Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-0150 Vulnerability in google (CVE-2026-0150)
vulnerability in google (CVE-2026-0150). Successful exploitation can lead to full system takeover.
CVE-2026-0155 Vulnerability in google (CVE-2026-0155)
vulnerability in google (CVE-2026-0155). Risk of unauthorized operations or information disclosure.
CVE-2026-0144 Vulnerability in cpp (CVE-2026-0144)
vulnerability in cpp (CVE-2026-0144). Risk of unauthorized operations or information disclosure.
CVE-2026-0147 Vulnerability in c (CVE-2026-0147)
vulnerability in c (CVE-2026-0147). Successful exploitation can lead to full system takeover.
CVE-2026-0160 Vulnerability in cpp (CVE-2026-0160)
vulnerability in cpp (CVE-2026-0160). Successful exploitation can lead to full system takeover.
CVE-2026-0143 Use-After-Free in c (CVE-2026-0143)
vulnerability in c (CVE-2026-0143). Successful exploitation can lead to full system takeover.
CVE-2026-0139 Buffer Overflow in google (CVE-2026-0139)
vulnerability in google (CVE-2026-0139). Successful exploitation can lead to full system takeover.
CVE-2026-0132 Vulnerability in google (CVE-2026-0132)
vulnerability in google (CVE-2026-0132). Successful exploitation can lead to full system takeover.
CVE-2026-0142 Vulnerability in c (CVE-2026-0142)
vulnerability in c (CVE-2026-0142). Risk of unauthorized operations or information disclosure.
CVE-2026-0141 Vulnerability in cpp (CVE-2026-0141)
vulnerability in cpp (CVE-2026-0141). Risk of unauthorized operations or information disclosure.
CVE-2026-0136 Vulnerability in dos (CVE-2026-0136)
vulnerability in dos (CVE-2026-0136). Risk of unauthorized operations or information disclosure.
CVE-2026-0135 Out-of-Bounds Read in google (CVE-2026-0135)
vulnerability in google (CVE-2026-0135). Successful exploitation can lead to full system takeover.
CVE-2026-0137 Use-After-Free in c (CVE-2026-0137)
vulnerability in c (CVE-2026-0137). Successful exploitation can lead to full system takeover.
CVE-2026-0133 Vulnerability in c (CVE-2026-0133)
vulnerability in c (CVE-2026-0133). Successful exploitation can lead to full system takeover.
CVE-2026-0140 Out-of-Bounds Read in google (CVE-2026-0140)
vulnerability in google (CVE-2026-0140). Risk of unauthorized operations or information disclosure.
CVE-2026-0128 Out-of-Bounds Read in google (CVE-2026-0128)
vulnerability in google (CVE-2026-0128). Confidential information can be exposed externally.
CVE-2026-0130 Vulnerability in google (CVE-2026-0130)
vulnerability in google (CVE-2026-0130). Risk of unauthorized operations or information disclosure.
CVE-2026-0138 Vulnerability in c (CVE-2026-0138)
vulnerability in c (CVE-2026-0138). Successful exploitation can lead to full system takeover.
CVE-2026-0134 Vulnerability in cpp (CVE-2026-0134)
vulnerability in cpp (CVE-2026-0134). Risk of unauthorized operations or information disclosure.
CVE-2026-0126 Out-of-Bounds Write in google (CVE-2026-0126)
out-of-bounds write in google (CVE-2026-0126). Successful exploitation can lead to full system takeover.
CVE-2026-0127 Out-of-Bounds Read in cpp (CVE-2026-0127)
vulnerability in cpp (CVE-2026-0127). Risk of unauthorized operations or information disclosure.
CVE-2026-0125 Use-After-Free in c (CVE-2026-0125)
vulnerability in c (CVE-2026-0125). Successful exploitation can lead to full system takeover.
CVE-2026-0129 Vulnerability in google (CVE-2026-0129)
vulnerability in google (CVE-2026-0129). Risk of unauthorized operations or information disclosure.
CVE-2026-0131 Out-of-Bounds Read in google (CVE-2026-0131)
vulnerability in google (CVE-2026-0131). Successful exploitation can lead to full system takeover.
CVE-2026-54322 Vulnerability in github.com/daytonaio/daytona (CVE-2026-54322)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54322). Data can be tampered with by attackers. Mitigation: upgrade to `0.185.0` or later.
CVE-2026-52846 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-52846). Risk of unauthorized operations or information disclosure. Exploitable via ``stripHTML``. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-52845 Authentication Bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845)
authentication bypass in github.com/caddyserver/caddy/v2 (CVE-2026-52845). Confidential information can be exposed externally. Exploitable via `GET /index.php`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-52844 Path Traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844)
path traversal in github.com/caddyserver/caddy/v2 (CVE-2026-52844). Confidential information can be exposed externally. Exploitable via `GET /private/secret.txt`. Mitigation: upgrade to `2.11.4` or later.
CVE-2026-50574 Vulnerability in yt-dlp (CVE-2026-50574)
vulnerability in yt-dlp (CVE-2026-50574). Successful exploitation can lead to full system takeover. Exploitable via ``title``. Mitigation: upgrade to `2026.6.9` or later.
CVE-2026-54321 Vulnerability in github.com/daytonaio/daytona (CVE-2026-54321)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54321). Confidential information can be exposed externally. Mitigation: upgrade to `0.184.0` or later.
CVE-2026-53622 Vulnerability in Traefik (CVE-2026-53622)
vulnerability in Traefik (CVE-2026-53622). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `3.7.3` or later.
CVE-2026-53755 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
GHSA-7cx2-g3h9-382p Path Traversal in crawl4ai (GHSA-7cx2-g3h9-382p)
path traversal in crawl4ai (GHSA-7cx2-g3h9-382p). Risk of unauthorized operations or information disclosure. Exploitable via `POST /screenshot`. Mitigation: upgrade to `0.8.8` or later.
GHSA-f989-c77f-r2cq Information Disclosure in crawl4ai (GHSA-f989-c77f-r2cq)
vulnerability in crawl4ai (GHSA-f989-c77f-r2cq). Risk of unauthorized operations or information disclosure. Exploitable via ``base_url``. Mitigation: upgrade to `0.8.8` or later.
CVE-2026-53754 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
CVE-2026-50023 Vulnerability in yt-dlp (CVE-2026-50023)
vulnerability in yt-dlp (CVE-2026-50023). Successful exploitation can lead to full system takeover. Exploitable via ``master.m3u8``. Mitigation: upgrade to `2026.6.9` or later.
CVE-2026-50019 Information Disclosure in yt-dlp (CVE-2026-50019)
vulnerability in yt-dlp (CVE-2026-50019). Confidential information can be exposed externally. Exploitable via ``curl``. Mitigation: upgrade to `2026.6.9` or later.
CVE-2026-47750 Out-of-Bounds Write in c (CVE-2026-47750)
out-of-bounds write in c (CVE-2026-47750). Successful exploitation can lead to full system takeover.
CVE-2026-47747 Vulnerability in c (CVE-2026-47747)
vulnerability in c (CVE-2026-47747). Successful exploitation can lead to full system takeover.
CVE-2026-54157 SSRF (Server-Side Request Forgery) in @lobehub/lobehub (CVE-2026-54157)
SSRF in @lobehub/lobehub (CVE-2026-54157). Confidential information can be exposed externally. Exploitable via `POST /webapi/proxy`. Mitigation: upgrade to `2.1.57` or later.
CVE-2026-56266 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-53753 Code Injection in crawl4ai (CVE-2026-53753)
code injection in crawl4ai (CVE-2026-53753). Successful exploitation can lead to full system takeover. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-50135 Vulnerability in github.com/gohugoio/hugo (CVE-2026-50135)
vulnerability in github.com/gohugoio/hugo (CVE-2026-50135). Confidential information can be exposed externally. Exploitable via ``resources.Get``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-50134 SSRF (Server-Side Request Forgery) in github.com/gohugoio/hugo (CVE-2026-50134)
SSRF in github.com/gohugoio/hugo (CVE-2026-50134). Risk of unauthorized operations or information disclosure. Exploitable via ``security.http.urls``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-50133 Cross-Site Scripting (XSS) in github.com/gohugoio/hugo (CVE-2026-50133)
cross-site scripting in github.com/gohugoio/hugo (CVE-2026-50133). Risk of unauthorized operations or information disclosure. Exploitable via ``security.allowContent``. Mitigation: upgrade to `0.162.0` or later.
CVE-2026-53866 OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53865 Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53863 Vulnerability in openclaw (CVE-2026-53863)
vulnerability in openclaw (CVE-2026-53863). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53862 Privilege Escalation in openclaw (CVE-2026-53862)
vulnerability in openclaw (CVE-2026-53862). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →