Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53833 |
|
Vulnerability in openclaw (CVE-2026-53833)
vulnerability in openclaw (CVE-2026-53833). Confidential information can be exposed externally.
|
| CVE-2026-53832 |
|
Vulnerability in CVE-2026-53832 (CVE-2026-53832)
vulnerability in CVE-2026-53832 (CVE-2026-53832). Confidential information can be exposed externally.
|
| CVE-2026-53831 |
|
Vulnerability in openclaw (CVE-2026-53831)
vulnerability in openclaw (CVE-2026-53831). Confidential information can be exposed externally.
|
| CVE-2026-53829 |
|
Vulnerability in openclaw (CVE-2026-53829)
vulnerability in openclaw (CVE-2026-53829). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53828 |
|
Authorization Flaw in openclaw (CVE-2026-53828)
vulnerability in openclaw (CVE-2026-53828). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53823 |
|
Vulnerability in privilege-escalation (CVE-2026-53823)
vulnerability in privilege-escalation (CVE-2026-53823). Confidential information can be exposed externally.
|
| CVE-2026-53822 |
|
Command Injection in openclaw (CVE-2026-53822)
command injection in openclaw (CVE-2026-53822). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53821 |
|
Vulnerability in openclaw (CVE-2026-53821)
vulnerability in openclaw (CVE-2026-53821). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53608 |
|
Cross-Site Scripting (XSS) in CVE-2026-53608 (CVE-2026-53608)
cross-site scripting in CVE-2026-53608 (CVE-2026-53608). Confidential information can be exposed externally. Exploitable via ``seoGoogleTrackingId``.
|
| CVE-2026-41158 |
|
Use-After-Free in CVE-2026-41158 (CVE-2026-41158)
vulnerability in CVE-2026-41158 (CVE-2026-41158). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34195 |
|
Out-of-Bounds Write in CVE-2026-34195 (CVE-2026-34195)
out-of-bounds write in CVE-2026-34195 (CVE-2026-34195). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7017 |
|
Out-of-Bounds Read in CVE-2025-7017 (CVE-2025-7017)
vulnerability in CVE-2025-7017 (CVE-2025-7017). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7011 |
|
Out-of-Bounds Read in CVE-2025-7011 (CVE-2025-7011)
vulnerability in CVE-2025-7011 (CVE-2025-7011). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7009 |
|
Out-of-Bounds Read in CVE-2025-7009 (CVE-2025-7009)
vulnerability in CVE-2025-7009 (CVE-2025-7009). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7008 |
|
Out-of-Bounds Read in csharp (CVE-2025-7008)
vulnerability in csharp (CVE-2025-7008). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7004 |
|
Out-of-Bounds Write in CVE-2025-7004 (CVE-2025-7004)
out-of-bounds write in CVE-2025-7004 (CVE-2025-7004). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7003 |
|
Out-of-Bounds Read in CVE-2025-7003 (CVE-2025-7003)
vulnerability in CVE-2025-7003 (CVE-2025-7003). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7002 |
|
Out-of-Bounds Read in CVE-2025-7002 (CVE-2025-7002)
vulnerability in CVE-2025-7002 (CVE-2025-7002). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54091 |
|
Authorization Flaw in github.com/filebrowser/filebrowser/v2 (CVE-2026-54091)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54091). Confidential information can be exposed externally. Exploitable via `GET /api/public/share/`. Mitigation: upgrade to `2.63.6` or later.
|
| CVE-2026-54094 |
|
Path Traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094)
path traversal in github.com/filebrowser/filebrowser/v2 (CVE-2026-54094). Confidential information can be exposed externally. Exploitable via `GET /api/raw/{path}`. Mitigation: upgrade to `2.63.14` or later.
|
| CVE-2026-54057 |
|
Code Injection in kovidgoyal (CVE-2026-54057)
code injection in kovidgoyal (CVE-2026-54057). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54056 |
|
Vulnerability in kovidgoyal (CVE-2026-54056)
vulnerability in kovidgoyal (CVE-2026-54056). Data can be tampered with by attackers. Exploitable via ``O_NOFOLLOW``.
|
| CVE-2026-4870 |
|
Vulnerability in dos (CVE-2026-4870)
vulnerability in dos (CVE-2026-4870). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44786 |
|
Information Disclosure in discourse (CVE-2026-44786)
vulnerability in discourse (CVE-2026-44786). Confidential information can be exposed externally.
|
| CVE-2026-54096 |
|
Authorization Flaw in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096)
vulnerability in github.com/filebrowser/filebrowser/v2 (CVE-2026-54096). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/share/`. Mitigation: upgrade to `2.63.7` or later.
|
| CVE-2026-42851 |
|
Code Injection in kovidgoyal (CVE-2026-42851)
code injection in kovidgoyal (CVE-2026-42851). Successful exploitation can lead to full system takeover. Exploitable via ``cat``.
|
| CVE-2026-42850 |
|
Command Injection in kovidgoyal (CVE-2026-42850)
command injection in kovidgoyal (CVE-2026-42850). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53408 |
|
Vulnerability in zoom (CVE-2026-53408)
vulnerability in zoom (CVE-2026-53408). Confidential information can be exposed externally.
|
| CVE-2026-53407 |
|
Vulnerability in zoom (CVE-2026-53407)
vulnerability in zoom (CVE-2026-53407). Confidential information can be exposed externally.
|
| CVE-2026-50108 |
|
Vulnerability in CVE-2026-50108 (CVE-2026-50108)
vulnerability in CVE-2026-50108 (CVE-2026-50108). Confidential information can be exposed externally.
|
| CVE-2026-50101 |
|
Vulnerability in CVE-2026-50101 (CVE-2026-50101)
vulnerability in CVE-2026-50101 (CVE-2026-50101). Successful exploitation can lead to full system takeover.
|
| CVE-2026-12143 |
|
Vulnerability in form-data (CVE-2026-12143)
vulnerability in form-data (CVE-2026-12143). Data can be tampered with by attackers. Exploitable via ``field``. Mitigation: upgrade to `4.0.6` or later.
|
| CVE-2026-12043 |
|
Vulnerability in Amazon aws (CVE-2026-12043)
vulnerability in Amazon aws (CVE-2026-12043). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47965 |
|
Out-of-Bounds Write in adobe (CVE-2026-47965)
out-of-bounds write in adobe (CVE-2026-47965). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53406 |
|
Vulnerability in zoom (CVE-2026-53406)
vulnerability in zoom (CVE-2026-53406). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7387 |
|
Authorization Flaw in mattermost (CVE-2026-7387)
vulnerability in mattermost (CVE-2026-7387). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6961 |
|
Path Traversal in path-traversal (CVE-2026-6961)
path traversal in path-traversal (CVE-2026-6961). Data can be tampered with by attackers.
|
| CVE-2026-3840 |
|
Path Traversal in path-traversal (CVE-2026-3840)
path traversal in path-traversal (CVE-2026-3840). Confidential information can be exposed externally.
|
| CVE-2025-52465 |
|
Vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465)
vulnerability in org.geoserver.web:gs-web-app (CVE-2025-52465). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.26.4` or later.
|
| CVE-2026-48165 |
|
OS Command Injection in mariadb (CVE-2026-48165)
OS command injection in mariadb (CVE-2026-48165). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48163 |
|
OS Command Injection in mariadb (CVE-2026-48163)
OS command injection in mariadb (CVE-2026-48163). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44168 |
|
OS Command Injection in mariadb (CVE-2026-44168)
OS command injection in mariadb (CVE-2026-44168). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53981 |
|
Vulnerability in CVE-2026-53981 (CVE-2026-53981)
vulnerability in CVE-2026-53981 (CVE-2026-53981). Confidential information can be exposed externally.
|
| CVE-2026-9638 |
|
Vulnerability in CVE-2026-9638 (CVE-2026-9638)
vulnerability in CVE-2026-9638 (CVE-2026-9638). Confidential information can be exposed externally.
|
| CVE-2026-50088 |
|
Vulnerability in c (CVE-2026-50088)
vulnerability in c (CVE-2026-50088). Confidential information can be exposed externally.
|
| CVE-2026-50087 |
|
Vulnerability in c (CVE-2026-50087)
vulnerability in c (CVE-2026-50087). Confidential information can be exposed externally.
|
| CVE-2026-50085 |
|
Vulnerability in c (CVE-2026-50085)
vulnerability in c (CVE-2026-50085). Data can be tampered with by attackers.
|
| CVE-2026-50011 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-50011)
vulnerability in io.netty:netty-codec-redis (CVE-2026-50011). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-50010 |
|
Vulnerability in io.netty:netty-handler (CVE-2026-50010)
vulnerability in io.netty:netty-handler (CVE-2026-50010). Confidential information can be exposed externally. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-48748 |
|
Vulnerability in io.netty:netty-codec-http3 (CVE-2026-48748)
vulnerability in io.netty:netty-codec-http3 (CVE-2026-48748). Risk of unauthorized operations or information disclosure. Exploitable via ``HTTP3_SETTINGS_QPACK_MAX_TABLE_CAPACITY``. Mitigation: upgrade to `4.2.15.Final` or later.
|