Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-52735 |
|
Vulnerability in zebra-script (CVE-2026-52735)
vulnerability in zebra-script (CVE-2026-52735). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `7.0.0` or later.
|
| CVE-2026-52736 |
|
Vulnerability in zebra-state (CVE-2026-52736)
vulnerability in zebra-state (CVE-2026-52736). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `7.0.0` or later.
|
| GHSA-h72h-ppcx-998p |
|
Vulnerability in zebra-network (GHSA-h72h-ppcx-998p)
vulnerability in zebra-network (GHSA-h72h-ppcx-998p). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `7.0.0` or later.
|
| CVE-2026-52732 |
|
Vulnerability in zebrad (CVE-2026-52732)
vulnerability in zebrad (CVE-2026-52732). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `4.5.0` or later.
|
| GHSA-c8w6-x74f-vmg3 |
|
Vulnerability in zebra-rpc (GHSA-c8w6-x74f-vmg3)
vulnerability in zebra-rpc (GHSA-c8w6-x74f-vmg3). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `8.0.0` or later.
|
| GHSA-f9ff-5x35-7gfw |
|
Vulnerability in @grackle-ai/mcp (GHSA-f9ff-5x35-7gfw)
vulnerability in @grackle-ai/mcp (GHSA-f9ff-5x35-7gfw). Risk of unauthorized operations or information disclosure. Exploitable via ``createGrpcClients``.
|
| GHSA-443g-gwgp-49x4 |
|
Vulnerability in zebrad (GHSA-443g-gwgp-49x4)
vulnerability in zebrad (GHSA-443g-gwgp-49x4). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `4.5.0` or later.
|
| CVE-2026-52731 |
|
Vulnerability in zebra-rpc (CVE-2026-52731)
vulnerability in zebra-rpc (CVE-2026-52731). Risk of unauthorized operations or information disclosure. Exploitable via ``zebrad``. Mitigation: upgrade to `8.0.0` or later.
|
| GHSA-q4rm-m6xh-5pv7 |
|
Vulnerability in froxlor/froxlor (GHSA-q4rm-m6xh-5pv7)
vulnerability in froxlor/froxlor (GHSA-q4rm-m6xh-5pv7). Risk of unauthorized operations or information disclosure. Exploitable via ``Mysqls.add``. Mitigation: upgrade to `2.3.7` or later.
|
| GHSA-mr9h-45p9-fg8h |
|
Information Disclosure in froxlor/froxlor (GHSA-mr9h-45p9-fg8h)
vulnerability in froxlor/froxlor (GHSA-mr9h-45p9-fg8h). Risk of unauthorized operations or information disclosure. Exploitable via ``mail.enable_allow_sender``. Mitigation: upgrade to `2.3.7` or later.
|
| CVE-2026-49255 |
|
OS Command Injection in electerm (CVE-2026-49255)
OS command injection in electerm (CVE-2026-49255). Risk of unauthorized operations or information disclosure. Exploitable via ``rmrf``. Mitigation: upgrade to `3.11.11` or later.
|
| CVE-2026-49254 |
|
Information Disclosure in d7y.io/dragonfly/v2 (CVE-2026-49254)
vulnerability in d7y.io/dragonfly/v2 (CVE-2026-49254). Risk of unauthorized operations or information disclosure. Exploitable via `GET /api/v1/oauth`. Mitigation: upgrade to `2.4.4` or later.
|
| CVE-2026-49253 |
|
Path Traversal in electerm (CVE-2026-49253)
path traversal in electerm (CVE-2026-49253). Risk of unauthorized operations or information disclosure. Exploitable via ``savedFilePaths``. Mitigation: upgrade to `3.11.11` or later.
|
| CVE-2026-49250 |
|
Vulnerability in @conform-to/dom (CVE-2026-49250)
vulnerability in @conform-to/dom (CVE-2026-49250). Risk of unauthorized operations or information disclosure. Exploitable via ``parseSubmission``. Mitigation: upgrade to `1.19.4` or later.
|
| CVE-2026-7311 |
|
Path Traversal in wordpress (CVE-2026-7311)
path traversal in wordpress (CVE-2026-7311). Data can be tampered with by attackers.
|
| CVE-2026-58465 |
|
Vulnerability in c (CVE-2026-58465)
vulnerability in c (CVE-2026-58465). Risk of unauthorized operations or information disclosure.
|
| GHSA-vv65-f55v-xm6g |
|
OS Command Injection in @grackle-ai/runtime-sdk (GHSA-vv65-f55v-xm6g)
OS command injection in @grackle-ai/runtime-sdk (GHSA-vv65-f55v-xm6g). Risk of unauthorized operations or information disclosure. Exploitable via ``git``.
|
| CVE-2026-49852 |
|
Authentication Bypass in joserfc (CVE-2026-49852)
authentication bypass in joserfc (CVE-2026-49852). Risk of unauthorized operations or information disclosure. Exploitable via ``joserfc.jwt.decode``. Mitigation: upgrade to `1.6.8` or later.
|
| CVE-2026-49245 |
|
Cross-Site Scripting (XSS) in github.com/drakkan/sftpgo/v2 (CVE-2026-49245)
cross-site scripting in github.com/drakkan/sftpgo/v2 (CVE-2026-49245). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.7.3` or later.
|
| CVE-2026-49244 |
|
Path Traversal in github.com/drakkan/sftpgo/v2 (CVE-2026-49244)
path traversal in github.com/drakkan/sftpgo/v2 (CVE-2026-49244). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.7.3` or later.
|
| CVE-2026-50290 |
|
Cross-Site Scripting (XSS) in @asymmetric-effort/specifyjs (CVE-2026-50290)
cross-site scripting in @asymmetric-effort/specifyjs (CVE-2026-50290). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.136` or later.
|
| GHSA-j5qp-p44g-2m49 |
|
SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (GHSA-j5qp-p44g-2m49)
SSRF in @asymmetric-effort/specifyjs (GHSA-j5qp-p44g-2m49). Risk of unauthorized operations or information disclosure. Exploitable via ``assertSecureUrl``. Mitigation: upgrade to `0.2.136` or later.
|
| GHSA-2944-57xv-2682 |
|
SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (GHSA-2944-57xv-2682)
SSRF in @asymmetric-effort/specifyjs (GHSA-2944-57xv-2682). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.2.136` or later.
|
| GHSA-xw57-23p8-9wc5 |
|
SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (GHSA-xw57-23p8-9wc5)
SSRF in @asymmetric-effort/specifyjs (GHSA-xw57-23p8-9wc5). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `0.2.136` or later.
|
| GHSA-qcr8-x557-7cp3 |
|
Vulnerability in @asymmetric-effort/specifyjs (GHSA-qcr8-x557-7cp3)
vulnerability in @asymmetric-effort/specifyjs (GHSA-qcr8-x557-7cp3). Risk of unauthorized operations or information disclosure. Exploitable via ``console.warn``. Mitigation: upgrade to `0.2.140` or later.
|
| GHSA-5c7w-4wm3-85vw |
|
Vulnerability in @asymmetric-effort/specifyjs (GHSA-5c7w-4wm3-85vw)
vulnerability in @asymmetric-effort/specifyjs (GHSA-5c7w-4wm3-85vw). Risk of unauthorized operations or information disclosure. Exploitable via ``gql``. Mitigation: upgrade to `0.2.136` or later.
|
| CVE-2026-50288 |
|
SSRF (Server-Side Request Forgery) in @asymmetric-effort/specifyjs (CVE-2026-50288)
SSRF in @asymmetric-effort/specifyjs (CVE-2026-50288). Risk of unauthorized operations or information disclosure. Exploitable via ``assertSecureUrl``. Mitigation: upgrade to `0.2.136` or later.
|
| CVE-2026-44454 |
|
OS Command Injection in github.com/coder/coder/v2 (CVE-2026-44454)
OS command injection in github.com/coder/coder/v2 (CVE-2026-44454). Confidential information can be exposed externally. Exploitable via ``dotfiles``. Mitigation: upgrade to `2.30.2` or later.
|
| CVE-2026-52854 |
|
Cross-Site Scripting (XSS) in mediawiki/maps (CVE-2026-52854)
cross-site scripting in mediawiki/maps (CVE-2026-52854). Risk of unauthorized operations or information disclosure. Exploitable via ``overlays``. Mitigation: upgrade to `12.1.3` or later.
|
| CVE-2026-50180 |
|
Path Traversal in langroid (CVE-2026-50180)
path traversal in langroid (CVE-2026-50180). Risk of unauthorized operations or information disclosure. Exploitable via ``SQLChatAgent``. Mitigation: upgrade to `0.64.0` or later.
|
| CVE-2026-50181 |
|
Path Traversal in langroid (CVE-2026-50181)
path traversal in langroid (CVE-2026-50181). Risk of unauthorized operations or information disclosure. Exploitable via ``ReadFileTool``. Mitigation: upgrade to `0.64.0` or later.
|
| CVE-2026-50192 |
|
Information Disclosure in github.com/kerberos-io/agent/machinery (CVE-2026-50192)
vulnerability in github.com/kerberos-io/agent/machinery (CVE-2026-50192). Risk of unauthorized operations or information disclosure. Exploitable via `POST /storage/upload`. Mitigation: upgrade to `0.0.0-20260528173546-51f1a52e170f` or later.
|
| GHSA-p73f-w79w-jqr5 |
|
Authorization Flaw in openclaw (GHSA-p73f-w79w-jqr5)
vulnerability in openclaw (GHSA-p73f-w79w-jqr5). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.6` or later.
|
| GHSA-j472-gf56-x589 |
|
Vulnerability in openclaw (GHSA-j472-gf56-x589)
vulnerability in openclaw (GHSA-j472-gf56-x589). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
|
| GHSA-77q5-rr5v-x43q |
|
Vulnerability in openclaw (GHSA-77q5-rr5v-x43q)
vulnerability in openclaw (GHSA-77q5-rr5v-x43q). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.7` or later.
|
| GHSA-w5ww-7chg-mxcq |
|
Authorization Flaw in openclaw (GHSA-w5ww-7chg-mxcq)
vulnerability in openclaw (GHSA-w5ww-7chg-mxcq). Risk of unauthorized operations or information disclosure. Exploitable via ``commands.allowFrom``. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-50185 |
|
Vulnerability in cmov (CVE-2026-50185)
vulnerability in cmov (CVE-2026-50185). Risk of unauthorized operations or information disclosure. Exploitable via ``Cmov``. Mitigation: upgrade to `0.5.4` or later.
|
| CVE-2026-8699 |
|
Cross-Site Scripting (XSS) in CVE-2026-8699 (CVE-2026-8699)
cross-site scripting in CVE-2026-8699 (CVE-2026-8699). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55952 |
|
Vulnerability in erlang (CVE-2026-55952)
vulnerability in erlang (CVE-2026-55952). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55950 |
|
Vulnerability in dos (CVE-2026-55950)
vulnerability in dos (CVE-2026-55950). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54891 |
|
Vulnerability in erlang (CVE-2026-54891)
vulnerability in erlang (CVE-2026-54891). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54887 |
|
Vulnerability in erlang (CVE-2026-54887)
vulnerability in erlang (CVE-2026-54887). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54886 |
|
Vulnerability in dos (CVE-2026-54886)
vulnerability in dos (CVE-2026-54886). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53422 |
|
Vulnerability in erlang (CVE-2026-53422)
vulnerability in erlang (CVE-2026-53422). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50282 |
|
Vulnerability in craftcms/cms (CVE-2026-50282)
vulnerability in craftcms/cms (CVE-2026-50282). Risk of unauthorized operations or information disclosure. Exploitable via ``deleteAssets``. Mitigation: upgrade to `4.17.14` or later.
|
| CVE-2026-50281 |
|
Vulnerability in craftcms/cms (CVE-2026-50281)
vulnerability in craftcms/cms (CVE-2026-50281). Risk of unauthorized operations or information disclosure. Exploitable via ``newAttributes``. Mitigation: upgrade to `5.9.21` or later.
|
| CVE-2024-58352 |
|
Vulnerability in CVE-2024-58352 (CVE-2024-58352)
vulnerability in CVE-2024-58352 (CVE-2024-58352). Confidential information can be exposed externally.
|
| CVE-2024-14037 |
|
Unrestricted File Upload in CVE-2024-14037 (CVE-2024-14037)
vulnerability in CVE-2024-14037 (CVE-2024-14037). Successful exploitation can lead to full system takeover.
|
| CVE-2022-50973 |
|
Unrestricted File Upload in CVE-2022-50973 (CVE-2022-50973)
vulnerability in CVE-2022-50973 (CVE-2022-50973). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50149 |
|
Vulnerability in github.com/projectcontour/contour (CVE-2026-50149)
vulnerability in github.com/projectcontour/contour (CVE-2026-50149). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTPProxy``. Mitigation: upgrade to `1.33.5` or later.
|