Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-50530 Vulnerability in CVE-2026-50530 (CVE-2026-50530)
vulnerability in CVE-2026-50530 (CVE-2026-50530). Risk of unauthorized operations or information disclosure. Exploitable via `POST /de2api/chartData/getData.`.
CVE-2026-50529 Authorization Flaw in CVE-2026-50529 (CVE-2026-50529)
vulnerability in CVE-2026-50529 (CVE-2026-50529). Risk of unauthorized operations or information disclosure.
CVE-2026-50007 Vulnerability in CVE-2026-50007 (CVE-2026-50007)
vulnerability in CVE-2026-50007 (CVE-2026-50007). Risk of unauthorized operations or information disclosure.
CVE-2026-49471 Vulnerability in flask (CVE-2026-49471)
vulnerability in flask (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
GHSA-j8v8-g9cx-5qf4 Vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4)
vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4). Risk of unauthorized operations or information disclosure. Exploitable via `POST /scim/generate-token`. Mitigation: upgrade to `1.7.0-beta.4` or later.
GHSA-2vg6-77g8-24mp Vulnerability in better-auth (GHSA-2vg6-77g8-24mp)
vulnerability in better-auth (GHSA-2vg6-77g8-24mp). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /scim/v2/Users/`. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53518 Vulnerability in @better-auth/oauth-provider (CVE-2026-53518)
vulnerability in @better-auth/oauth-provider (CVE-2026-53518). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53513 Vulnerability in @better-auth/sso (CVE-2026-53513)
vulnerability in @better-auth/sso (CVE-2026-53513). Risk of unauthorized operations or information disclosure. Exploitable via `POST /sso/register`. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53517 Vulnerability in @better-auth/oauth-provider (CVE-2026-53517)
vulnerability in @better-auth/oauth-provider (CVE-2026-53517). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
GHSA-9h47-pqcx-hjr4 Vulnerability in better-auth (GHSA-9h47-pqcx-hjr4)
vulnerability in better-auth (GHSA-9h47-pqcx-hjr4). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `1.6.11` or later.
GHSA-86j7-9j95-vpqj Cross-Site Scripting (XSS) in better-auth (GHSA-86j7-9j95-vpqj)
cross-site scripting in better-auth (GHSA-86j7-9j95-vpqj). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/register`. Mitigation: upgrade to `1.7.0-beta.4` or later.
CVE-2026-53516 Authentication Bypass in better-auth (CVE-2026-53516)
authentication bypass in better-auth (CVE-2026-53516). Risk of unauthorized operations or information disclosure. Exploitable via ``next``. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53514 Authentication Bypass in better-auth (CVE-2026-53514)
authentication bypass in better-auth (CVE-2026-53514). Risk of unauthorized operations or information disclosure. Exploitable via ``organization``. Mitigation: upgrade to `1.6.11` or later.
GHSA-p2fr-6hmx-4528 Vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528)
vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528). Risk of unauthorized operations or information disclosure. Exploitable via ``aud``. Mitigation: upgrade to `1.7.0-beta.4` or later.
CVE-2026-58468 SSRF (Server-Side Request Forgery) in CVE-2026-58468 (CVE-2026-58468)
SSRF in CVE-2026-58468 (CVE-2026-58468). Risk of unauthorized operations or information disclosure.
CVE-2026-44877 Information Disclosure in CVE-2026-44877 (CVE-2026-44877)
vulnerability in CVE-2026-44877 (CVE-2026-44877). Confidential information can be exposed externally.
CVE-2026-53512 Authentication Bypass in better-auth (CVE-2026-53512)
authentication bypass in better-auth (CVE-2026-53512). Risk of unauthorized operations or information disclosure. Exploitable via ``oauthApplication``. Mitigation: upgrade to `1.6.11` or later.
GHSA-7856-g3gv-9wq8 Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
GHSA-3g4q-2f67-2gvh Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
GHSA-59qp-cfj3-rp64 Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
GHSA-fqf6-gxhh-2xhw Vulnerability in uucore (GHSA-fqf6-gxhh-2xhw)
vulnerability in uucore (GHSA-fqf6-gxhh-2xhw). Risk of unauthorized operations or information disclosure. Exploitable via ``determine_backup_mode``. Mitigation: upgrade to `0.6.0` or later.
CVE-2026-53509 SSRF (Server-Side Request Forgery) in @aborruso/ckan-mcp-server (CVE-2026-53509)
SSRF in @aborruso/ckan-mcp-server (CVE-2026-53509). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `0.4.106` or later.
CVE-2026-7017 Vulnerability in CVE-2026-7017 (CVE-2026-7017)
vulnerability in CVE-2026-7017 (CVE-2026-7017). Confidential information can be exposed externally. Exploitable via `Authorization header`.
CVE-2026-59708 Vulnerability in CVE-2026-59708 (CVE-2026-59708)
vulnerability in CVE-2026-59708 (CVE-2026-59708). Confidential information can be exposed externally. Exploitable via `GET /api/v1/public/`.
CVE-2026-48958 Vulnerability in CVE-2026-48958 (CVE-2026-48958)
vulnerability in CVE-2026-48958 (CVE-2026-48958). Risk of unauthorized operations or information disclosure.
CVE-2026-48957 An improper access check allows unauthorized users to access com_privacy datasets.
An improper access check allows unauthorized users to access com_privacy datasets.
CVE-2026-48956 An improper access check allows users to display a list of modules in the frontend.
An improper access check allows users to display a list of modules in the frontend.
CVE-2026-48955 Vulnerability in CVE-2026-48955 (CVE-2026-48955)
vulnerability in CVE-2026-48955 (CVE-2026-48955). Risk of unauthorized operations or information disclosure.
CVE-2026-48954 Improper validation leads to a generic XSS vector in the language override feature.
Improper validation leads to a generic XSS vector in the language override feature.
CVE-2026-48953 Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
CVE-2026-48952 Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
CVE-2026-48951 Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
CVE-2026-48950 Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
CVE-2026-48949 Lack of validation leads to an XSS vulnerability in the MFA management views.
Lack of validation leads to an XSS vulnerability in the MFA management views.
CVE-2026-48948 Vulnerability in CVE-2026-48948 (CVE-2026-48948)
vulnerability in CVE-2026-48948 (CVE-2026-48948). Risk of unauthorized operations or information disclosure.
CVE-2026-48947 Vulnerability in CVE-2026-48947 (CVE-2026-48947)
vulnerability in CVE-2026-48947 (CVE-2026-48947). Risk of unauthorized operations or information disclosure.
CVE-2026-57851 Vulnerability in privilege-escalation (CVE-2026-57851)
vulnerability in privilege-escalation (CVE-2026-57851). Successful exploitation can lead to full system takeover.
CVE-2026-23698 Unrestricted File Upload in apache (CVE-2026-23698)
vulnerability in apache (CVE-2026-23698). Successful exploitation can lead to full system takeover.
CVE-2026-23697 Unrestricted File Upload in apache (CVE-2026-23697)
vulnerability in apache (CVE-2026-23697). Successful exploitation can lead to full system takeover.
CVE-2026-14904 Vulnerability in Amazon aws (CVE-2026-14904)
vulnerability in Amazon aws (CVE-2026-14904). Confidential information can be exposed externally.
CVE-2026-13020 Vulnerability in CVE-2026-13020 (CVE-2026-13020)
vulnerability in CVE-2026-13020 (CVE-2026-13020). Successful exploitation can lead to full system takeover.
CVE-2026-13019 Vulnerability in CVE-2026-13019 (CVE-2026-13019)
vulnerability in CVE-2026-13019 (CVE-2026-13019). Successful exploitation can lead to full system takeover.
CVE-2025-12799 Cross-Site Scripting (XSS) in CVE-2025-12799 (CVE-2025-12799)
cross-site scripting in CVE-2025-12799 (CVE-2025-12799). Data can be tampered with by attackers.
CVE-2026-20744 Vulnerability in cisa (CVE-2026-20744)
vulnerability in cisa (CVE-2026-20744). Risk of unauthorized operations or information disclosure.
CVE-2026-42953 Out-of-Bounds Write in cisa (CVE-2026-42953)
out-of-bounds write in cisa (CVE-2026-42953). Risk of unauthorized operations or information disclosure.
CVE-2026-34225 SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-34225)
SSRF in open-webui (CVE-2026-34225). Risk of unauthorized operations or information disclosure. Exploitable via ``load_url_image``.
CVE-2026-26193 Cross-Site Scripting (XSS) in open-webui (CVE-2026-26193)
cross-site scripting in open-webui (CVE-2026-26193). Risk of unauthorized operations or information disclosure. Exploitable via ``embeds``. Mitigation: upgrade to `0.6.44` or later.
CVE-2026-26192 Cross-Site Scripting (XSS) in open-webui (CVE-2026-26192)
cross-site scripting in open-webui (CVE-2026-26192). Risk of unauthorized operations or information disclosure. Exploitable via ``html``. Mitigation: upgrade to `0.7.0` or later.
CVE-2025-46719 Cross-Site Scripting (XSS) in open-webui (CVE-2025-46719)
cross-site scripting in open-webui (CVE-2025-46719). Risk of unauthorized operations or information disclosure. Exploitable via ``onload``. Mitigation: upgrade to `0.6.6` or later.
CVE-2025-46571 Cross-Site Scripting (XSS) in open-webui (CVE-2025-46571)
cross-site scripting in open-webui (CVE-2025-46571). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/`. Mitigation: upgrade to `0.6.6` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →