026-39820)
vulnerability in golang (CVE-2026-39820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-39836 Vulnerability in golang (CVE-2026-39836)
vulnerability in golang (CVE-2026-39836). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-33811 Vulnerability in golang (CVE-2026-33811)
vulnerability in golang (CVE-2026-33811). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-33814 Vulnerability in golang (CVE-2026-33814)
vulnerability in golang (CVE-2026-33814). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.10, 1.26.3` or later.
CVE-2026-41906 Vulnerability in laravel (CVE-2026-41906)
vulnerability in laravel (CVE-2026-41906). Data can be tampered with by attackers.
CVE-2026-42215 OS Command Injection in GitPython (CVE-2026-42215)
OS command injection in GitPython (CVE-2026-42215). Successful exploitation can lead to full system takeover. Exploitable via ``upload_pack``. Mitigation: upgrade to `3.1.47` or later.
CVE-2026-42284 Vulnerability in GitPython (CVE-2026-42284)
vulnerability in GitPython (CVE-2026-42284). Successful exploitation can lead to full system takeover. Exploitable via ``multi_options``. Mitigation: upgrade to `3.1.47` or later.
CVE-2026-42214 Code Injection in dail8859 (CVE-2026-42214)
code injection in dail8859 (CVE-2026-42214). Successful exploitation can lead to full system takeover.
CVE-2026-7413 Vulnerability in yarbo (CVE-2026-7413)
vulnerability in yarbo (CVE-2026-7413). Successful exploitation can lead to full system takeover.
CVE-2026-42011 Vulnerability in CVE-2026-42011 (CVE-2026-42011)
vulnerability in CVE-2026-42011 (CVE-2026-42011). Confidential information can be exposed externally.
CVE-2025-63705 OS Command Injection in node-ts-ocr (CVE-2025-63705)
OS command injection in node-ts-ocr (CVE-2025-63705). Successful exploitation can lead to full system takeover.
CVE-2026-30495 Vulnerability in CVE-2026-30495 (CVE-2026-30495)
vulnerability in CVE-2026-30495 (CVE-2026-30495). Successful exploitation can lead to full system takeover.
CVE-2026-8092 Out-of-Bounds Read in mozilla (CVE-2026-8092)
vulnerability in mozilla (CVE-2026-8092). Successful exploitation can lead to full system takeover.
CVE-2026-8093 Buffer Overflow in mozilla (CVE-2026-8093)
vulnerability in mozilla (CVE-2026-8093). Successful exploitation can lead to full system takeover.
CVE-2026-8090 Use-After-Free in mozilla (CVE-2026-8090)
vulnerability in mozilla (CVE-2026-8090). Risk of unauthorized operations or information disclosure.
CVE-2026-42010 Vulnerability in gnu (CVE-2026-42010)
vulnerability in gnu (CVE-2026-42010). Confidential information can be exposed externally.
CVE-2026-6805 Vulnerability in thalesgroup (CVE-2026-6805)
vulnerability in thalesgroup (CVE-2026-6805). Confidential information can be exposed externally.
CVE-2025-1978 Code Injection in hitachi (CVE-2025-1978)
code injection in hitachi (CVE-2025-1978). Risk of unauthorized operations or information disclosure.
CVE-2024-43384 Vulnerability in phoenixcontact (CVE-2024-43384)
vulnerability in phoenixcontact (CVE-2024-43384). Successful exploitation can lead to full system takeover.
CVE-2025-9661 OS Command Injection in hitachi (CVE-2025-9661)
OS command injection in hitachi (CVE-2025-9661). Successful exploitation can lead to full system takeover.
CVE-2026-4430 Out-of-Bounds Write in libreoffice (CVE-2026-4430)
out-of-bounds write in libreoffice (CVE-2026-4430). Successful exploitation can lead to full system takeover.
CVE-2026-40981 Vulnerability in org.springframework.cloud:spring-cloud-config (CVE-2026-40981)
vulnerability in org.springframework.cloud:spring-cloud-config (CVE-2026-40981). Confidential information can be exposed externally. Mitigation: upgrade to `5.0.3` or later.
CVE-2026-41002 Vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002)
vulnerability in org.springframework.cloud:spring-cloud-config-server (CVE-2026-41002). Confidential information can be exposed externally. Exploitable via ``spring.cloud.config.server.git.basedir``.
CVE-2026-41139 Vulnerability in mathjs (CVE-2026-41139)
vulnerability in mathjs (CVE-2026-41139). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
CVE-2026-44513 Code Injection in diffusers (CVE-2026-44513)
code injection in diffusers (CVE-2026-44513). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-41142 Vulnerability in openexr (CVE-2026-41142)
vulnerability in openexr (CVE-2026-41142). Successful exploitation can lead to full system takeover.
CVE-2026-44827 Code Injection in diffusers (CVE-2026-44827)
code injection in diffusers (CVE-2026-44827). Successful exploitation can lead to full system takeover. Exploitable via ``DiffusionPipeline.from_pretrained``. Mitigation: upgrade to `0.38.0` or later.
CVE-2026-42582 Vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-42582). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.2.13.Final` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →