Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50891 |
|
Vulnerability in CVE-2026-50891 (CVE-2026-50891)
vulnerability in CVE-2026-50891 (CVE-2026-50891). Confidential information can be exposed externally.
|
| CVE-2026-50889 |
|
Vulnerability in dos (CVE-2026-50889)
vulnerability in dos (CVE-2026-50889). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50888 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50888)
SSRF in ssrf (CVE-2026-50888). Confidential information can be exposed externally.
|
| CVE-2026-50885 |
|
Vulnerability in CVE-2026-50885 (CVE-2026-50885)
vulnerability in CVE-2026-50885 (CVE-2026-50885). Confidential information can be exposed externally.
|
| CVE-2026-50884 |
|
Vulnerability in CVE-2026-50884 (CVE-2026-50884)
vulnerability in CVE-2026-50884 (CVE-2026-50884). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50882 |
|
Vulnerability in dos (CVE-2026-50882)
vulnerability in dos (CVE-2026-50882). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50881 |
|
Vulnerability in CVE-2026-50881 (CVE-2026-50881)
vulnerability in CVE-2026-50881 (CVE-2026-50881). Confidential information can be exposed externally.
|
| CVE-2026-50879 |
|
Vulnerability in dos (CVE-2026-50879)
vulnerability in dos (CVE-2026-50879). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50878 |
|
Vulnerability in dos (CVE-2026-50878)
vulnerability in dos (CVE-2026-50878). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50877 |
|
Path Traversal in path-traversal (CVE-2026-50877)
path traversal in path-traversal (CVE-2026-50877). Confidential information can be exposed externally.
|
| CVE-2026-50875 |
|
Vulnerability in CVE-2026-50875 (CVE-2026-50875)
vulnerability in CVE-2026-50875 (CVE-2026-50875). Data can be tampered with by attackers.
|
| CVE-2026-50874 |
|
OS Command Injection in CVE-2026-50874 (CVE-2026-50874)
OS command injection in CVE-2026-50874 (CVE-2026-50874). Confidential information can be exposed externally.
|
| CVE-2026-48818 |
|
SSRF (Server-Side Request Forgery) in starlette (CVE-2026-48818)
SSRF in starlette (CVE-2026-48818). Confidential information can be exposed externally. Exploitable via ``StaticFiles``. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-50870 |
|
Information Disclosure in CVE-2026-50870 (CVE-2026-50870)
vulnerability in CVE-2026-50870 (CVE-2026-50870). Confidential information can be exposed externally.
|
| CVE-2026-49954 |
|
Vulnerability in path-traversal (CVE-2026-49954)
vulnerability in path-traversal (CVE-2026-49954). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47835 |
|
Vulnerability in CVE-2026-47835 (CVE-2026-47835)
vulnerability in CVE-2026-47835 (CVE-2026-47835). Confidential information can be exposed externally.
|
| CVE-2026-41708 |
|
Vulnerability in dos (CVE-2026-41708)
vulnerability in dos (CVE-2026-41708). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-39118 |
|
Privilege Escalation in CVE-2026-39118 (CVE-2026-39118)
vulnerability in CVE-2026-39118 (CVE-2026-39118). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39007 |
|
Information Disclosure in CVE-2026-39007 (CVE-2026-39007)
vulnerability in CVE-2026-39007 (CVE-2026-39007). Confidential information can be exposed externally.
|
| CVE-2026-36670 |
|
SQL Injection in sqli (CVE-2026-36670)
SQL injection in sqli (CVE-2026-36670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-36213 |
|
Privilege Escalation in CVE-2026-36213 (CVE-2026-36213)
vulnerability in CVE-2026-36213 (CVE-2026-36213). Successful exploitation can lead to full system takeover.
|
| CVE-2025-68713 |
|
Vulnerability in CVE-2025-68713 (CVE-2025-68713)
vulnerability in CVE-2025-68713 (CVE-2025-68713). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56814 |
|
Command Injection in CVE-2025-56814 (CVE-2025-56814)
command injection in CVE-2025-56814 (CVE-2025-56814). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54271 |
|
Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
|
| CVE-2026-54274 |
|
Vulnerability in aiohttp (CVE-2026-54274)
vulnerability in aiohttp (CVE-2026-54274). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54275 |
|
Vulnerability in aiohttp (CVE-2026-54275)
vulnerability in aiohttp (CVE-2026-54275). Risk of unauthorized operations or information disclosure. Exploitable via ``server_hostname``. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54280 |
|
Vulnerability in aiohttp (CVE-2026-54280)
vulnerability in aiohttp (CVE-2026-54280). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54273 |
|
Vulnerability in aiohttp (CVE-2026-54273)
vulnerability in aiohttp (CVE-2026-54273). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54278 |
|
Vulnerability in aiohttp (CVE-2026-54278)
vulnerability in aiohttp (CVE-2026-54278). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54277 |
|
Vulnerability in aiohttp (CVE-2026-54277)
vulnerability in aiohttp (CVE-2026-54277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-54279 |
|
Vulnerability in aiohttp (CVE-2026-54279)
vulnerability in aiohttp (CVE-2026-54279). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.14.1` or later.
|
| CVE-2026-50269 |
|
Vulnerability in aiohttp (CVE-2026-50269)
vulnerability in aiohttp (CVE-2026-50269). Risk of unauthorized operations or information disclosure. Exploitable via ``Payload.headers``. Mitigation: upgrade to `3.14.0` or later.
|
| CVE-2026-8357 |
|
Vulnerability in CVE-2026-8357 (CVE-2026-8357)
vulnerability in CVE-2026-8357 (CVE-2026-8357). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6040 |
|
Use-After-Free in CVE-2026-6040 (CVE-2026-6040)
vulnerability in CVE-2026-6040 (CVE-2026-6040). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47777 |
|
Vulnerability in CVE-2026-47777 (CVE-2026-47777)
vulnerability in CVE-2026-47777 (CVE-2026-47777). Data can be tampered with by attackers.
|
| CVE-2026-48712 |
|
Vulnerability in protobufjs (CVE-2026-48712)
vulnerability in protobufjs (CVE-2026-48712). Risk of unauthorized operations or information disclosure. Exploitable via ``google.protobuf.Any``. Mitigation: upgrade to `8.4.1` or later.
|
| CVE-2026-54268 |
|
Vulnerability in @angular/common (CVE-2026-54268)
vulnerability in @angular/common (CVE-2026-54268). Risk of unauthorized operations or information disclosure. Exploitable via ``formatDate``.
|
| CVE-2026-53571 |
|
Path Traversal in vite (CVE-2026-53571)
path traversal in vite (CVE-2026-53571). Confidential information can be exposed externally. Exploitable via ``server.fs.deny``. Mitigation: upgrade to `6.4.3` or later.
|
| CVE-2026-50170 |
|
Vulnerability in @angular/common (CVE-2026-50170)
vulnerability in @angular/common (CVE-2026-50170). Confidential information can be exposed externally. Exploitable via ``HttpTransferCache``. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-50168 |
|
Vulnerability in @angular/platform-server (CVE-2026-50168)
vulnerability in @angular/platform-server (CVE-2026-50168). Confidential information can be exposed externally. Exploitable via `Host header`. Mitigation: upgrade to `21.2.15` or later.
|
| CVE-2026-48779 |
|
Vulnerability in ws (CVE-2026-48779)
vulnerability in ws (CVE-2026-48779). Risk of unauthorized operations or information disclosure. Exploitable via ``maxPayload``. Mitigation: upgrade to `8.21.0` or later.
|
| CVE-2026-9863 |
|
OS Command Injection in CVE-2026-9863 (CVE-2026-9863)
OS command injection in CVE-2026-9863 (CVE-2026-9863). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5242 |
|
Vulnerability in CVE-2026-5242 (CVE-2026-5242)
vulnerability in CVE-2026-5242 (CVE-2026-5242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5233 |
|
Vulnerability in CVE-2026-5233 (CVE-2026-5233)
vulnerability in CVE-2026-5233 (CVE-2026-5233). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5230 |
|
Vulnerability in CVE-2026-5230 (CVE-2026-5230)
vulnerability in CVE-2026-5230 (CVE-2026-5230). Confidential information can be exposed externally.
|
| CVE-2026-5079 |
|
Vulnerability in multer (CVE-2026-5079)
vulnerability in multer (CVE-2026-5079). Risk of unauthorized operations or information disclosure. Exploitable via ``limits.fieldNestingDepth``. Mitigation: upgrade to `3.0.0-alpha.2` or later.
|
| CVE-2026-49111 |
|
Vulnerability in privilege-escalation (CVE-2026-49111)
vulnerability in privilege-escalation (CVE-2026-49111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-49064 |
|
Vulnerability in CVE-2026-49064 (CVE-2026-49064)
vulnerability in CVE-2026-49064 (CVE-2026-49064). Confidential information can be exposed externally.
|
| CVE-2026-49062 |
|
Vulnerability in CVE-2026-49062 (CVE-2026-49062)
vulnerability in CVE-2026-49062 (CVE-2026-49062). Successful exploitation can lead to full system takeover.
|
| CVE-2019-25746 |
|
SQL Injection in wordpress (CVE-2019-25746)
SQL injection in wordpress (CVE-2019-25746). Confidential information can be exposed externally.
|