Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50163 |
|
Path Traversal in oras.land/oras-go/v2 (CVE-2026-50163)
path traversal in oras.land/oras-go/v2 (CVE-2026-50163). Risk of unauthorized operations or information disclosure. Exploitable via ``ensureLinkPath``.
|
| CVE-2026-50162 |
|
Vulnerability in oras.land/oras-go/v2 (CVE-2026-50162)
vulnerability in oras.land/oras-go/v2 (CVE-2026-50162). Risk of unauthorized operations or information disclosure. Exploitable via ``workingDir``. Mitigation: upgrade to `2.6.1` or later.
|
| CVE-2026-58593 |
|
Vulnerability in nodebb (CVE-2026-58593)
vulnerability in nodebb (CVE-2026-58593). Data can be tampered with by attackers.
|
| CVE-2026-58592 |
|
Out-of-Bounds Write in cpp (CVE-2026-58592)
out-of-bounds write in cpp (CVE-2026-58592). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14363 |
|
SQL Injection in sqli (CVE-2026-14363)
SQL injection in sqli (CVE-2026-14363). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50521 |
|
Use-After-Free in microsoft (CVE-2026-50521)
vulnerability in microsoft (CVE-2026-50521). Confidential information can be exposed externally.
|
| CVE-2026-14340 |
|
Authorization Flaw in github (CVE-2026-14340)
vulnerability in github (CVE-2026-14340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58517 |
|
Vulnerability in CVE-2026-58517 (CVE-2026-58517)
vulnerability in CVE-2026-58517 (CVE-2026-58517). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58451 |
|
Path Traversal in csrf (CVE-2026-58451)
path traversal in csrf (CVE-2026-58451). Confidential information can be exposed externally.
|
| CVE-2026-58457 |
|
OS Command Injection in CVE-2026-58457 (CVE-2026-58457)
OS command injection in CVE-2026-58457 (CVE-2026-58457). Successful exploitation can lead to full system takeover.
|
| CVE-2026-51947 |
|
Unsafe Deserialization in CVE-2026-51947 (CVE-2026-51947)
vulnerability in CVE-2026-51947 (CVE-2026-51947). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49119 |
|
Path Traversal in path-traversal (CVE-2026-49119)
path traversal in path-traversal (CVE-2026-49119). Confidential information can be exposed externally.
|
| CVE-2026-38142 |
|
Command Injection in CVE-2026-38142 (CVE-2026-38142)
command injection in CVE-2026-38142 (CVE-2026-38142). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41121 |
|
Vulnerability in dell (CVE-2026-41121)
vulnerability in dell (CVE-2026-41121). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14358 |
|
Cross-Site Scripting (XSS) in CVE-2026-14358 (CVE-2026-14358)
cross-site scripting in CVE-2026-14358 (CVE-2026-14358). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50151 |
|
SSRF (Server-Side Request Forgery) in oras.land/oras-go/v2 (CVE-2026-50151)
SSRF in oras.land/oras-go/v2 (CVE-2026-50151). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `2.6.1` or later.
|
| CVE-2026-58263 |
|
Cross-Site Scripting (XSS) in CVE-2026-58263 (CVE-2026-58263)
cross-site scripting in CVE-2026-58263 (CVE-2026-58263). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55153 |
|
Vulnerability in deserialization (CVE-2026-55153)
vulnerability in deserialization (CVE-2026-55153). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54786 |
|
Vulnerability in bytecodealliance (CVE-2026-54786)
vulnerability in bytecodealliance (CVE-2026-54786). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54756 |
|
Vulnerability in CVE-2026-54756 (CVE-2026-54756)
vulnerability in CVE-2026-54756 (CVE-2026-54756). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54720 |
|
Cross-Site Scripting (XSS) in CVE-2026-54720 (CVE-2026-54720)
cross-site scripting in CVE-2026-54720 (CVE-2026-54720). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48978 |
|
Vulnerability in oras.land/oras-go/v2 (CVE-2026-48978)
vulnerability in oras.land/oras-go/v2 (CVE-2026-48978). Risk of unauthorized operations or information disclosure. Exploitable via ``auth.Client``. Mitigation: upgrade to `2.6.1` or later.
|
| CVE-2026-48824 |
|
Vulnerability in github.com/axllent/mailpit (CVE-2026-48824)
vulnerability in github.com/axllent/mailpit (CVE-2026-48824). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/send`. Mitigation: upgrade to `1.30.1` or later.
|
| CVE-2026-48819 |
|
Vulnerability in @hey-api/openapi-ts (CVE-2026-48819)
vulnerability in @hey-api/openapi-ts (CVE-2026-48819). Risk of unauthorized operations or information disclosure. Exploitable via `GET /search`. Mitigation: upgrade to `0.97.3` or later.
|
| CVE-2026-41053 |
|
Vulnerability in github.com/rancher/rancher (CVE-2026-41053)
vulnerability in github.com/rancher/rancher (CVE-2026-41053). Successful exploitation can lead to full system takeover. Exploitable via ``allowedPrincipalIds``. Mitigation: upgrade to `0.0.0-20260519172014-d0c047bbc6d2` or later.
|
| CVE-2026-44935 |
|
Vulnerability in github.com/rancher/fleet (CVE-2026-44935)
vulnerability in github.com/rancher/fleet (CVE-2026-44935). Successful exploitation can lead to full system takeover. Exploitable via ``HelmOp``. Mitigation: upgrade to `0.12.15` or later.
|
| CVE-2026-44936 |
|
SSRF (Server-Side Request Forgery) in github.com/rancher/fleet (CVE-2026-44936)
SSRF in github.com/rancher/fleet (CVE-2026-44936). Risk of unauthorized operations or information disclosure. Exploitable via ``helmRepoURLRegex``. Mitigation: upgrade to `0.12.15` or later.
|
| CVE-2026-44937 |
|
SSRF (Server-Side Request Forgery) in github.com/rancher/fleet (CVE-2026-44937)
SSRF in github.com/rancher/fleet (CVE-2026-44937). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.12.15` or later.
|
| CVE-2026-44938 |
|
Vulnerability in github.com/rancher/fleet (CVE-2026-44938)
vulnerability in github.com/rancher/fleet (CVE-2026-44938). Successful exploitation can lead to full system takeover. Exploitable via ``namespaceLabels``. Mitigation: upgrade to `0.12.15` or later.
|
| CVE-2026-14265 |
|
Unsafe Deserialization in Amazon aws (CVE-2026-14265)
vulnerability in Amazon aws (CVE-2026-14265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49457 |
|
Vulnerability in quic (CVE-2026-49457)
vulnerability in quic (CVE-2026-49457). Risk of unauthorized operations or information disclosure. Exploitable via ``verify``. Mitigation: upgrade to `1.4.4` or later.
|
| GHSA-j6hm-v3x2-qv6j |
|
Path Traversal in land.oras:oras-java-sdk (GHSA-j6hm-v3x2-qv6j)
path traversal in land.oras:oras-java-sdk (GHSA-j6hm-v3x2-qv6j). Risk of unauthorized operations or information disclosure. Exploitable via ``Files.newOutputStream``. Mitigation: upgrade to `0.6.4` or later.
|
| CVE-2026-49998 |
|
Vulnerability in github.com/centrifugal/centrifugo/v6 (CVE-2026-49998)
vulnerability in github.com/centrifugal/centrifugo/v6 (CVE-2026-49998). Risk of unauthorized operations or information disclosure. Exploitable via ``singleflight``. Mitigation: upgrade to `6.8.1` or later.
|
| CVE-2026-49997 |
|
Vulnerability in surrealdb (CVE-2026-49997)
vulnerability in surrealdb (CVE-2026-49997). Risk of unauthorized operations or information disclosure. Exploitable via ``RELATE``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-fwg2-gr34-q3w8 |
|
Vulnerability in surrealdb (GHSA-fwg2-gr34-q3w8)
vulnerability in surrealdb (GHSA-fwg2-gr34-q3w8). Risk of unauthorized operations or information disclosure. Exploitable via ``jsonwebtoken``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-c8jx-96c9-8xrp |
|
Authorization Flaw in surrealdb (GHSA-c8jx-96c9-8xrp)
vulnerability in surrealdb (GHSA-c8jx-96c9-8xrp). Risk of unauthorized operations or information disclosure. Exploitable via ``IndexCountScan``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-wp87-mgvq-5j93 |
|
Vulnerability in surrealdb (GHSA-wp87-mgvq-5j93)
vulnerability in surrealdb (GHSA-wp87-mgvq-5j93). Risk of unauthorized operations or information disclosure. Exploitable via ``USE``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-97vg-427p-8hx5 |
|
SSRF (Server-Side Request Forgery) in surrealdb (GHSA-97vg-427p-8hx5)
SSRF in surrealdb (GHSA-97vg-427p-8hx5). Risk of unauthorized operations or information disclosure. Exploitable via ``NetTarget``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-6wqw-vhfr-9999 |
|
Authorization Flaw in surrealdb (GHSA-6wqw-vhfr-9999)
vulnerability in surrealdb (GHSA-6wqw-vhfr-9999). Risk of unauthorized operations or information disclosure. Exploitable via ``PERMISSIONS``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-f82j-v89j-mf86 |
|
Vulnerability in surrealdb (GHSA-f82j-v89j-mf86)
vulnerability in surrealdb (GHSA-f82j-v89j-mf86). Risk of unauthorized operations or information disclosure. Exploitable via ``RELATE``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-fpxg-5xmv-922m |
|
Authorization Flaw in surrealdb (GHSA-fpxg-5xmv-922m)
vulnerability in surrealdb (GHSA-fpxg-5xmv-922m). Risk of unauthorized operations or information disclosure. Exploitable via ``copy``. Mitigation: upgrade to `3.1.0` or later.
|
| CVE-2026-55688 |
|
Vulnerability in CVE-2026-55688 (CVE-2026-55688)
vulnerability in CVE-2026-55688 (CVE-2026-55688). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54908 |
|
Out-of-Bounds Read in dos (CVE-2026-54908)
vulnerability in dos (CVE-2026-54908). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54164 |
|
Vulnerability in symfony (CVE-2026-54164)
vulnerability in symfony (CVE-2026-54164). Data can be tampered with by attackers.
|
| CVE-2026-49858 |
|
Vulnerability in CVE-2026-49858 (CVE-2026-49858)
vulnerability in CVE-2026-49858 (CVE-2026-49858). Confidential information can be exposed externally.
|
| GHSA-6g9v-7gq3-p2c6 |
|
Vulnerability in surrealdb (GHSA-6g9v-7gq3-p2c6)
vulnerability in surrealdb (GHSA-6g9v-7gq3-p2c6). Risk of unauthorized operations or information disclosure. Exploitable via ``extend``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-4m82-p8cx-f94j |
|
Vulnerability in surrealdb (GHSA-4m82-p8cx-f94j)
vulnerability in surrealdb (GHSA-4m82-p8cx-f94j). Risk of unauthorized operations or information disclosure. Exploitable via ``PERMISSIONS``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-65rj-r9fh-jp2v |
|
Vulnerability in surrealdb (GHSA-65rj-r9fh-jp2v)
vulnerability in surrealdb (GHSA-65rj-r9fh-jp2v). Risk of unauthorized operations or information disclosure. Exploitable via `GET /sql`. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-gcwr-5mrf-fvch |
|
Vulnerability in surrealdb (GHSA-gcwr-5mrf-fvch)
vulnerability in surrealdb (GHSA-gcwr-5mrf-fvch). Risk of unauthorized operations or information disclosure. Exploitable via ``KILL``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-4v76-cw68-4vc9 |
|
Vulnerability in surrealdb (GHSA-4v76-cw68-4vc9)
vulnerability in surrealdb (GHSA-4v76-cw68-4vc9). Risk of unauthorized operations or information disclosure. Exploitable via ``LIVE``. Mitigation: upgrade to `3.1.0` or later.
|