Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-35272 |
|
Privilege Escalation in c (CVE-2026-35272)
vulnerability in c (CVE-2026-35272). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35279 |
|
Vulnerability in c (CVE-2026-35279)
vulnerability in c (CVE-2026-35279). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35274 |
|
Vulnerability in c (CVE-2026-35274)
vulnerability in c (CVE-2026-35274). Confidential information can be exposed externally.
|
| CVE-2026-35276 |
|
Vulnerability in c (CVE-2026-35276)
vulnerability in c (CVE-2026-35276). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35278 |
|
Vulnerability in c (CVE-2026-35278)
vulnerability in c (CVE-2026-35278). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35271 |
|
Vulnerability in c (CVE-2026-35271)
vulnerability in c (CVE-2026-35271). Confidential information can be exposed externally.
|
| CVE-2026-35270 |
|
Vulnerability in c (CVE-2026-35270)
vulnerability in c (CVE-2026-35270). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35259 |
|
Open Redirect in c (CVE-2026-35259)
vulnerability in c (CVE-2026-35259). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35269 |
|
Vulnerability in c (CVE-2026-35269)
vulnerability in c (CVE-2026-35269). Data can be tampered with by attackers.
|
| CVE-2026-12348 |
|
Vulnerability in CVE-2026-12348 (CVE-2026-12348)
vulnerability in CVE-2026-12348 (CVE-2026-12348). Data can be tampered with by attackers.
|
| CVE-2026-35268 |
|
Vulnerability in c (CVE-2026-35268)
vulnerability in c (CVE-2026-35268). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35263 |
|
Vulnerability in c (CVE-2026-35263)
vulnerability in c (CVE-2026-35263). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35265 |
|
Vulnerability in c (CVE-2026-35265)
vulnerability in c (CVE-2026-35265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35267 |
|
Vulnerability in c (CVE-2026-35267)
vulnerability in c (CVE-2026-35267). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35262 |
|
Vulnerability in c (CVE-2026-35262)
vulnerability in c (CVE-2026-35262). Confidential information can be exposed externally.
|
| CVE-2026-35261 |
|
Authentication Bypass in c (CVE-2026-35261)
authentication bypass in c (CVE-2026-35261). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-35258 |
|
Open Redirect in c (CVE-2026-35258)
vulnerability in c (CVE-2026-35258). Confidential information can be exposed externally.
|
| CVE-2026-9697 |
|
Vulnerability in undici (CVE-2026-9697)
vulnerability in undici (CVE-2026-9697). Confidential information can be exposed externally. Exploitable via ``ProxyAgent``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-9679 |
|
Vulnerability in undici (CVE-2026-9679)
vulnerability in undici (CVE-2026-9679). Data can be tampered with by attackers. Exploitable via ``parseSetCookie``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-9678 |
|
Vulnerability in undici (CVE-2026-9678)
vulnerability in undici (CVE-2026-9678). Confidential information can be exposed externally. Exploitable via ``private``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-6734 |
|
Vulnerability in undici (CVE-2026-6734)
vulnerability in undici (CVE-2026-6734). Successful exploitation can lead to full system takeover. Exploitable via ``Socks5ProxyAgent``. Mitigation: upgrade to `8.2.0` or later.
|
| CVE-2026-6733 |
|
Vulnerability in undici (CVE-2026-6733)
vulnerability in undici (CVE-2026-6733). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-47774 |
|
Vulnerability in dos (CVE-2026-47774)
vulnerability in dos (CVE-2026-47774). Risk of unauthorized operations or information disclosure. Exploitable via `Cookie header`.
|
| CVE-2026-11525 |
|
Vulnerability in undici (CVE-2026-11525)
vulnerability in undici (CVE-2026-11525). Risk of unauthorized operations or information disclosure. Exploitable via ``SameSite``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-55636 |
|
Authorization Flaw in github.com/projectcapsule/capsule (CVE-2026-55636)
vulnerability in github.com/projectcapsule/capsule (CVE-2026-55636). Risk of unauthorized operations or information disclosure. Exploitable via ``rules.resources``. Mitigation: upgrade to `0.13.6` or later.
|
| CVE-2026-25779 |
|
Open Redirect in github.com/go-gitea/gitea (CVE-2026-25779)
vulnerability in github.com/go-gitea/gitea (CVE-2026-25779). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `1.26.0` or later.
|
| CVE-2026-28737 |
|
Cross-Site Scripting (XSS) in code.gitea.io/gitea (CVE-2026-28737)
cross-site scripting in code.gitea.io/gitea (CVE-2026-28737). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `1.26.0` or later.
|
| CVE-2026-24791 |
|
Authorization Flaw in code.gitea.io/gitea (CVE-2026-24791)
vulnerability in code.gitea.io/gitea (CVE-2026-24791). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/users/{privateUser}`. Mitigation: upgrade to `1.26.2` or later.
|
| CVE-2026-22555 |
|
Vulnerability in code.gitea.io/gitea (CVE-2026-22555)
vulnerability in code.gitea.io/gitea (CVE-2026-22555). Confidential information can be exposed externally. Exploitable via `POST /api/v1/repos/{owner}/{repo}/forks`. Mitigation: upgrade to `1.26.0` or later.
|
| CVE-2026-54324 |
|
Vulnerability in github.com/daytonaio/daytona (CVE-2026-54324)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54324). Confidential information can be exposed externally. Mitigation: upgrade to `0.185.0` or later.
|
| CVE-2026-54316 |
|
Vulnerability in @anthropic-ai/claude-code (CVE-2026-54316)
vulnerability in @anthropic-ai/claude-code (CVE-2026-54316). Confidential information can be exposed externally. Mitigation: upgrade to `2.1.163` or later.
|
| CVE-2026-54022 |
|
Vulnerability in open-webui (CVE-2026-54022)
vulnerability in open-webui (CVE-2026-54022). Confidential information can be exposed externally. Exploitable via ``document_id``. Mitigation: upgrade to `0.8.11` or later.
|
| CVE-2026-54021 |
|
Authorization Flaw in open-webui (CVE-2026-54021)
vulnerability in open-webui (CVE-2026-54021). Risk of unauthorized operations or information disclosure. Exploitable via `POST /ollama/api/chat/{url_idx}`. Mitigation: upgrade to `>= 0.9.6` or later.
|
| CVE-2026-54019 |
|
Vulnerability in open-webui (CVE-2026-54019)
vulnerability in open-webui (CVE-2026-54019). Confidential information can be exposed externally. Exploitable via `POST /api/v1/retrieval/query/collection`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-54018 |
|
SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54018)
SSRF in open-webui (CVE-2026-54018). Confidential information can be exposed externally. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-54017 |
|
Path Traversal in open-webui (CVE-2026-54017)
path traversal in open-webui (CVE-2026-54017). Confidential information can be exposed externally. Exploitable via `GET /api/v1/terminals/server1/..`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-9675 |
|
Vulnerability in undici (CVE-2026-9675)
vulnerability in undici (CVE-2026-9675). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-12151 |
|
Vulnerability in undici (CVE-2026-12151)
vulnerability in undici (CVE-2026-12151). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayloadSize``. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-20246 |
|
Privilege Escalation in Cisco umbrella-virtual-appliance (CVE-2026-20246)
vulnerability in Cisco umbrella-virtual-appliance (CVE-2026-20246). Confidential information can be exposed externally.
|
| CVE-2026-20178 |
|
Open Redirect in Cisco webex-web-app (CVE-2026-20178)
vulnerability in Cisco webex-web-app (CVE-2026-20178). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20220 |
|
Vulnerability in Cisco crosswork-network-controller (CVE-2026-20220)
vulnerability in Cisco crosswork-network-controller (CVE-2026-20220). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20181 |
|
Path Traversal in Cisco dos (CVE-2026-20181)
path traversal in Cisco dos (CVE-2026-20181). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48117 |
|
Authentication Bypass in CVE-2026-48117 (CVE-2026-48117)
authentication bypass in CVE-2026-48117 (CVE-2026-48117). Confidential information can be exposed externally.
|
| CVE-2026-47103 |
|
Vulnerability in python-statemachine (CVE-2026-47103)
vulnerability in python-statemachine (CVE-2026-47103). Successful exploitation can lead to full system takeover. Exploitable via ``SCXMLProcessor``. Mitigation: upgrade to `3.2.0` or later.
|
| CVE-2026-54016 |
|
Vulnerability in open-webui (CVE-2026-54016)
vulnerability in open-webui (CVE-2026-54016). Risk of unauthorized operations or information disclosure. Exploitable via ``search_knowledge_files``. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-10641 |
|
Out-of-Bounds Write in c (CVE-2026-10641)
out-of-bounds write in c (CVE-2026-10641). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54015 |
|
Vulnerability in open-webui (CVE-2026-54015)
vulnerability in open-webui (CVE-2026-54015). Confidential information can be exposed externally. Exploitable via `GET /api/v1/prompts/id/{prompt_id}/history/diff`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-54014 |
|
Path Traversal in open-webui (CVE-2026-54014)
path traversal in open-webui (CVE-2026-54014). Risk of unauthorized operations or information disclosure. Exploitable via `GET /cache/{{path}}`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-54013 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-54013)
cross-site scripting in open-webui (CVE-2026-54013). Confidential information can be exposed externally. Exploitable via `GET /api/v1/models/model/profile/image`. Mitigation: upgrade to `0.9.6` or later.
|
| CVE-2026-54012 |
|
Vulnerability in open-webui (CVE-2026-54012)
vulnerability in open-webui (CVE-2026-54012). Confidential information can be exposed externally. Exploitable via `GET /api/v1/files/{id}/content`. Mitigation: upgrade to `0.9.6` or later.
|