Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-54011 Cross-Site Scripting (XSS) in open-webui (CVE-2026-54011)
cross-site scripting in open-webui (CVE-2026-54011). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54010 Vulnerability in open-webui (CVE-2026-54010)
vulnerability in open-webui (CVE-2026-54010). Confidential information can be exposed externally. Exploitable via `GET /api/v1/files/{id}/content`. Mitigation: upgrade to `>= 0.9.6` or later.
CVE-2026-54009 Vulnerability in open-webui (CVE-2026-54009)
vulnerability in open-webui (CVE-2026-54009). Confidential information can be exposed externally. Exploitable via `POST /api/chat/completions`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54008 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-54008)
SSRF in open-webui (CVE-2026-54008). Confidential information can be exposed externally. Exploitable via `GET /api/v1/auths/`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-54007 Vulnerability in open-webui (CVE-2026-54007)
vulnerability in open-webui (CVE-2026-54007). Data can be tampered with by attackers. Exploitable via `POST /api/v1/chats/new`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54006 Vulnerability in open-webui (CVE-2026-54006)
vulnerability in open-webui (CVE-2026-54006). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/calendars/events/{event_id}/update`. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-53931 Vulnerability in nocodb (CVE-2026-53931)
vulnerability in nocodb (CVE-2026-53931). Risk of unauthorized operations or information disclosure. Exploitable via ``axiosRequestMake``.
CVE-2026-53930 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-53930)
SSRF in nocodb (CVE-2026-53930). Risk of unauthorized operations or information disclosure. Exploitable via ``migrate``.
CVE-2026-53929 Cross-Site Scripting (XSS) in nocodb (CVE-2026-53929)
cross-site scripting in nocodb (CVE-2026-53929). Risk of unauthorized operations or information disclosure. Exploitable via ``ResponseContentDisposition``.
CVE-2026-53928 Vulnerability in nocodb (CVE-2026-53928)
vulnerability in nocodb (CVE-2026-53928). Risk of unauthorized operations or information disclosure. Exploitable via ``passwordChange``.
CVE-2026-53927 SSRF (Server-Side Request Forgery) in nocodb (CVE-2026-53927)
SSRF in nocodb (CVE-2026-53927). Risk of unauthorized operations or information disclosure. Exploitable via ``axiosRequestMake``.
CVE-2026-54233 Vulnerability in vllm (CVE-2026-54233)
vulnerability in vllm (CVE-2026-54233). Risk of unauthorized operations or information disclosure. Exploitable via ``SpeechToTextProcessor``.
CVE-2026-54236 Vulnerability in vllm (CVE-2026-54236)
vulnerability in vllm (CVE-2026-54236). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v1/messages`.
CVE-2026-53923 Information Disclosure in vllm (CVE-2026-53923)
vulnerability in vllm (CVE-2026-53923). Confidential information can be exposed externally. Exploitable via ``to_cuda_ggml_t``.
GHSA-8jr5-v98p-w75m Vulnerability in vllm (GHSA-8jr5-v98p-w75m)
vulnerability in vllm (GHSA-8jr5-v98p-w75m). Risk of unauthorized operations or information disclosure. Exploitable via ``ImageOps.exif_transpose``.
CVE-2026-54235 Vulnerability in vllm (CVE-2026-54235)
vulnerability in vllm (CVE-2026-54235). Risk of unauthorized operations or information disclosure. Exploitable via ``False``.
CVE-2026-54761 Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54761)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-54761). Confidential information can be exposed externally. Exploitable via ``crossProviderNamespaces``. Mitigation: upgrade to `3.7.5` or later.
CVE-2026-53765 Vulnerability in chrome-devtools-mcp (CVE-2026-53765)
vulnerability in chrome-devtools-mcp (CVE-2026-53765). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``. Mitigation: upgrade to `1.1.0` or later.
GHSA-664h-gpgq-h6xx Authorization Flaw in n8n (GHSA-664h-gpgq-h6xx)
vulnerability in n8n (GHSA-664h-gpgq-h6xx). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54325 Vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325)
vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325). Risk of unauthorized operations or information disclosure. Exploitable via ``project_trust``. Mitigation: upgrade to `0.79.0` or later.
CVE-2026-54328 Vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54328)
vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54328). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `>= 0.78.1` or later.
CVE-2026-54327 Vulnerability in @mariozechner/pi-coding-agent (CVE-2026-54327)
vulnerability in @mariozechner/pi-coding-agent (CVE-2026-54327). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.78.1` or later.
GHSA-crmm-hgp2-wgrp Vulnerability in laravel/framework (GHSA-crmm-hgp2-wgrp)
vulnerability in laravel/framework (GHSA-crmm-hgp2-wgrp). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.61.1` or later.
GHSA-5vg9-5847-vvmq Vulnerability in laravel/framework (GHSA-5vg9-5847-vvmq)
vulnerability in laravel/framework (GHSA-5vg9-5847-vvmq). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.60.0` or later.
CVE-2026-48797 Vulnerability in backpropagate (CVE-2026-48797)
vulnerability in backpropagate (CVE-2026-48797). Risk of unauthorized operations or information disclosure. Exploitable via ``BACKPROPAGATE_UI_AUTH``. Mitigation: upgrade to `1.2.0` or later.
CVE-2026-48788 Cross-Site Scripting (XSS) in github.com/umputun/remark42 (CVE-2026-48788)
cross-site scripting in github.com/umputun/remark42 (CVE-2026-48788). Confidential information can be exposed externally. Exploitable via ``http.DetectContentType``. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-48783 Vulnerability in CVE-2026-48783 (CVE-2026-48783)
vulnerability in CVE-2026-48783 (CVE-2026-48783). Risk of unauthorized operations or information disclosure.
CVE-2026-48782 SSRF (Server-Side Request Forgery) in pydantic-ai-slim (CVE-2026-48782)
SSRF in pydantic-ai-slim (CVE-2026-48782). Confidential information can be exposed externally. Exploitable via ``FileUrl``. Mitigation: upgrade to `2.0.0b3` or later.
CVE-2026-48781 Vulnerability in CVE-2026-48781 (CVE-2026-48781)
vulnerability in CVE-2026-48781 (CVE-2026-48781). Successful exploitation can lead to full system takeover.
CVE-2026-48745 Vulnerability in CVE-2026-48745 (CVE-2026-48745)
vulnerability in CVE-2026-48745 (CVE-2026-48745). Confidential information can be exposed externally.
CVE-2026-48055 Vulnerability in path-traversal (CVE-2026-48055)
vulnerability in path-traversal (CVE-2026-48055). Data can be tampered with by attackers.
CVE-2026-47277 Path Traversal in CVE-2026-47277 (CVE-2026-47277)
path traversal in CVE-2026-47277 (CVE-2026-47277). Confidential information can be exposed externally.
CVE-2026-48776 Path Traversal in langgraph-sdk (CVE-2026-48776)
path traversal in langgraph-sdk (CVE-2026-48776). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.15` or later.
CVE-2026-12437 Use-After-Free in Google chrome (CVE-2026-12437)
vulnerability in Google chrome (CVE-2026-12437). Successful exploitation can lead to full system takeover.
CVE-2026-54326 Cross-Site Scripting (XSS) in @mariozechner/pi-coding-agent (CVE-2026-54326)
cross-site scripting in @mariozechner/pi-coding-agent (CVE-2026-54326). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.78.1` or later.
CVE-2026-20706 Vulnerability in code.gitea.io/gitea (CVE-2026-20706)
vulnerability in code.gitea.io/gitea (CVE-2026-20706). Confidential information can be exposed externally. Exploitable via `GET /{owner}/{private-repo}/archive/main.tar.gz`. Mitigation: upgrade to `1.26.2` or later.
CVE-2026-27783 Vulnerability in code.gitea.io/gitea (CVE-2026-27783)
vulnerability in code.gitea.io/gitea (CVE-2026-27783). Risk of unauthorized operations or information disclosure. Exploitable via `GET /repos/{owner}/{repo}/issue_templates`. Mitigation: upgrade to `1.26.2` or later.
CVE-2026-25714 Vulnerability in code.gitea.io/gitea (CVE-2026-25714)
vulnerability in code.gitea.io/gitea (CVE-2026-25714). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.2` or later.
CVE-2026-26231 Authorization Flaw in code.gitea.io/gitea (CVE-2026-26231)
vulnerability in code.gitea.io/gitea (CVE-2026-26231). Data can be tampered with by attackers. Exploitable via ``Read``. Mitigation: upgrade to `1.26.2` or later.
CVE-2026-28699 Vulnerability in code.gitea.io/gitea (CVE-2026-28699)
vulnerability in code.gitea.io/gitea (CVE-2026-28699). Confidential information can be exposed externally. Exploitable via `PATCH /api/v1/user/settings`. Mitigation: upgrade to `1.26.2` or later.
CVE-2026-52797 Path Traversal in gogs.io/gogs (CVE-2026-52797)
path traversal in gogs.io/gogs (CVE-2026-52797). Risk of unauthorized operations or information disclosure. Exploitable via ``treePath``. Mitigation: upgrade to `0.14.0` or later.
CVE-2026-49980 Vulnerability in github.com/rclone/rclone (CVE-2026-49980)
vulnerability in github.com/rclone/rclone (CVE-2026-49980). Successful exploitation can lead to full system takeover. Exploitable via ``GET``. Mitigation: upgrade to `1.74.3` or later.
GHSA-m3q2-p4fw-w38m Cross-Site Scripting (XSS) in nuxt (GHSA-m3q2-p4fw-w38m)
cross-site scripting in nuxt (GHSA-m3q2-p4fw-w38m). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``. Mitigation: upgrade to `3.21.7` or later.
CVE-2026-49468 Vulnerability in litellm (CVE-2026-49468)
vulnerability in litellm (CVE-2026-49468). Successful exploitation can lead to full system takeover. Exploitable via ``request.url.path``. Mitigation: upgrade to `1.84.0` or later.
CVE-2026-28744 Authorization Flaw in code.gitea.io/gitea (CVE-2026-28744)
vulnerability in code.gitea.io/gitea (CVE-2026-28744). Confidential information can be exposed externally. Exploitable via ``ctx.IsBasicAuth``. Mitigation: upgrade to `1.26.2` or later.
CVE-2026-54304 Information Disclosure in n8n (CVE-2026-54304)
vulnerability in n8n (CVE-2026-54304). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54309 Vulnerability in n8n (CVE-2026-54309)
vulnerability in n8n (CVE-2026-54309). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54305 Information Disclosure in n8n (CVE-2026-54305)
vulnerability in n8n (CVE-2026-54305). Confidential information can be exposed externally. Exploitable via ``N8N_ENV_FEAT_DYNAMIC_CREDENTIALS``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54307 Authorization Flaw in n8n (CVE-2026-54307)
vulnerability in n8n (CVE-2026-54307). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54314 Vulnerability in n8n (CVE-2026-54314)
vulnerability in n8n (CVE-2026-54314). Risk of unauthorized operations or information disclosure. Exploitable via ``N8N_COMPRESSION_NODE_MAX_ZIP_ENTRIES``. Mitigation: upgrade to `2.24.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →