Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-54321 Vulnerability in github.com/daytonaio/daytona (CVE-2026-54321)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54321). Confidential information can be exposed externally. Mitigation: upgrade to `0.184.0` or later.
CVE-2026-53755 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
CVE-2026-53754 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
CVE-2026-50023 Vulnerability in yt-dlp (CVE-2026-50023)
vulnerability in yt-dlp (CVE-2026-50023). Successful exploitation can lead to full system takeover. Exploitable via ``master.m3u8``. Mitigation: upgrade to `2026.6.9` or later.
CVE-2026-47750 Out-of-Bounds Write in c (CVE-2026-47750)
out-of-bounds write in c (CVE-2026-47750). Successful exploitation can lead to full system takeover.
CVE-2026-47747 Vulnerability in c (CVE-2026-47747)
vulnerability in c (CVE-2026-47747). Successful exploitation can lead to full system takeover.
CVE-2026-56266 SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
CVE-2026-53866 OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
CVE-2026-53865 Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53863 Vulnerability in openclaw (CVE-2026-53863)
vulnerability in openclaw (CVE-2026-53863). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
CVE-2026-53858 Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53857 OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
CVE-2026-53855 OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
CVE-2026-53853 OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
CVE-2026-53849 OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
CVE-2026-53846 Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
CVE-2026-53843 OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
CVE-2026-53842 Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
CVE-2026-53840 Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-50656 Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
CVE-2026-47964 DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
CVE-2026-47749 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to...
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
CVE-2024-39575 update_disk_psu_baseline.sh requires password in plain text
update_disk_psu_baseline.sh requires password in plain text
CVE-2026-49401 Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
CVE-2026-49440 Vulnerability in deno (CVE-2026-49440)
vulnerability in deno (CVE-2026-49440). Confidential information can be exposed externally. Exploitable via ``options.checks``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-49402 OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
CVE-2026-54311 Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54308 Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54313 SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
CVE-2026-49465 Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-49444 Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
CVE-2026-41523 Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
CVE-2026-33760 Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-44932 OS Command Injection in CVE-2026-44932 (CVE-2026-44932)
OS command injection in CVE-2026-44932 (CVE-2026-44932). Successful exploitation can lead to full system takeover.
CVE-2026-24228 Unsafe Deserialization in deserialization (CVE-2026-24228)
vulnerability in deserialization (CVE-2026-24228). Successful exploitation can lead to full system takeover.
CVE-2026-24155 Code Injection in nvidia (CVE-2026-24155)
code injection in nvidia (CVE-2026-24155). Successful exploitation can lead to full system takeover.
CVE-2026-10649 Vulnerability in dos (CVE-2026-10649)
vulnerability in dos (CVE-2026-10649). Risk of unauthorized operations or information disclosure.
CVE-2025-71261 Vulnerability in github.com/harvester/harvester (CVE-2025-71261)
vulnerability in github.com/harvester/harvester (CVE-2025-71261). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
CVE-2024-38487 Privilege Escalation in CVE-2024-38487 (CVE-2024-38487)
vulnerability in CVE-2024-38487 (CVE-2024-38487). Risk of unauthorized operations or information disclosure.
CVE-2024-24909 Command Injection in CVE-2024-24909 (CVE-2024-24909)
command injection in CVE-2024-24909 (CVE-2024-24909). Successful exploitation can lead to full system takeover.
CVE-2026-12398 OS Command Injection in galaxy-ng (CVE-2026-12398)
OS command injection in galaxy-ng (CVE-2026-12398). Successful exploitation can lead to full system takeover.
CVE-2026-48780 Authentication Bypass in CVE-2026-48780 (CVE-2026-48780)
authentication bypass in CVE-2026-48780 (CVE-2026-48780). Confidential information can be exposed externally. Exploitable via ``a2ab6d4``.
CVE-2026-54299 Vulnerability in astro (CVE-2026-54299)
vulnerability in astro (CVE-2026-54299). Confidential information can be exposed externally. Exploitable via ``request.url``. Mitigation: upgrade to `6.4.6` or later.
CVE-2026-54293 Path Traversal in nltk (CVE-2026-54293)
path traversal in nltk (CVE-2026-54293). Confidential information can be exposed externally.
CVE-2026-54290 Vulnerability in hono (CVE-2026-54290)
vulnerability in hono (CVE-2026-54290). Confidential information can be exposed externally. Exploitable via ``origin``. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-50146 Vulnerability in astro (CVE-2026-50146)
vulnerability in astro (CVE-2026-50146). Data can be tampered with by attackers. Exploitable via ``astro.config.mjs``. Mitigation: upgrade to `6.3.3` or later.
CVE-2026-12328 Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
CVE-2026-12327 Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
CVE-2026-12326 Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →