Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| GHSA-4v76-cw68-4vc9 |
|
Vulnerability in surrealdb (GHSA-4v76-cw68-4vc9)
vulnerability in surrealdb (GHSA-4v76-cw68-4vc9). Risk of unauthorized operations or information disclosure. Exploitable via ``LIVE``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-6vg3-hgrw-p5gf |
|
Vulnerability in surrealdb (GHSA-6vg3-hgrw-p5gf)
vulnerability in surrealdb (GHSA-6vg3-hgrw-p5gf). Risk of unauthorized operations or information disclosure. Exploitable via ``id.tenant``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-vjjx-rfw4-rmfc |
|
Information Disclosure in surrealdb (GHSA-vjjx-rfw4-rmfc)
vulnerability in surrealdb (GHSA-vjjx-rfw4-rmfc). Risk of unauthorized operations or information disclosure. Exploitable via ``target``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-98fx-66cf-fc7c |
|
Authorization Flaw in surrealdb (GHSA-98fx-66cf-fc7c)
vulnerability in surrealdb (GHSA-98fx-66cf-fc7c). Risk of unauthorized operations or information disclosure. Exploitable via ``WHERE``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-q8qp-67f9-wr3f |
|
Vulnerability in surrealdb (GHSA-q8qp-67f9-wr3f)
vulnerability in surrealdb (GHSA-q8qp-67f9-wr3f). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_concrete_kind``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-wjjj-24cx-f28g |
|
Vulnerability in surrealdb (GHSA-wjjj-24cx-f28g)
vulnerability in surrealdb (GHSA-wjjj-24cx-f28g). Risk of unauthorized operations or information disclosure. Exploitable via ``use``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-q729-696q-g9pq |
|
Vulnerability in surrealdb (GHSA-q729-696q-g9pq)
vulnerability in surrealdb (GHSA-q729-696q-g9pq). Risk of unauthorized operations or information disclosure. Exploitable via ``parse_value``. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-4vgr-h27g-cf9p |
|
Vulnerability in surrealdb (GHSA-4vgr-h27g-cf9p)
vulnerability in surrealdb (GHSA-4vgr-h27g-cf9p). Risk of unauthorized operations or information disclosure. Exploitable via `POST /rpc`. Mitigation: upgrade to `3.1.0` or later.
|
| GHSA-5qfp-32cf-69jh |
|
Vulnerability in surrealdb (GHSA-5qfp-32cf-69jh)
vulnerability in surrealdb (GHSA-5qfp-32cf-69jh). Risk of unauthorized operations or information disclosure. Exploitable via `POST /rpc`. Mitigation: upgrade to `1` or later.
|
| CVE-2026-48815 |
|
Vulnerability in sigstore (CVE-2026-48815)
vulnerability in sigstore (CVE-2026-48815). Risk of unauthorized operations or information disclosure. Exploitable via ``certificateOIDs``. Mitigation: upgrade to `4.1.1` or later.
|
| CVE-2026-48816 |
|
Vulnerability in @sigstore/verify (CVE-2026-48816)
vulnerability in @sigstore/verify (CVE-2026-48816). Risk of unauthorized operations or information disclosure. Exploitable via ``timestampThreshold``. Mitigation: upgrade to `3.1.1` or later.
|
| CVE-2026-49989 |
|
Authorization Flaw in io.crate:crate (CVE-2026-49989)
vulnerability in io.crate:crate (CVE-2026-49989). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /_blobs/{table}/{digest}`. Mitigation: upgrade to `6.3.2` or later.
|
| GHSA-m492-gv72-xvxj |
|
Vulnerability in kimai/kimai (GHSA-m492-gv72-xvxj)
vulnerability in kimai/kimai (GHSA-m492-gv72-xvxj). Risk of unauthorized operations or information disclosure. Exploitable via ``password``. Mitigation: upgrade to `2.58.0` or later.
|
| CVE-2026-13760 |
|
OS Command Injection in Amazon aws (CVE-2026-13760)
OS command injection in Amazon aws (CVE-2026-13760). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13769 |
|
Vulnerability in Amazon aws (CVE-2026-13769)
vulnerability in Amazon aws (CVE-2026-13769). Confidential information can be exposed externally.
|
| CVE-2026-55628 |
|
Vulnerability in CVE-2026-55628 (CVE-2026-55628)
vulnerability in CVE-2026-55628 (CVE-2026-55628). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55597 |
|
Vulnerability in imagemagick (CVE-2026-55597)
vulnerability in imagemagick (CVE-2026-55597). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55595 |
|
Vulnerability in imagemagick (CVE-2026-55595)
vulnerability in imagemagick (CVE-2026-55595). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55594 |
|
Vulnerability in imagemagick (CVE-2026-55594)
vulnerability in imagemagick (CVE-2026-55594). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55577 |
|
Vulnerability in imagemagick (CVE-2026-55577)
vulnerability in imagemagick (CVE-2026-55577). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55510 |
|
Use-After-Free in imagemagick (CVE-2026-55510)
vulnerability in imagemagick (CVE-2026-55510). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53467 |
|
Information Disclosure in imagemagick (CVE-2026-53467)
vulnerability in imagemagick (CVE-2026-53467). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53466 |
|
Vulnerability in imagemagick (CVE-2026-53466)
vulnerability in imagemagick (CVE-2026-53466). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50160 |
|
Vulnerability in hoppscotch (CVE-2026-50160)
vulnerability in hoppscotch (CVE-2026-50160). Confidential information can be exposed externally. Exploitable via `POST /v1/onboarding/config`.
|
| CVE-2026-49988 |
|
Information Disclosure in repomix (CVE-2026-49988)
vulnerability in repomix (CVE-2026-49988). Risk of unauthorized operations or information disclosure. Exploitable via ``attach_packed_output``. Mitigation: upgrade to `1.14.1` or later.
|
| CVE-2026-49826 |
|
Open Redirect in github.com/concourse/concourse (CVE-2026-49826)
vulnerability in github.com/concourse/concourse (CVE-2026-49826). Risk of unauthorized operations or information disclosure. Exploitable via ``url``. Mitigation: upgrade to `8.2.3` or later.
|
| CVE-2026-49987 |
|
Vulnerability in repomix (CVE-2026-49987)
vulnerability in repomix (CVE-2026-49987). Risk of unauthorized operations or information disclosure. Exploitable via ``execGitShallowClone``. Mitigation: upgrade to `1.14.1` or later.
|
| GHSA-mjgf-xj26-9qf9 |
|
Vulnerability in pay (GHSA-mjgf-xj26-9qf9)
vulnerability in pay (GHSA-mjgf-xj26-9qf9). Risk of unauthorized operations or information disclosure. Exploitable via `POST /pay/webhooks/paddle_billing`.
|
| CVE-2026-49981 |
|
Vulnerability in twig/twig (CVE-2026-49981)
vulnerability in twig/twig (CVE-2026-49981). Risk of unauthorized operations or information disclosure. Exploitable via ``Template``. Mitigation: upgrade to `3.27.0` or later.
|
| GHSA-3ccm-4qq2-5wrp |
|
Vulnerability in github.com/edgelesssys/contrast (GHSA-3ccm-4qq2-5wrp)
vulnerability in github.com/edgelesssys/contrast (GHSA-3ccm-4qq2-5wrp). Risk of unauthorized operations or information disclosure. Exploitable via ``ciphertextContainer.UnmarshalJSON``. Mitigation: upgrade to `1.21.0` or later.
|
| GHSA-6c87-g9pw-78fx |
|
Vulnerability in github.com/edgelesssys/contrast (GHSA-6c87-g9pw-78fx)
vulnerability in github.com/edgelesssys/contrast (GHSA-6c87-g9pw-78fx). Risk of unauthorized operations or information disclosure. Exploitable via ``Config.registryFor``. Mitigation: upgrade to `1.21.0` or later.
|
| CVE-2026-49986 |
|
Vulnerability in neuro-cortex-memory (CVE-2026-49986)
vulnerability in neuro-cortex-memory (CVE-2026-49986). Risk of unauthorized operations or information disclosure. Exploitable via ``CLAUDE_PROJECT_DIR``. Mitigation: upgrade to `3.18.0` or later.
|
| GHSA-hwmc-r6mf-jh83 |
|
Cross-Site Scripting (XSS) in spatie/schema-org (GHSA-hwmc-r6mf-jh83)
cross-site scripting in spatie/schema-org (GHSA-hwmc-r6mf-jh83). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.0.2` or later.
|
| CVE-2026-57737 |
|
Cross-Site Scripting (XSS) in CVE-2026-57737 (CVE-2026-57737)
cross-site scripting in CVE-2026-57737 (CVE-2026-57737). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58521 |
|
SQL Injection in sqli (CVE-2026-58521)
SQL injection in sqli (CVE-2026-58521). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5051 |
|
Path Traversal in CVE-2026-5051 (CVE-2026-5051)
path traversal in CVE-2026-5051 (CVE-2026-5051). Confidential information can be exposed externally. Mitigation: upgrade to `2.0.1` or later.
|
| CVE-2026-58520 |
|
Open Redirect in CVE-2026-58520 (CVE-2026-58520)
vulnerability in CVE-2026-58520 (CVE-2026-58520). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57736 |
|
Vulnerability in CVE-2026-57736 (CVE-2026-57736)
vulnerability in CVE-2026-57736 (CVE-2026-57736). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57723 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-57723)
vulnerability in csrf (CVE-2026-57723). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49091 |
|
Vulnerability in elastic (CVE-2026-49091)
vulnerability in elastic (CVE-2026-49091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-58452 |
|
OS Command Injection in CVE-2026-58452 (CVE-2026-58452)
OS command injection in CVE-2026-58452 (CVE-2026-58452). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49090 |
|
Vulnerability in dos (CVE-2026-49090)
vulnerability in dos (CVE-2026-49090). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54428 |
|
Vulnerability in apache (CVE-2026-54428)
vulnerability in apache (CVE-2026-54428). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57722 |
|
Cross-Site Scripting (XSS) in CVE-2026-57722 (CVE-2026-57722)
cross-site scripting in CVE-2026-57722 (CVE-2026-57722). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58454 |
|
Code Injection in CVE-2026-58454 (CVE-2026-58454)
code injection in CVE-2026-58454 (CVE-2026-58454). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57721 |
|
Vulnerability in CVE-2026-57721 (CVE-2026-57721)
vulnerability in CVE-2026-57721 (CVE-2026-57721). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58453 |
|
Vulnerability in CVE-2026-58453 (CVE-2026-58453)
vulnerability in CVE-2026-58453 (CVE-2026-58453). Successful exploitation can lead to full system takeover.
|
| CVE-2026-51946 |
|
SQL Injection in sqli (CVE-2026-51946)
SQL injection in sqli (CVE-2026-51946). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56151 |
|
Vulnerability in dos (CVE-2026-56151)
vulnerability in dos (CVE-2026-56151). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57720 |
|
Vulnerability in CVE-2026-57720 (CVE-2026-57720)
vulnerability in CVE-2026-57720 (CVE-2026-57720). Risk of unauthorized operations or information disclosure.
|