Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-34034 |
|
OS Command Injection in CVE-2026-34034 (CVE-2026-34034)
OS command injection in CVE-2026-34034 (CVE-2026-34034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42204 |
|
OS Command Injection in CVE-2026-42204 (CVE-2026-42204)
OS command injection in CVE-2026-42204 (CVE-2026-42204). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42153 |
|
OS Command Injection in CVE-2026-42153 (CVE-2026-42153)
OS command injection in CVE-2026-42153 (CVE-2026-42153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38976 |
|
Vulnerability in c (CVE-2026-38976)
vulnerability in c (CVE-2026-38976). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34599 |
|
OS Command Injection in CVE-2026-34599 (CVE-2026-34599)
OS command injection in CVE-2026-34599 (CVE-2026-34599). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34153 |
|
OS Command Injection in CVE-2026-34153 (CVE-2026-34153)
OS command injection in CVE-2026-34153 (CVE-2026-34153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-59713 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-59713)
vulnerability in csrf (CVE-2026-59713). Confidential information can be exposed externally.
|
| CVE-2026-55727 |
|
Authentication Bypass in CVE-2026-55727 (CVE-2026-55727)
authentication bypass in CVE-2026-55727 (CVE-2026-55727). Confidential information can be exposed externally.
|
| CVE-2026-59712 |
|
Vulnerability in CVE-2026-59712 (CVE-2026-59712)
vulnerability in CVE-2026-59712 (CVE-2026-59712). Confidential information can be exposed externally.
|
| CVE-2026-25268 |
|
Vulnerability in qualcomm (CVE-2026-25268)
vulnerability in qualcomm (CVE-2026-25268). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25271 |
|
Vulnerability in qualcomm (CVE-2026-25271)
vulnerability in qualcomm (CVE-2026-25271). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21383 |
|
Vulnerability in qualcomm (CVE-2026-21383)
vulnerability in qualcomm (CVE-2026-21383). Confidential information can be exposed externally.
|
| CVE-2026-21379 |
|
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
|
| CVE-2026-14468 |
|
Path Traversal in CVE-2026-14468 (CVE-2026-14468)
path traversal in CVE-2026-14468 (CVE-2026-14468). Confidential information can be exposed externally.
|
| CVE-2026-14471 |
|
SQL Injection in Amazon aws (CVE-2026-14471)
SQL injection in Amazon aws (CVE-2026-14471). Confidential information can be exposed externally.
|
| CVE-2026-57573 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
SSRF in ssrf (CVE-2026-57573). Confidential information can be exposed externally. Exploitable via `POST /crawl/stream`.
|
| CVE-2026-55574 |
|
Vulnerability in vllm (CVE-2026-55574)
vulnerability in vllm (CVE-2026-55574). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54765 |
|
Vulnerability in traefik (CVE-2026-54765)
vulnerability in traefik (CVE-2026-54765). Data can be tampered with by attackers.
|
| CVE-2026-54234 |
|
Vulnerability in dos (CVE-2026-54234)
vulnerability in dos (CVE-2026-54234). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55436 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55436)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55436). Confidential information can be exposed externally. Exploitable via ``aibridgeproxyd``. Mitigation: upgrade to `2.32.7` or later.
|
| CVE-2026-55431 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55431)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55431). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55428 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55428)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55428). Confidential information can be exposed externally. Exploitable via ``Addresses``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55429 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55429)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55429). Confidential information can be exposed externally. Exploitable via ``UpsertWorkspaceApp``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55427 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55427)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55427). Successful exploitation can lead to full system takeover. Exploitable via ``HostnameSuffix``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55077 |
|
Vulnerability in github.com/coder/coder/v2 (CVE-2026-55077)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55077). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v2/users/{user}/password`. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55075 |
|
Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55075)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55075). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-55076 |
|
Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55076)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55076). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
|
| CVE-2026-14536 |
|
Authorization Flaw in devolutions (CVE-2026-14536)
vulnerability in devolutions (CVE-2026-14536). Successful exploitation can lead to full system takeover.
|
| CVE-2026-55380 |
|
Vulnerability in c (CVE-2026-55380)
vulnerability in c (CVE-2026-55380). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55379 |
|
Vulnerability in pillow (CVE-2026-55379)
vulnerability in pillow (CVE-2026-55379). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54060 |
|
Vulnerability in pillow (CVE-2026-54060)
vulnerability in pillow (CVE-2026-54060). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54059 |
|
Vulnerability in pillow (CVE-2026-54059)
vulnerability in pillow (CVE-2026-54059). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13753 |
|
Vulnerability in CVE-2026-13753 (CVE-2026-13753)
vulnerability in CVE-2026-13753 (CVE-2026-13753). Confidential information can be exposed externally.
|
| CVE-2026-43825 |
|
Unsafe Deserialization in apache (CVE-2026-43825)
vulnerability in apache (CVE-2026-43825). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40140 |
|
Vulnerability in beyondtrust (CVE-2026-40140)
vulnerability in beyondtrust (CVE-2026-40140). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40138 |
|
Authentication Bypass in beyondtrust (CVE-2026-40138)
authentication bypass in beyondtrust (CVE-2026-40138). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53831 |
|
Cross-Site Scripting (XSS) in CVE-2025-53831 (CVE-2025-53831)
cross-site scripting in CVE-2025-53831 (CVE-2025-53831). Confidential information can be exposed externally.
|
| CVE-2026-59196 |
|
Path Traversal in pnpm (CVE-2026-59196)
path traversal in pnpm (CVE-2026-59196). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
|
| CVE-2026-59195 |
|
Path Traversal in pnpm (CVE-2026-59195)
path traversal in pnpm (CVE-2026-59195). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
|
| CVE-2026-59194 |
|
Path Traversal in pnpm (CVE-2026-59194)
path traversal in pnpm (CVE-2026-59194). Data can be tampered with by attackers. Mitigation: upgrade to `10.34.4` or later.
|
| CVE-2025-53829 |
|
Vulnerability in path-traversal (CVE-2025-53829)
vulnerability in path-traversal (CVE-2025-53829). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53828 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-53828)
SSRF in ssrf (CVE-2025-53828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58380 |
|
Vulnerability in dos (CVE-2026-58380)
vulnerability in dos (CVE-2026-58380). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13708 |
|
Vulnerability in dos (CVE-2026-13708)
vulnerability in dos (CVE-2026-13708). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-13705 |
|
Out-of-Bounds Read in CVE-2026-13705 (CVE-2026-13705)
vulnerability in CVE-2026-13705 (CVE-2026-13705). Confidential information can be exposed externally.
|
| CVE-2026-6900 |
|
Vulnerability in CVE-2026-6900 (CVE-2026-6900)
vulnerability in CVE-2026-6900 (CVE-2026-6900). Confidential information can be exposed externally.
|
| CVE-2026-6901 |
|
Vulnerability in CVE-2026-6901 (CVE-2026-6901)
vulnerability in CVE-2026-6901 (CVE-2026-6901). Confidential information can be exposed externally.
|
| CVE-2026-49042 |
|
Vulnerability in apache (CVE-2026-49042)
vulnerability in apache (CVE-2026-49042). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4249 |
|
Vulnerability in dos (CVE-2026-4249)
vulnerability in dos (CVE-2026-4249). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49297 |
|
Path Traversal in apache (CVE-2026-49297)
path traversal in apache (CVE-2026-49297). Data can be tampered with by attackers. Exploitable via ``GCSToSFTPOperator``.
|