Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-52735 Vulnerability in zebra-script (CVE-2026-52735)
vulnerability in zebra-script (CVE-2026-52735). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-52736 Vulnerability in zebra-state (CVE-2026-52736)
vulnerability in zebra-state (CVE-2026-52736). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `7.0.0` or later.
GHSA-h72h-ppcx-998p Vulnerability in zebra-network (GHSA-h72h-ppcx-998p)
vulnerability in zebra-network (GHSA-h72h-ppcx-998p). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `7.0.0` or later.
CVE-2026-52732 Vulnerability in zebrad (CVE-2026-52732)
vulnerability in zebrad (CVE-2026-52732). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `4.5.0` or later.
GHSA-c8w6-x74f-vmg3 Vulnerability in zebra-rpc (GHSA-c8w6-x74f-vmg3)
vulnerability in zebra-rpc (GHSA-c8w6-x74f-vmg3). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `8.0.0` or later.
GHSA-f9ff-5x35-7gfw Vulnerability in @grackle-ai/mcp (GHSA-f9ff-5x35-7gfw)
vulnerability in @grackle-ai/mcp (GHSA-f9ff-5x35-7gfw). Risk of unauthorized operations or information disclosure. Exploitable via ``createGrpcClients``.
GHSA-443g-gwgp-49x4 Vulnerability in zebrad (GHSA-443g-gwgp-49x4)
vulnerability in zebrad (GHSA-443g-gwgp-49x4). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `4.5.0` or later.
CVE-2026-52731 Vulnerability in zebra-rpc (CVE-2026-52731)
vulnerability in zebra-rpc (CVE-2026-52731). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `8.0.0` or later.
GHSA-q4rm-m6xh-5pv7 Vulnerability in froxlor/froxlor (GHSA-q4rm-m6xh-5pv7)
vulnerability in froxlor/froxlor (GHSA-q4rm-m6xh-5pv7). Risk of unauthorized operations or information disclosure. Exploitable via ``Mysqls.add``. Mitigation: upgrade to `2.3.7` or later.
GHSA-mr9h-45p9-fg8h Information Disclosure in froxlor/froxlor (GHSA-mr9h-45p9-fg8h)
vulnerability in froxlor/froxlor (GHSA-mr9h-45p9-fg8h). Risk of unauthorized operations or information disclosure. Exploitable via ``mail.enable_allow_sender``. Mitigation: upgrade to `2.3.7` or later.
CVE-2026-49255 OS Command Injection in electerm (CVE-2026-49255)
OS command injection in electerm (CVE-2026-49255). Risk of unauthorized operations or information disclosure. Exploitable via ``rmrf``. Mitigation: upgrade to `3.11.11` or later.
CVE-2026-49254 Information Disclosure in d7y.io/dragonfly/v2 (CVE-2026-49254)
vulnerability in d7y.io/dragonfly/v2 (CVE-2026-49254). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/oauth`. Mitigation: upgrade to `2.4.4` or later.
CVE-2026-49253 Path Traversal in electerm (CVE-2026-49253)
path traversal in electerm (CVE-2026-49253). Risk of unauthorized operations or information disclosure. Exploitable via ``savedFilePaths``. Mitigation: upgrade to `3.11.11` or later.
CVE-2026-49250 Vulnerability in @conform-to/dom (CVE-2026-49250)
vulnerability in @conform-to/dom (CVE-2026-49250). Risk of unauthorized operations or information disclosure. Exploitable via ``parseSubmission``. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-7311 Path Traversal in wordpress (CVE-2026-7311)
path traversal in wordpress (CVE-2026-7311). Data can be tampered with by attackers.
CVE-2026-58465 Vulnerability in c (CVE-2026-58465)
vulnerability in c (CVE-2026-58465). Risk of unauthorized operations or information disclosure.
GHSA-vv65-f55v-xm6g OS Command Injection in @grackle-ai/runtime-sdk (GHSA-vv65-f55v-xm6g)
OS command injection in @grackle-ai/runtime-sdk (GHSA-vv65-f55v-xm6g). Risk of unauthorized operations or information disclosure. Exploitable via ``git``.
CVE-2026-49852 Authentication Bypass in joserfc (CVE-2026-49852)
authentication bypass in joserfc (CVE-2026-49852). Risk of unauthorized operations or information disclosure. Exploitable via ``joserfc.jwt.decode``. Mitigation: upgrade to `1.6.8` or later.
CVE-2026-49245 Cross-Site Scripting (XSS) in github.com/drakkan/sftpgo/v2 (CVE-2026-49245)
cross-site scripting in github.com/drakkan/sftpgo/v2 (CVE-2026-49245). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.7.3` or later.
CVE-2026-49244 Path Traversal in github.com/drakkan/sftpgo/v2 (CVE-2026-49244)
path traversal in github.com/drakkan/sftpgo/v2 (CVE-2026-49244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.7.3` or later.
CVE-2026-50290 Cross-Site Scripting (XSS) in @asymmetric-effort/specifyjs (CVE-2026-50290)
cross-site scripting in @asymmetric-effort/specifyjs (CVE-2026-50290). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.136` or later.
GHSA-j5qp-p44g-2m49 SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (GHSA-j5qp-p44g-2m49)
SSRF in @asymmetric-effort/specifyjs (GHSA-j5qp-p44g-2m49). Risk of unauthorized operations or information disclosure. Exploitable via ``assertSecureUrl``. Mitigation: upgrade to `0.2.136` or later.
GHSA-2944-57xv-2682 SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (GHSA-2944-57xv-2682)
SSRF in @asymmetric-effort/specifyjs (GHSA-2944-57xv-2682). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.136` or later.
GHSA-xw57-23p8-9wc5 SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (GHSA-xw57-23p8-9wc5)
SSRF in @asymmetric-effort/specifyjs (GHSA-xw57-23p8-9wc5). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `0.2.136` or later.
GHSA-qcr8-x557-7cp3 Vulnerability in @asymmetric-effort/specifyjs (GHSA-qcr8-x557-7cp3)
vulnerability in @asymmetric-effort/specifyjs (GHSA-qcr8-x557-7cp3). Risk of unauthorized operations or information disclosure. Exploitable via ``console.warn``. Mitigation: upgrade to `0.2.140` or later.
GHSA-5c7w-4wm3-85vw Vulnerability in @asymmetric-effort/specifyjs (GHSA-5c7w-4wm3-85vw)
vulnerability in @asymmetric-effort/specifyjs (GHSA-5c7w-4wm3-85vw). Risk of unauthorized operations or information disclosure. Exploitable via ``gql``. Mitigation: upgrade to `0.2.136` or later.
CVE-2026-50288 SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (CVE-2026-50288)
SSRF in @asymmetric-effort/specifyjs (CVE-2026-50288). Risk of unauthorized operations or information disclosure. Exploitable via ``assertSecureUrl``. Mitigation: upgrade to `0.2.136` or later.
CVE-2026-44454 OS Command Injection in github.com/coder/coder/v2 (CVE-2026-44454)
OS command injection in github.com/coder/coder/v2 (CVE-2026-44454). Confidential information can be exposed externally. Exploitable via ``dotfiles``. Mitigation: upgrade to `2.30.2` or later.
CVE-2026-52854 Cross-Site Scripting (XSS) in mediawiki/maps (CVE-2026-52854)
cross-site scripting in mediawiki/maps (CVE-2026-52854). Risk of unauthorized operations or information disclosure. Exploitable via ``overlays``. Mitigation: upgrade to `12.1.3` or later.
CVE-2026-50180 Path Traversal in langroid (CVE-2026-50180)
path traversal in langroid (CVE-2026-50180). Risk of unauthorized operations or information disclosure. Exploitable via ``SQLChatAgent``. Mitigation: upgrade to `0.64.0` or later.
CVE-2026-50181 Path Traversal in langroid (CVE-2026-50181)
path traversal in langroid (CVE-2026-50181). Risk of unauthorized operations or information disclosure. Exploitable via ``ReadFileTool``. Mitigation: upgrade to `0.64.0` or later.
CVE-2026-50192 Information Disclosure in github.com/kerberos-io/agent/machinery (CVE-2026-50192)
vulnerability in github.com/kerberos-io/agent/machinery (CVE-2026-50192). Risk of unauthorized operations or information disclosure. Exploitable via `POST /storage/upload`. Mitigation: upgrade to `0.0.0-20260528173546-51f1a52e170f` or later.
GHSA-p73f-w79w-jqr5 Authorization Flaw in openclaw (GHSA-p73f-w79w-jqr5)
vulnerability in openclaw (GHSA-p73f-w79w-jqr5). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.6` or later.
GHSA-j472-gf56-x589 Vulnerability in openclaw (GHSA-j472-gf56-x589)
vulnerability in openclaw (GHSA-j472-gf56-x589). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
GHSA-77q5-rr5v-x43q Vulnerability in openclaw (GHSA-77q5-rr5v-x43q)
vulnerability in openclaw (GHSA-77q5-rr5v-x43q). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.7` or later.
GHSA-w5ww-7chg-mxcq Authorization Flaw in openclaw (GHSA-w5ww-7chg-mxcq)
vulnerability in openclaw (GHSA-w5ww-7chg-mxcq). Risk of unauthorized operations or information disclosure. Exploitable via ``commands.allowFrom``. Mitigation: upgrade to `2026.5.6` or later.
CVE-2026-50185 Vulnerability in cmov (CVE-2026-50185)
vulnerability in cmov (CVE-2026-50185). Risk of unauthorized operations or information disclosure. Exploitable via ``Cmov``. Mitigation: upgrade to `0.5.4` or later.
CVE-2026-8699 Cross-Site Scripting (XSS) in CVE-2026-8699 (CVE-2026-8699)
cross-site scripting in CVE-2026-8699 (CVE-2026-8699). Risk of unauthorized operations or information disclosure.
CVE-2026-55952 Vulnerability in erlang (CVE-2026-55952)
vulnerability in erlang (CVE-2026-55952). Risk of unauthorized operations or information disclosure.
CVE-2026-55950 Vulnerability in dos (CVE-2026-55950)
vulnerability in dos (CVE-2026-55950). Risk of unauthorized operations or information disclosure.
CVE-2026-54891 Vulnerability in erlang (CVE-2026-54891)
vulnerability in erlang (CVE-2026-54891). Risk of unauthorized operations or information disclosure.
CVE-2026-54887 Vulnerability in erlang (CVE-2026-54887)
vulnerability in erlang (CVE-2026-54887). Risk of unauthorized operations or information disclosure.
CVE-2026-54886 Vulnerability in dos (CVE-2026-54886)
vulnerability in dos (CVE-2026-54886). Risk of unauthorized operations or information disclosure.
CVE-2026-53422 Vulnerability in erlang (CVE-2026-53422)
vulnerability in erlang (CVE-2026-53422). Risk of unauthorized operations or information disclosure.
CVE-2026-50282 Vulnerability in craftcms/cms (CVE-2026-50282)
vulnerability in craftcms/cms (CVE-2026-50282). Risk of unauthorized operations or information disclosure. Exploitable via ``deleteAssets``. Mitigation: upgrade to `4.17.14` or later.
CVE-2026-50281 Vulnerability in craftcms/cms (CVE-2026-50281)
vulnerability in craftcms/cms (CVE-2026-50281). Risk of unauthorized operations or information disclosure. Exploitable via ``newAttributes``. Mitigation: upgrade to `5.9.21` or later.
CVE-2024-58352 Vulnerability in CVE-2024-58352 (CVE-2024-58352)
vulnerability in CVE-2024-58352 (CVE-2024-58352). Confidential information can be exposed externally.
CVE-2024-14037 Unrestricted File Upload in CVE-2024-14037 (CVE-2024-14037)
vulnerability in CVE-2024-14037 (CVE-2024-14037). Successful exploitation can lead to full system takeover.
CVE-2022-50973 Unrestricted File Upload in CVE-2022-50973 (CVE-2022-50973)
vulnerability in CVE-2022-50973 (CVE-2022-50973). Successful exploitation can lead to full system takeover.
CVE-2026-50149 Vulnerability in github.com/projectcontour/contour (CVE-2026-50149)
vulnerability in github.com/projectcontour/contour (CVE-2026-50149). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTPProxy``. Mitigation: upgrade to `1.33.5` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →