Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54321 |
|
Vulnerability in github.com/daytonaio/daytona (CVE-2026-54321)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54321). Confidential information can be exposed externally. Mitigation: upgrade to `0.184.0` or later.
|
| CVE-2026-53755 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
|
| CVE-2026-53754 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
|
| CVE-2026-50023 |
|
Vulnerability in yt-dlp (CVE-2026-50023)
vulnerability in yt-dlp (CVE-2026-50023). Successful exploitation can lead to full system takeover. Exploitable via ``master.m3u8``. Mitigation: upgrade to `2026.6.9` or later.
|
| CVE-2026-47750 |
|
Out-of-Bounds Write in c (CVE-2026-47750)
out-of-bounds write in c (CVE-2026-47750). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47747 |
|
Vulnerability in c (CVE-2026-47747)
vulnerability in c (CVE-2026-47747). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56266 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-53866 |
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
| CVE-2026-53865 |
|
Vulnerability in openclaw (CVE-2026-53865)
vulnerability in openclaw (CVE-2026-53865). Confidential information can be exposed externally. Exploitable via ``trash``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53864 |
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
| CVE-2026-53863 |
|
Vulnerability in openclaw (CVE-2026-53863)
vulnerability in openclaw (CVE-2026-53863). Data can be tampered with by attackers. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53858 |
|
Vulnerability in openclaw (CVE-2026-53858)
vulnerability in openclaw (CVE-2026-53858). Confidential information can be exposed externally. Exploitable via ``STATE_DIRECTORY``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53857 |
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-53853 |
|
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
|
| CVE-2026-53849 |
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
| CVE-2026-53846 |
|
Vulnerability in openclaw (CVE-2026-53846)
vulnerability in openclaw (CVE-2026-53846). Confidential information can be exposed externally. Mitigation: upgrade to `2026.4.29` or later.
|
| CVE-2026-53843 |
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
| CVE-2026-53842 |
|
Vulnerability in openclaw (CVE-2026-53842)
vulnerability in openclaw (CVE-2026-53842). Confidential information can be exposed externally. Exploitable via ``gcloud``. Mitigation: upgrade to `2026.5.2` or later.
|
| CVE-2026-53840 |
|
Vulnerability in openclaw (CVE-2026-53840)
vulnerability in openclaw (CVE-2026-53840). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-50656 |
|
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in...
|
| CVE-2026-47964 |
|
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow...
|
| CVE-2026-47749 |
|
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to...
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files. The pickle .ckpt pars...
|
| CVE-2024-39575 |
|
update_disk_psu_baseline.sh requires password in plain text
update_disk_psu_baseline.sh requires password in plain text
|
| CVE-2026-49401 |
|
Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
|
| CVE-2026-49440 |
|
Vulnerability in deno (CVE-2026-49440)
vulnerability in deno (CVE-2026-49440). Confidential information can be exposed externally. Exploitable via ``options.checks``. Mitigation: upgrade to `2.8.1` or later.
|
| CVE-2026-49402 |
|
OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
|
| CVE-2026-54311 |
|
Vulnerability in n8n (CVE-2026-54311)
vulnerability in n8n (CVE-2026-54311). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54308 |
|
Vulnerability in n8n (CVE-2026-54308)
vulnerability in n8n (CVE-2026-54308). Risk of unauthorized operations or information disclosure. Exploitable via ``MicrosoftAgent365Trigger``. Mitigation: upgrade to `2.25.7` or later.
|
| CVE-2026-54313 |
|
SQL Injection in n8n (CVE-2026-54313)
SQL injection in n8n (CVE-2026-54313). Data can be tampered with by attackers. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.24.0` or later.
|
| CVE-2026-49465 |
|
Path Traversal in n8n (CVE-2026-49465)
path traversal in n8n (CVE-2026-49465). Confidential information can be exposed externally. Exploitable via ``N8N_RESTRICT_FILE_ACCESS_TO``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-49444 |
|
Vulnerability in n8n (CVE-2026-49444)
vulnerability in n8n (CVE-2026-49444). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.21.8` or later.
|
| CVE-2026-41523 |
|
Code Injection in vllm (CVE-2026-41523)
code injection in vllm (CVE-2026-41523). Successful exploitation can lead to full system takeover. Exploitable via ``assert``. Mitigation: upgrade to `0.22.0` or later.
|
| CVE-2026-33760 |
|
Vulnerability in langflow (CVE-2026-33760)
vulnerability in langflow (CVE-2026-33760). Successful exploitation can lead to full system takeover. Exploitable via `GET /monitor/messages`. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-44932 |
|
OS Command Injection in CVE-2026-44932 (CVE-2026-44932)
OS command injection in CVE-2026-44932 (CVE-2026-44932). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24228 |
|
Unsafe Deserialization in deserialization (CVE-2026-24228)
vulnerability in deserialization (CVE-2026-24228). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24155 |
|
Code Injection in nvidia (CVE-2026-24155)
code injection in nvidia (CVE-2026-24155). Successful exploitation can lead to full system takeover.
|
| CVE-2026-10649 |
|
Vulnerability in dos (CVE-2026-10649)
vulnerability in dos (CVE-2026-10649). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71261 |
|
Vulnerability in github.com/harvester/harvester (CVE-2025-71261)
vulnerability in github.com/harvester/harvester (CVE-2025-71261). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
|
| CVE-2024-38487 |
|
Privilege Escalation in CVE-2024-38487 (CVE-2024-38487)
vulnerability in CVE-2024-38487 (CVE-2024-38487). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-24909 |
|
Command Injection in CVE-2024-24909 (CVE-2024-24909)
command injection in CVE-2024-24909 (CVE-2024-24909). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12398 |
|
OS Command Injection in galaxy-ng (CVE-2026-12398)
OS command injection in galaxy-ng (CVE-2026-12398). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48780 |
|
Authentication Bypass in CVE-2026-48780 (CVE-2026-48780)
authentication bypass in CVE-2026-48780 (CVE-2026-48780). Confidential information can be exposed externally. Exploitable via ``a2ab6d4``.
|
| CVE-2026-54299 |
|
Vulnerability in astro (CVE-2026-54299)
vulnerability in astro (CVE-2026-54299). Confidential information can be exposed externally. Exploitable via ``request.url``. Mitigation: upgrade to `6.4.6` or later.
|
| CVE-2026-54293 |
|
Path Traversal in nltk (CVE-2026-54293)
path traversal in nltk (CVE-2026-54293). Confidential information can be exposed externally.
|
| CVE-2026-54290 |
|
Vulnerability in hono (CVE-2026-54290)
vulnerability in hono (CVE-2026-54290). Confidential information can be exposed externally. Exploitable via ``origin``. Mitigation: upgrade to `4.12.25` or later.
|
| CVE-2026-50146 |
|
Vulnerability in astro (CVE-2026-50146)
vulnerability in astro (CVE-2026-50146). Data can be tampered with by attackers. Exploitable via ``astro.config.mjs``. Mitigation: upgrade to `6.3.3` or later.
|
| CVE-2026-12328 |
|
Vulnerability in mozilla (CVE-2026-12328)
vulnerability in mozilla (CVE-2026-12328). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12327 |
|
Buffer Overflow in mozilla (CVE-2026-12327)
vulnerability in mozilla (CVE-2026-12327). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12326 |
|
Buffer Overflow in mozilla (CVE-2026-12326)
vulnerability in mozilla (CVE-2026-12326). Successful exploitation can lead to full system takeover.
|