Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-48746 |
|
Vulnerability in vllm (CVE-2026-48746)
vulnerability in vllm (CVE-2026-48746). Confidential information can be exposed externally. Exploitable via ``AuthenticationMiddleware``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-48520 |
|
Vulnerability in langflow (CVE-2026-48520)
vulnerability in langflow (CVE-2026-48520). Confidential information can be exposed externally. Exploitable via ``files``. Mitigation: upgrade to `1.10.0` or later.
|
| CVE-2026-48519 |
|
Code Injection in langflow (CVE-2026-48519)
code injection in langflow (CVE-2026-48519). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.9.2` or later.
|
| CVE-2026-42867 |
|
Path Traversal in langflow (CVE-2026-42867)
path traversal in langflow (CVE-2026-42867). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-41523 |
|
Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-33760 |
|
Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-53776 |
|
Vulnerability in CVE-2026-53776 (CVE-2026-53776)
vulnerability in CVE-2026-53776 (CVE-2026-53776). Confidential information can be exposed externally.
|
| CVE-2026-44932 |
|
OS Command Injection in CVE-2026-44932 (CVE-2026-44932)
OS command injection in CVE-2026-44932 (CVE-2026-44932). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39927 |
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
| CVE-2026-39926 |
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
| CVE-2026-24228 |
|
Unsafe Deserialization in deserialization (CVE-2026-24228)
vulnerability in deserialization (CVE-2026-24228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24155 |
|
Code Injection in nvidia (CVE-2026-24155)
code injection in nvidia (CVE-2026-24155). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12412 |
|
Rejected reason: loading template...
Rejected reason: loading template...
|
| CVE-2026-12003 |
|
Vulnerability in CVE-2026-12003 (CVE-2026-12003)
vulnerability in CVE-2026-12003 (CVE-2026-12003). Risk of unauthorized operations or information disclosure. Exploitable via ``Lib``.
|
| CVE-2026-10649 |
|
Vulnerability in dos (CVE-2026-10649)
vulnerability in dos (CVE-2026-10649). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71261 |
|
Vulnerability in github.com/harvester/harvester (CVE-2025-71261)
vulnerability in github.com/harvester/harvester (CVE-2025-71261). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
|
| CVE-2024-38487 |
|
Privilege Escalation in CVE-2024-38487 (CVE-2024-38487)
vulnerability in CVE-2024-38487 (CVE-2024-38487). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-30476 |
|
Cross-Site Scripting (XSS) in CVE-2024-30476 (CVE-2024-30476)
cross-site scripting in CVE-2024-30476 (CVE-2024-30476). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-24909 |
|
Command Injection in CVE-2024-24909 (CVE-2024-24909)
command injection in CVE-2024-24909 (CVE-2024-24909). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22451 |
|
Vulnerability in dell (CVE-2024-22451)
vulnerability in dell (CVE-2024-22451). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10831 |
|
Vulnerability in CVE-2026-10831 (CVE-2026-10831)
vulnerability in CVE-2026-10831 (CVE-2026-10831). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12398 |
|
OS Command Injection in galaxy-ng (CVE-2026-12398)
OS command injection in galaxy-ng (CVE-2026-12398). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10638 |
|
Use-After-Free in c (CVE-2026-10638)
vulnerability in c (CVE-2026-10638). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0647 |
|
Vulnerability in CVE-2026-0647 (CVE-2026-0647)
vulnerability in CVE-2026-0647 (CVE-2026-0647). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13036 |
|
Vulnerability in cisa (CVE-2025-13036)
vulnerability in cisa (CVE-2025-13036). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-11317 |
|
Vulnerability in dos (CVE-2026-11317)
vulnerability in dos (CVE-2026-11317). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0646 |
|
Vulnerability in cisa (CVE-2026-0646)
vulnerability in cisa (CVE-2026-0646). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-9307 |
|
Vulnerability in CVE-2026-9307 (CVE-2026-9307)
vulnerability in CVE-2026-9307 (CVE-2026-9307). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14272 |
|
Vulnerability in CVE-2025-14272 (CVE-2025-14272)
vulnerability in CVE-2025-14272 (CVE-2025-14272). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-22447 |
|
Vulnerability in dell (CVE-2024-22447)
vulnerability in dell (CVE-2024-22447). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11694 |
|
Vulnerability in cisa (CVE-2025-11694)
vulnerability in cisa (CVE-2025-11694). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48780 |
|
Authentication Bypass in CVE-2026-48780 (CVE-2026-48780)
authentication bypass in CVE-2026-48780 (CVE-2026-48780). Confidential information can be exposed externally. Exploitable via ``a2ab6d4``.
|
| CVE-2026-10640 |
|
Use-After-Free in c (CVE-2026-10640)
vulnerability in c (CVE-2026-10640). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10639 |
|
Use-After-Free in c (CVE-2026-10639)
vulnerability in c (CVE-2026-10639). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10637 |
|
Use-After-Free in c (CVE-2026-10637)
vulnerability in c (CVE-2026-10637). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-10636 |
|
Use-After-Free in c (CVE-2026-10636)
vulnerability in c (CVE-2026-10636). Risk of unauthorized operations or information disclosure.
|
| GHSA-m557-wrgg-6rp4 |
|
SSRF (Server-Side Request Forgery) in phpseclib/phpseclib (GHSA-m557-wrgg-6rp4)
SSRF in phpseclib/phpseclib (GHSA-m557-wrgg-6rp4). Risk of unauthorized operations or information disclosure. Exploitable via `GET /ssrf`. Mitigation: upgrade to `3.0.54` or later.
|
| GHSA-gr75-jv2w-4656 |
|
Path Traversal in langchain (GHSA-gr75-jv2w-4656)
path traversal in langchain (GHSA-gr75-jv2w-4656). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.3.9` or later.
|
| CVE-2026-54298 |
|
Cross-Site Scripting (XSS) in astro (CVE-2026-54298)
cross-site scripting in astro (CVE-2026-54298). Risk of unauthorized operations or information disclosure. Exploitable via ``spreadAttributes``. Mitigation: upgrade to `6.4.6` or later.
|
| CVE-2026-54299 |
|
Vulnerability in astro (CVE-2026-54299)
vulnerability in astro (CVE-2026-54299). Confidential information can be exposed externally. Exploitable via ``request.url``. Mitigation: upgrade to `6.4.6` or later.
|
| CVE-2026-54300 |
|
SSRF (Server-Side Request Forgery) in @astrojs/netlify (CVE-2026-54300)
SSRF in @astrojs/netlify (CVE-2026-54300). Risk of unauthorized operations or information disclosure. Exploitable via ``image.remotePatterns``. Mitigation: upgrade to `7.0.13` or later.
|
| CVE-2026-54293 |
|
Path Traversal in nltk (CVE-2026-54293)
path traversal in nltk (CVE-2026-54293). Confidential information can be exposed externally.
|
| CVE-2026-54288 |
|
Vulnerability in hono (CVE-2026-54288)
vulnerability in hono (CVE-2026-54288). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.25` or later.
|
| CVE-2026-54289 |
|
Vulnerability in hono (CVE-2026-54289)
vulnerability in hono (CVE-2026-54289). Risk of unauthorized operations or information disclosure. Exploitable via ``Headers.set``. Mitigation: upgrade to `4.12.25` or later.
|
| CVE-2026-54290 |
|
Vulnerability in hono (CVE-2026-54290)
vulnerability in hono (CVE-2026-54290). Confidential information can be exposed externally. Exploitable via ``origin``. Mitigation: upgrade to `4.12.25` or later.
|
| CVE-2026-54286 |
|
Path Traversal in hono (CVE-2026-54286)
path traversal in hono (CVE-2026-54286). Confidential information can be exposed externally. Mitigation: upgrade to `4.12.25` or later.
|
| CVE-2026-54287 |
|
Vulnerability in hono (CVE-2026-54287)
vulnerability in hono (CVE-2026-54287). Risk of unauthorized operations or information disclosure. Exploitable via ``Expires``. Mitigation: upgrade to `4.12.25` or later.
|
| GHSA-gj48-438w-jh9v |
|
Cross-Site Scripting (XSS) in bleach (GHSA-gj48-438w-jh9v)
cross-site scripting in bleach (GHSA-gj48-438w-jh9v). Risk of unauthorized operations or information disclosure. Exploitable via ``formaction``. Mitigation: upgrade to `6.4.0` or later.
|
| GHSA-g75f-g53v-794x |
|
Vulnerability in bleach (GHSA-g75f-g53v-794x)
vulnerability in bleach (GHSA-g75f-g53v-794x). Risk of unauthorized operations or information disclosure. Exploitable via `POST /preview`.
|
| GHSA-8rfp-98v4-mmr6 |
|
Vulnerability in bleach (GHSA-8rfp-98v4-mmr6)
vulnerability in bleach (GHSA-8rfp-98v4-mmr6). Risk of unauthorized operations or information disclosure. Exploitable via ``bleach.clean``. Mitigation: upgrade to `6.4.0` or later.
|