Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-34034 OS Command Injection in CVE-2026-34034 (CVE-2026-34034)
OS command injection in CVE-2026-34034 (CVE-2026-34034). Successful exploitation can lead to full system takeover.
CVE-2026-42204 OS Command Injection in CVE-2026-42204 (CVE-2026-42204)
OS command injection in CVE-2026-42204 (CVE-2026-42204). Successful exploitation can lead to full system takeover.
CVE-2026-42153 OS Command Injection in CVE-2026-42153 (CVE-2026-42153)
OS command injection in CVE-2026-42153 (CVE-2026-42153). Successful exploitation can lead to full system takeover.
CVE-2026-38976 Vulnerability in c (CVE-2026-38976)
vulnerability in c (CVE-2026-38976). Risk of unauthorized operations or information disclosure.
CVE-2026-34599 OS Command Injection in CVE-2026-34599 (CVE-2026-34599)
OS command injection in CVE-2026-34599 (CVE-2026-34599). Successful exploitation can lead to full system takeover.
CVE-2026-34153 OS Command Injection in CVE-2026-34153 (CVE-2026-34153)
OS command injection in CVE-2026-34153 (CVE-2026-34153). Successful exploitation can lead to full system takeover.
CVE-2026-59713 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-59713)
vulnerability in csrf (CVE-2026-59713). Confidential information can be exposed externally.
CVE-2026-55727 Authentication Bypass in CVE-2026-55727 (CVE-2026-55727)
authentication bypass in CVE-2026-55727 (CVE-2026-55727). Confidential information can be exposed externally.
CVE-2026-59712 Vulnerability in CVE-2026-59712 (CVE-2026-59712)
vulnerability in CVE-2026-59712 (CVE-2026-59712). Confidential information can be exposed externally.
CVE-2026-25268 Vulnerability in qualcomm (CVE-2026-25268)
vulnerability in qualcomm (CVE-2026-25268). Successful exploitation can lead to full system takeover.
CVE-2026-25271 Vulnerability in qualcomm (CVE-2026-25271)
vulnerability in qualcomm (CVE-2026-25271). Successful exploitation can lead to full system takeover.
CVE-2026-21383 Vulnerability in qualcomm (CVE-2026-21383)
vulnerability in qualcomm (CVE-2026-21383). Confidential information can be exposed externally.
CVE-2026-21379 Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
CVE-2026-14468 Path Traversal in CVE-2026-14468 (CVE-2026-14468)
path traversal in CVE-2026-14468 (CVE-2026-14468). Confidential information can be exposed externally.
CVE-2026-14471 SQL Injection in Amazon aws (CVE-2026-14471)
SQL injection in Amazon aws (CVE-2026-14471). Confidential information can be exposed externally.
CVE-2026-57573 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
SSRF in ssrf (CVE-2026-57573). Confidential information can be exposed externally. Exploitable via `POST /crawl/stream`.
CVE-2026-55574 Vulnerability in vllm (CVE-2026-55574)
vulnerability in vllm (CVE-2026-55574). Risk of unauthorized operations or information disclosure.
CVE-2026-54765 Vulnerability in traefik (CVE-2026-54765)
vulnerability in traefik (CVE-2026-54765). Data can be tampered with by attackers.
CVE-2026-54234 Vulnerability in dos (CVE-2026-54234)
vulnerability in dos (CVE-2026-54234). Risk of unauthorized operations or information disclosure.
CVE-2026-55436 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55436)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55436). Confidential information can be exposed externally. Exploitable via ``aibridgeproxyd``. Mitigation: upgrade to `2.32.7` or later.
CVE-2026-55431 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55431)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55431). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55428 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55428)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55428). Confidential information can be exposed externally. Exploitable via ``Addresses``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55429 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55429)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55429). Confidential information can be exposed externally. Exploitable via ``UpsertWorkspaceApp``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55427 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55427)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55427). Successful exploitation can lead to full system takeover. Exploitable via ``HostnameSuffix``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55077 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55077)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55077). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v2/users/{user}/password`. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55075 Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55075)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55075). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55076 Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55076)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55076). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-14536 Authorization Flaw in devolutions (CVE-2026-14536)
vulnerability in devolutions (CVE-2026-14536). Successful exploitation can lead to full system takeover.
CVE-2026-55380 Vulnerability in c (CVE-2026-55380)
vulnerability in c (CVE-2026-55380). Risk of unauthorized operations or information disclosure.
CVE-2026-55379 Vulnerability in pillow (CVE-2026-55379)
vulnerability in pillow (CVE-2026-55379). Risk of unauthorized operations or information disclosure.
CVE-2026-54060 Vulnerability in pillow (CVE-2026-54060)
vulnerability in pillow (CVE-2026-54060). Risk of unauthorized operations or information disclosure.
CVE-2026-54059 Vulnerability in pillow (CVE-2026-54059)
vulnerability in pillow (CVE-2026-54059). Risk of unauthorized operations or information disclosure.
CVE-2026-13753 Vulnerability in CVE-2026-13753 (CVE-2026-13753)
vulnerability in CVE-2026-13753 (CVE-2026-13753). Confidential information can be exposed externally.
CVE-2026-43825 Unsafe Deserialization in apache (CVE-2026-43825)
vulnerability in apache (CVE-2026-43825). Risk of unauthorized operations or information disclosure.
CVE-2026-40140 Vulnerability in beyondtrust (CVE-2026-40140)
vulnerability in beyondtrust (CVE-2026-40140). Risk of unauthorized operations or information disclosure.
CVE-2026-40138 Authentication Bypass in beyondtrust (CVE-2026-40138)
authentication bypass in beyondtrust (CVE-2026-40138). Successful exploitation can lead to full system takeover.
CVE-2025-53831 Cross-Site Scripting (XSS) in CVE-2025-53831 (CVE-2025-53831)
cross-site scripting in CVE-2025-53831 (CVE-2025-53831). Confidential information can be exposed externally.
CVE-2026-59196 Path Traversal in pnpm (CVE-2026-59196)
path traversal in pnpm (CVE-2026-59196). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
CVE-2026-59195 Path Traversal in pnpm (CVE-2026-59195)
path traversal in pnpm (CVE-2026-59195). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
CVE-2026-59194 Path Traversal in pnpm (CVE-2026-59194)
path traversal in pnpm (CVE-2026-59194). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
CVE-2025-53829 Vulnerability in path-traversal (CVE-2025-53829)
vulnerability in path-traversal (CVE-2025-53829). Successful exploitation can lead to full system takeover.
CVE-2025-53828 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53828)
SSRF in ssrf (CVE-2025-53828). Successful exploitation can lead to full system takeover.
CVE-2026-58380 Vulnerability in dos (CVE-2026-58380)
vulnerability in dos (CVE-2026-58380). Successful exploitation can lead to full system takeover.
CVE-2026-13708 Vulnerability in dos (CVE-2026-13708)
vulnerability in dos (CVE-2026-13708). Risk of unauthorized operations or information disclosure.
CVE-2026-13705 Out-of-Bounds Read in CVE-2026-13705 (CVE-2026-13705)
vulnerability in CVE-2026-13705 (CVE-2026-13705). Confidential information can be exposed externally.
CVE-2026-6900 Vulnerability in CVE-2026-6900 (CVE-2026-6900)
vulnerability in CVE-2026-6900 (CVE-2026-6900). Confidential information can be exposed externally.
CVE-2026-6901 Vulnerability in CVE-2026-6901 (CVE-2026-6901)
vulnerability in CVE-2026-6901 (CVE-2026-6901). Confidential information can be exposed externally.
CVE-2026-49042 Vulnerability in apache (CVE-2026-49042)
vulnerability in apache (CVE-2026-49042). Risk of unauthorized operations or information disclosure.
CVE-2026-4249 Vulnerability in dos (CVE-2026-4249)
vulnerability in dos (CVE-2026-4249). Risk of unauthorized operations or information disclosure.
CVE-2026-49297 Path Traversal in apache (CVE-2026-49297)
path traversal in apache (CVE-2026-49297). Data can be tampered with by attackers. Exploitable via ``GCSToSFTPOperator``.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →