Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53807 |
|
Authorization Flaw in openclaw (CVE-2026-53807)
vulnerability in openclaw (CVE-2026-53807). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53819 |
|
Vulnerability in openclaw (CVE-2026-53819)
vulnerability in openclaw (CVE-2026-53819). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.27` or later.
|
| CVE-2026-53817 |
|
Vulnerability in openclaw (CVE-2026-53817)
vulnerability in openclaw (CVE-2026-53817). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.22` or later.
|
| CVE-2026-53816 |
|
Vulnerability in openclaw (CVE-2026-53816)
vulnerability in openclaw (CVE-2026-53816). Successful exploitation can lead to full system takeover. Exploitable via ``system.run``. Mitigation: upgrade to `2026.5.18` or later.
|
| CVE-2026-53814 |
|
Information Disclosure in openclaw (CVE-2026-53814)
vulnerability in openclaw (CVE-2026-53814). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.20` or later.
|
| CVE-2026-53813 |
|
Vulnerability in openclaw (CVE-2026-53813)
vulnerability in openclaw (CVE-2026-53813). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.4.25` or later.
|
| CVE-2026-53812 |
|
Vulnerability in openclaw (CVE-2026-53812)
vulnerability in openclaw (CVE-2026-53812). Confidential information can be exposed externally. Exploitable via ``act``. Mitigation: upgrade to `2026.5.18` or later.
|
| CVE-2026-53811 |
|
Vulnerability in openclaw (CVE-2026-53811)
vulnerability in openclaw (CVE-2026-53811). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.7` or later.
|
| CVE-2026-53810 |
|
OS Command Injection in openclaw (CVE-2026-53810)
OS command injection in openclaw (CVE-2026-53810). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.18` or later.
|
| CVE-2026-53806 |
|
Vulnerability in openclaw (CVE-2026-53806)
vulnerability in openclaw (CVE-2026-53806). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.12` or later.
|
| CVE-2026-48109 |
|
Vulnerability in MessagePack (CVE-2026-48109)
vulnerability in MessagePack (CVE-2026-48109). Risk of unauthorized operations or information disclosure. Exploitable via ``Lz4Block``. Mitigation: upgrade to `3.1.7` or later.
|
| CVE-2025-27511 |
|
Vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511)
vulnerability in org.geoserver.extension:gs-db2 (CVE-2025-27511). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.27.0` or later.
|
| CVE-2026-48059 |
|
Vulnerability in io.netty:netty-codec-haproxy (CVE-2026-48059)
vulnerability in io.netty:netty-codec-haproxy (CVE-2026-48059). Risk of unauthorized operations or information disclosure. Exploitable via ``PP2_TYPE_SSL``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-53782 |
|
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows...
|
| CVE-2026-46622 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a misconf...
|
| CVE-2026-46489 |
|
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG f...
SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into every...
|
| CVE-2026-45175 |
|
Vulnerability in paloaltonetworks (CVE-2026-45175)
vulnerability in paloaltonetworks (CVE-2026-45175). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52860 |
|
Code Injection in vim (CVE-2026-52860)
code injection in vim (CVE-2026-52860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-52859 |
|
Out-of-Bounds Read in c (CVE-2026-52859)
vulnerability in c (CVE-2026-52859). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-52858 |
|
Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48547 |
|
OS Command Injection in CVE-2026-48547 (CVE-2026-48547)
OS command injection in CVE-2026-48547 (CVE-2026-48547). Confidential information can be exposed externally.
|
| CVE-2026-47170 |
|
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HT...
Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary HTTP requests to internal services via the uploadFromUrl endpoint. This allows internal port scanning,...
|
| CVE-2026-47162 |
|
Vulnerability in vim (CVE-2026-47162)
vulnerability in vim (CVE-2026-47162). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45178 |
|
Vulnerability in dos (CVE-2026-45178)
vulnerability in dos (CVE-2026-45178). Confidential information can be exposed externally.
|
| CVE-2026-45176 |
|
Privilege Escalation in paloaltonetworks (CVE-2026-45176)
vulnerability in paloaltonetworks (CVE-2026-45176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11774 |
|
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base)....
|
| CVE-2025-46315 |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS...
|
| CVE-2025-31272 |
|
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app...
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app...
|
| CVE-2025-24284 |
|
This issue was addressed with improved checks to prevent unauthorized actions. This issue is...
This issue was addressed with improved checks to prevent unauthorized actions. This issue is...
|
| CVE-2026-48546 |
|
Vulnerability in CVE-2026-48546 (CVE-2026-48546)
vulnerability in CVE-2026-48546 (CVE-2026-48546). Confidential information can be exposed externally.
|
| CVE-2026-46697 |
|
SSRF (Server-Side Request Forgery) in wordpress (CVE-2026-46697)
SSRF in wordpress (CVE-2026-46697). Confidential information can be exposed externally.
|
| CVE-2026-49982 |
|
Vulnerability in tmp (CVE-2026-49982)
vulnerability in tmp (CVE-2026-49982). Data can be tampered with by attackers. Exploitable via ``_assertPath``. Mitigation: upgrade to `0.2.7` or later.
|
| CVE-2026-7870 |
|
Vulnerability in ibm (CVE-2026-7870)
vulnerability in ibm (CVE-2026-7870). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7787 |
|
Vulnerability in langflow (CVE-2026-7787)
vulnerability in langflow (CVE-2026-7787). Confidential information can be exposed externally.
|
| CVE-2026-53777 |
|
Path Traversal in path-traversal (CVE-2026-53777)
path traversal in path-traversal (CVE-2026-53777). Confidential information can be exposed externally.
|
| CVE-2026-42947 |
|
Vulnerability in cisa (CVE-2026-42947)
vulnerability in cisa (CVE-2026-42947). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50245 |
|
Vulnerability in cisa (CVE-2026-50245)
vulnerability in cisa (CVE-2026-50245). Confidential information can be exposed externally.
|
| CVE-2026-11816 |
|
Path Traversal in path-traversal (CVE-2026-11816)
path traversal in path-traversal (CVE-2026-11816). Confidential information can be exposed externally. Exploitable via ``AttributeError``.
|
| CVE-2026-10847 |
|
Vulnerability in privilege-escalation (CVE-2026-10847)
vulnerability in privilege-escalation (CVE-2026-10847). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48006 |
|
Vulnerability in io.netty:netty-codec-redis (CVE-2026-48006)
vulnerability in io.netty:netty-codec-redis (CVE-2026-48006). Risk of unauthorized operations or information disclosure. Exploitable via ``depths``. Mitigation: upgrade to `4.1.135.Final` or later.
|
| CVE-2026-7250 |
|
Vulnerability in gitlab (CVE-2026-7250)
vulnerability in gitlab (CVE-2026-7250). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-8589 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-8589)
cross-site scripting in gitlab (CVE-2026-8589). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-6552 |
|
Vulnerability in gitlab (CVE-2026-6552)
vulnerability in gitlab (CVE-2026-6552). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-10087 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2026-10087)
cross-site scripting in gitlab (CVE-2026-10087). Confidential information can be exposed externally. Mitigation: upgrade to `18.10.8, 18.11.5, 19.0.2` or later.
|
| CVE-2026-5497 |
|
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS)...
|
| CVE-2023-33999 |
|
Cross-Site Scripting (XSS) in CVE-2023-33999 (CVE-2023-33999)
cross-site scripting in CVE-2023-33999 (CVE-2023-33999). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41856 |
|
Vulnerability in vmware (CVE-2026-41856)
vulnerability in vmware (CVE-2026-41856). Confidential information can be exposed externally.
|
| CVE-2026-41700 |
|
Vulnerability in vmware (CVE-2026-41700)
vulnerability in vmware (CVE-2026-41700). Confidential information can be exposed externally.
|
| CVE-2026-41699 |
|
Unsafe Deserialization in deserialization (CVE-2026-41699)
vulnerability in deserialization (CVE-2026-41699). Successful exploitation can lead to full system takeover.
|
| CVE-2026-40999 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-40999 (CVE-2026-40999)
SSRF in CVE-2026-40999 (CVE-2026-40999). Confidential information can be exposed externally.
|