Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-48746 Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-48520 Vulnerability in langflow (CVE-2026-48520)
vulnerability in langflow (CVE-2026-48520). Confidential information can be exposed externally. Exploitable via ``files``. Mitigation: upgrade to `1.10.0` or later.
CVE-2026-48519 Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
CVE-2026-42867 Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-41523 Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-33760 Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-53776 Vulnerability in CVE-2026-53776 (CVE-2026-53776)
vulnerability in CVE-2026-53776 (CVE-2026-53776). Confidential information can be exposed externally.
CVE-2026-44932 OS Command Injection in CVE-2026-44932 (CVE-2026-44932)
OS command injection in CVE-2026-44932 (CVE-2026-44932). Successful exploitation can lead to full system takeover.
CVE-2026-39927 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-39926 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-24228 Unsafe Deserialization in deserialization (CVE-2026-24228)
vulnerability in deserialization (CVE-2026-24228). Successful exploitation can lead to full system takeover.
CVE-2026-24155 Code Injection in nvidia (CVE-2026-24155)
code injection in nvidia (CVE-2026-24155). Successful exploitation can lead to full system takeover.
CVE-2026-12412 Rejected reason: loading template...
Rejected reason: loading template...
CVE-2026-12003 Vulnerability in CVE-2026-12003 (CVE-2026-12003)
vulnerability in CVE-2026-12003 (CVE-2026-12003). Risk of unauthorized operations or information disclosure. Exploitable via ``Lib``.
CVE-2026-10649 Vulnerability in dos (CVE-2026-10649)
vulnerability in dos (CVE-2026-10649). Risk of unauthorized operations or information disclosure.
CVE-2025-71261 Vulnerability in github.com/harvester/harvester (CVE-2025-71261)
vulnerability in github.com/harvester/harvester (CVE-2025-71261). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
CVE-2024-38487 Privilege Escalation in CVE-2024-38487 (CVE-2024-38487)
vulnerability in CVE-2024-38487 (CVE-2024-38487). Risk of unauthorized operations or information disclosure.
CVE-2024-30476 Cross-Site Scripting (XSS) in CVE-2024-30476 (CVE-2024-30476)
cross-site scripting in CVE-2024-30476 (CVE-2024-30476). Risk of unauthorized operations or information disclosure.
CVE-2024-24909 Command Injection in CVE-2024-24909 (CVE-2024-24909)
command injection in CVE-2024-24909 (CVE-2024-24909). Successful exploitation can lead to full system takeover.
CVE-2024-22451 Vulnerability in dell (CVE-2024-22451)
vulnerability in dell (CVE-2024-22451). Successful exploitation can lead to full system takeover.
CVE-2026-10831 Vulnerability in CVE-2026-10831 (CVE-2026-10831)
vulnerability in CVE-2026-10831 (CVE-2026-10831). Risk of unauthorized operations or information disclosure.
CVE-2026-12398 OS Command Injection in galaxy-ng (CVE-2026-12398)
OS command injection in galaxy-ng (CVE-2026-12398). Successful exploitation can lead to full system takeover.
CVE-2026-10638 Use-After-Free in c (CVE-2026-10638)
vulnerability in c (CVE-2026-10638). Risk of unauthorized operations or information disclosure.
CVE-2026-0647 Vulnerability in CVE-2026-0647 (CVE-2026-0647)
vulnerability in CVE-2026-0647 (CVE-2026-0647). Risk of unauthorized operations or information disclosure.
CVE-2025-13036 Vulnerability in cisa (CVE-2025-13036)
vulnerability in cisa (CVE-2025-13036). Risk of unauthorized operations or information disclosure.
CVE-2026-11317 Vulnerability in dos (CVE-2026-11317)
vulnerability in dos (CVE-2026-11317). Risk of unauthorized operations or information disclosure.
CVE-2026-0646 Vulnerability in cisa (CVE-2026-0646)
vulnerability in cisa (CVE-2026-0646). Risk of unauthorized operations or information disclosure.
CVE-2026-9307 Vulnerability in CVE-2026-9307 (CVE-2026-9307)
vulnerability in CVE-2026-9307 (CVE-2026-9307). Risk of unauthorized operations or information disclosure.
CVE-2025-14272 Vulnerability in CVE-2025-14272 (CVE-2025-14272)
vulnerability in CVE-2025-14272 (CVE-2025-14272). Risk of unauthorized operations or information disclosure.
CVE-2024-22447 Vulnerability in dell (CVE-2024-22447)
vulnerability in dell (CVE-2024-22447). Successful exploitation can lead to full system takeover.
CVE-2025-11694 Vulnerability in cisa (CVE-2025-11694)
vulnerability in cisa (CVE-2025-11694). Risk of unauthorized operations or information disclosure.
CVE-2026-48780 Authentication Bypass in CVE-2026-48780 (CVE-2026-48780)
authentication bypass in CVE-2026-48780 (CVE-2026-48780). Confidential information can be exposed externally. Exploitable via ``a2ab6d4``.
CVE-2026-10640 Use-After-Free in c (CVE-2026-10640)
vulnerability in c (CVE-2026-10640). Risk of unauthorized operations or information disclosure.
CVE-2026-10639 Use-After-Free in c (CVE-2026-10639)
vulnerability in c (CVE-2026-10639). Risk of unauthorized operations or information disclosure.
CVE-2026-10637 Use-After-Free in c (CVE-2026-10637)
vulnerability in c (CVE-2026-10637). Risk of unauthorized operations or information disclosure.
CVE-2026-10636 Use-After-Free in c (CVE-2026-10636)
vulnerability in c (CVE-2026-10636). Risk of unauthorized operations or information disclosure.
GHSA-m557-wrgg-6rp4 SSRF (Server-Side Request Forgery) in phpseclib/phpseclib (GHSA-m557-wrgg-6rp4)
SSRF in phpseclib/phpseclib (GHSA-m557-wrgg-6rp4). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ssrf`. Mitigation: upgrade to `3.0.54` or later.
GHSA-gr75-jv2w-4656 Path Traversal in langchain (GHSA-gr75-jv2w-4656)
path traversal in langchain (GHSA-gr75-jv2w-4656). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.3.9` or later.
CVE-2026-54298 Cross-Site Scripting (XSS) in astro (CVE-2026-54298)
cross-site scripting in astro (CVE-2026-54298). Risk of unauthorized operations or information disclosure. Exploitable via ``spreadAttributes``. Mitigation: upgrade to `6.4.6` or later.
CVE-2026-54299 Vulnerability in astro (CVE-2026-54299)
vulnerability in astro (CVE-2026-54299). Confidential information can be exposed externally. Exploitable via ``request.url``. Mitigation: upgrade to `6.4.6` or later.
CVE-2026-54300 SSRF (Server-Side Request Forgery) in @astrojs/netlify (CVE-2026-54300)
SSRF in @astrojs/netlify (CVE-2026-54300). Risk of unauthorized operations or information disclosure. Exploitable via ``image.remotePatterns``. Mitigation: upgrade to `7.0.13` or later.
CVE-2026-54293 Path Traversal in nltk (CVE-2026-54293)
path traversal in nltk (CVE-2026-54293). Confidential information can be exposed externally.
CVE-2026-54288 Vulnerability in hono (CVE-2026-54288)
vulnerability in hono (CVE-2026-54288). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54289 Vulnerability in hono (CVE-2026-54289)
vulnerability in hono (CVE-2026-54289). Risk of unauthorized operations or information disclosure. Exploitable via ``Headers.set``. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54290 Vulnerability in hono (CVE-2026-54290)
vulnerability in hono (CVE-2026-54290). Confidential information can be exposed externally. Exploitable via ``origin``. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54286 Path Traversal in hono (CVE-2026-54286)
path traversal in hono (CVE-2026-54286). Confidential information can be exposed externally. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54287 Vulnerability in hono (CVE-2026-54287)
vulnerability in hono (CVE-2026-54287). Risk of unauthorized operations or information disclosure. Exploitable via ``Expires``. Mitigation: upgrade to `4.12.25` or later.
GHSA-gj48-438w-jh9v Cross-Site Scripting (XSS) in bleach (GHSA-gj48-438w-jh9v)
cross-site scripting in bleach (GHSA-gj48-438w-jh9v). Risk of unauthorized operations or information disclosure. Exploitable via ``formaction``. Mitigation: upgrade to `6.4.0` or later.
GHSA-g75f-g53v-794x Vulnerability in bleach (GHSA-g75f-g53v-794x)
vulnerability in bleach (GHSA-g75f-g53v-794x). Risk of unauthorized operations or information disclosure. Exploitable via `POST /preview`.
GHSA-8rfp-98v4-mmr6 Vulnerability in bleach (GHSA-8rfp-98v4-mmr6)
vulnerability in bleach (GHSA-8rfp-98v4-mmr6). Risk of unauthorized operations or information disclosure. Exploitable via ``bleach.clean``. Mitigation: upgrade to `6.4.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →