Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50530 |
|
Vulnerability in CVE-2026-50530 (CVE-2026-50530)
vulnerability in CVE-2026-50530 (CVE-2026-50530). Risk of unauthorized operations or information disclosure. Exploitable via `POST /de2api/chartData/getData.`.
|
| CVE-2026-50529 |
|
Authorization Flaw in CVE-2026-50529 (CVE-2026-50529)
vulnerability in CVE-2026-50529 (CVE-2026-50529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50007 |
|
Vulnerability in CVE-2026-50007 (CVE-2026-50007)
vulnerability in CVE-2026-50007 (CVE-2026-50007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49471 |
|
Vulnerability in flask (CVE-2026-49471)
vulnerability in flask (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
|
| GHSA-j8v8-g9cx-5qf4 |
|
Vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4)
vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4). Risk of unauthorized operations or information disclosure. Exploitable via `POST /scim/generate-token`. Mitigation: upgrade to `1.7.0-beta.4` or later.
|
| GHSA-2vg6-77g8-24mp |
|
Vulnerability in better-auth (GHSA-2vg6-77g8-24mp)
vulnerability in better-auth (GHSA-2vg6-77g8-24mp). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /scim/v2/Users/`. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53518 |
|
Vulnerability in @better-auth/oauth-provider (CVE-2026-53518)
vulnerability in @better-auth/oauth-provider (CVE-2026-53518). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53513 |
|
Vulnerability in @better-auth/sso (CVE-2026-53513)
vulnerability in @better-auth/sso (CVE-2026-53513). Risk of unauthorized operations or information disclosure. Exploitable via `POST /sso/register`. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53517 |
|
Vulnerability in @better-auth/oauth-provider (CVE-2026-53517)
vulnerability in @better-auth/oauth-provider (CVE-2026-53517). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-9h47-pqcx-hjr4 |
|
Vulnerability in better-auth (GHSA-9h47-pqcx-hjr4)
vulnerability in better-auth (GHSA-9h47-pqcx-hjr4). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-86j7-9j95-vpqj |
|
Cross-Site Scripting (XSS) in better-auth (GHSA-86j7-9j95-vpqj)
cross-site scripting in better-auth (GHSA-86j7-9j95-vpqj). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/register`. Mitigation: upgrade to `1.7.0-beta.4` or later.
|
| CVE-2026-53516 |
|
Authentication Bypass in better-auth (CVE-2026-53516)
authentication bypass in better-auth (CVE-2026-53516). Risk of unauthorized operations or information disclosure. Exploitable via ``next``. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53514 |
|
Authentication Bypass in better-auth (CVE-2026-53514)
authentication bypass in better-auth (CVE-2026-53514). Risk of unauthorized operations or information disclosure. Exploitable via ``organization``. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-p2fr-6hmx-4528 |
|
Vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528)
vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528). Risk of unauthorized operations or information disclosure. Exploitable via ``aud``. Mitigation: upgrade to `1.7.0-beta.4` or later.
|
| CVE-2026-58468 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-58468 (CVE-2026-58468)
SSRF in CVE-2026-58468 (CVE-2026-58468). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44877 |
|
Information Disclosure in CVE-2026-44877 (CVE-2026-44877)
vulnerability in CVE-2026-44877 (CVE-2026-44877). Confidential information can be exposed externally.
|
| CVE-2026-53512 |
|
Authentication Bypass in better-auth (CVE-2026-53512)
authentication bypass in better-auth (CVE-2026-53512). Risk of unauthorized operations or information disclosure. Exploitable via ``oauthApplication``. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-7856-g3gv-9wq8 |
|
Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
|
| GHSA-3g4q-2f67-2gvh |
|
Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
|
| GHSA-59qp-cfj3-rp64 |
|
Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
|
| GHSA-fqf6-gxhh-2xhw |
|
Vulnerability in uucore (GHSA-fqf6-gxhh-2xhw)
vulnerability in uucore (GHSA-fqf6-gxhh-2xhw). Risk of unauthorized operations or information disclosure. Exploitable via ``determine_backup_mode``. Mitigation: upgrade to `0.6.0` or later.
|
| CVE-2026-53509 |
|
SSRF (Server-Side Request Forgery) in @aborruso/ckan-mcp-server (CVE-2026-53509)
SSRF in @aborruso/ckan-mcp-server (CVE-2026-53509). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `0.4.106` or later.
|
| CVE-2026-7017 |
|
Vulnerability in CVE-2026-7017 (CVE-2026-7017)
vulnerability in CVE-2026-7017 (CVE-2026-7017). Confidential information can be exposed externally. Exploitable via `Authorization header`.
|
| CVE-2026-59708 |
|
Vulnerability in CVE-2026-59708 (CVE-2026-59708)
vulnerability in CVE-2026-59708 (CVE-2026-59708). Confidential information can be exposed externally. Exploitable via `GET /api/v1/public/`.
|
| CVE-2026-48958 |
|
Vulnerability in CVE-2026-48958 (CVE-2026-48958)
vulnerability in CVE-2026-48958 (CVE-2026-48958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48957 |
|
An improper access check allows unauthorized users to access com_privacy datasets.
An improper access check allows unauthorized users to access com_privacy datasets.
|
| CVE-2026-48956 |
|
An improper access check allows users to display a list of modules in the frontend.
An improper access check allows users to display a list of modules in the frontend.
|
| CVE-2026-48955 |
|
Vulnerability in CVE-2026-48955 (CVE-2026-48955)
vulnerability in CVE-2026-48955 (CVE-2026-48955). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48954 |
|
Improper validation leads to a generic XSS vector in the language override feature.
Improper validation leads to a generic XSS vector in the language override feature.
|
| CVE-2026-48953 |
|
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
|
| CVE-2026-48952 |
|
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
|
| CVE-2026-48951 |
|
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
|
| CVE-2026-48950 |
|
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
|
| CVE-2026-48949 |
|
Lack of validation leads to an XSS vulnerability in the MFA management views.
Lack of validation leads to an XSS vulnerability in the MFA management views.
|
| CVE-2026-48948 |
|
Vulnerability in CVE-2026-48948 (CVE-2026-48948)
vulnerability in CVE-2026-48948 (CVE-2026-48948). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48947 |
|
Vulnerability in CVE-2026-48947 (CVE-2026-48947)
vulnerability in CVE-2026-48947 (CVE-2026-48947). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57851 |
|
Vulnerability in privilege-escalation (CVE-2026-57851)
vulnerability in privilege-escalation (CVE-2026-57851). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23698 |
|
Unrestricted File Upload in apache (CVE-2026-23698)
vulnerability in apache (CVE-2026-23698). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23697 |
|
Unrestricted File Upload in apache (CVE-2026-23697)
vulnerability in apache (CVE-2026-23697). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14904 |
|
Vulnerability in Amazon aws (CVE-2026-14904)
vulnerability in Amazon aws (CVE-2026-14904). Confidential information can be exposed externally.
|
| CVE-2026-13020 |
|
Vulnerability in CVE-2026-13020 (CVE-2026-13020)
vulnerability in CVE-2026-13020 (CVE-2026-13020). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13019 |
|
Vulnerability in CVE-2026-13019 (CVE-2026-13019)
vulnerability in CVE-2026-13019 (CVE-2026-13019). Successful exploitation can lead to full system takeover.
|
| CVE-2025-12799 |
|
Cross-Site Scripting (XSS) in CVE-2025-12799 (CVE-2025-12799)
cross-site scripting in CVE-2025-12799 (CVE-2025-12799). Data can be tampered with by attackers.
|
| CVE-2026-20744 |
|
Vulnerability in cisa (CVE-2026-20744)
vulnerability in cisa (CVE-2026-20744). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42953 |
|
Out-of-Bounds Write in cisa (CVE-2026-42953)
out-of-bounds write in cisa (CVE-2026-42953). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34225 |
|
SSRF (Server-Side Request Forgery) in open-webui (CVE-2026-34225)
SSRF in open-webui (CVE-2026-34225). Risk of unauthorized operations or information disclosure. Exploitable via ``load_url_image``.
|
| CVE-2026-26193 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-26193)
cross-site scripting in open-webui (CVE-2026-26193). Risk of unauthorized operations or information disclosure. Exploitable via ``embeds``. Mitigation: upgrade to `0.6.44` or later.
|
| CVE-2026-26192 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2026-26192)
cross-site scripting in open-webui (CVE-2026-26192). Risk of unauthorized operations or information disclosure. Exploitable via ``html``. Mitigation: upgrade to `0.7.0` or later.
|
| CVE-2025-46719 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2025-46719)
cross-site scripting in open-webui (CVE-2025-46719). Risk of unauthorized operations or information disclosure. Exploitable via ``onload``. Mitigation: upgrade to `0.6.6` or later.
|
| CVE-2025-46571 |
|
Cross-Site Scripting (XSS) in open-webui (CVE-2025-46571)
cross-site scripting in open-webui (CVE-2025-46571). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/files/`. Mitigation: upgrade to `0.6.6` or later.
|