Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-48508 Authorization Flaw in lemur (CVE-2026-48508)
vulnerability in lemur (CVE-2026-48508). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/1/authorities`. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-48504 Vulnerability in opentelemetry_sdk (CVE-2026-48504)
vulnerability in opentelemetry_sdk (CVE-2026-48504). Risk of unauthorized operations or information disclosure. Exploitable via ``opentelemetry_sdk``. Mitigation: upgrade to `0.32.1` or later.
CVE-2026-9705 Vulnerability in redhat (CVE-2026-9705)
vulnerability in redhat (CVE-2026-9705). Risk of unauthorized operations or information disclosure.
CVE-2026-9799 Vulnerability in redhat (CVE-2026-9799)
vulnerability in redhat (CVE-2026-9799). Risk of unauthorized operations or information disclosure.
CVE-2026-9083 Path Traversal in redhat (CVE-2026-9083)
path traversal in redhat (CVE-2026-9083). Confidential information can be exposed externally.
CVE-2026-9099 Vulnerability in redhat (CVE-2026-9099)
vulnerability in redhat (CVE-2026-9099). Confidential information can be exposed externally.
CVE-2026-9800 Vulnerability in redhat (CVE-2026-9800)
vulnerability in redhat (CVE-2026-9800). Confidential information can be exposed externally.
CVE-2026-9086 Cross-Site Scripting (XSS) in redhat (CVE-2026-9086)
cross-site scripting in redhat (CVE-2026-9086). Confidential information can be exposed externally.
CVE-2026-55961 Vulnerability in wolfssl (CVE-2026-55961)
vulnerability in wolfssl (CVE-2026-55961). Data can be tampered with by attackers.
CVE-2026-6291 Vulnerability in wolfssl (CVE-2026-6291)
vulnerability in wolfssl (CVE-2026-6291). Confidential information can be exposed externally.
CVE-2026-6094 Out-of-Bounds Read in wolfssl (CVE-2026-6094)
vulnerability in wolfssl (CVE-2026-6094). Confidential information can be exposed externally.
CVE-2026-6091 Vulnerability in wolfssl (CVE-2026-6091)
vulnerability in wolfssl (CVE-2026-6091). Data can be tampered with by attackers.
CVE-2026-55967 Vulnerability in wolfssl (CVE-2026-55967)
vulnerability in wolfssl (CVE-2026-55967). Confidential information can be exposed externally.
CVE-2026-11999 Vulnerability in c (CVE-2026-11999)
vulnerability in c (CVE-2026-11999). Data can be tampered with by attackers.
CVE-2026-56123 Vulnerability in dest-unreach (CVE-2026-56123)
vulnerability in dest-unreach (CVE-2026-56123). Successful exploitation can lead to full system takeover.
CVE-2026-45233 Path Traversal in path-traversal (CVE-2026-45233)
path traversal in path-traversal (CVE-2026-45233). Data can be tampered with by attackers.
CVE-2026-9718 Vulnerability in schneider-electric (CVE-2026-9718)
vulnerability in schneider-electric (CVE-2026-9718). Risk of unauthorized operations or information disclosure.
CVE-2026-9651 Vulnerability in CVE-2026-9651 (CVE-2026-9651)
vulnerability in CVE-2026-9651 (CVE-2026-9651). Risk of unauthorized operations or information disclosure.
CVE-2026-9716 Vulnerability in schneider-electric (CVE-2026-9716)
vulnerability in schneider-electric (CVE-2026-9716). Risk of unauthorized operations or information disclosure.
CVE-2026-9650 Vulnerability in CVE-2026-9650 (CVE-2026-9650)
vulnerability in CVE-2026-9650 (CVE-2026-9650). Risk of unauthorized operations or information disclosure.
CVE-2026-9717 OS Command Injection in schneider-electric (CVE-2026-9717)
OS command injection in schneider-electric (CVE-2026-9717). Successful exploitation can lead to full system takeover.
CVE-2026-48944 Path Traversal in joomlaworks (CVE-2026-48944)
path traversal in joomlaworks (CVE-2026-48944). Confidential information can be exposed externally. Exploitable via ``configuration.php``.
CVE-2026-48946 Unrestricted File Upload in apache (CVE-2026-48946)
vulnerability in apache (CVE-2026-48946). Risk of unauthorized operations or information disclosure. Exploitable via ``shell.php``.
CVE-2026-48943 Vulnerability in c (CVE-2026-48943)
vulnerability in c (CVE-2026-48943). Risk of unauthorized operations or information disclosure. Exploitable via ``plg_user_k2``.
CVE-2026-48941 Vulnerability in joomlaworks (CVE-2026-48941)
vulnerability in joomlaworks (CVE-2026-48941). Risk of unauthorized operations or information disclosure. Exploitable via ``item.checkin``.
CVE-2026-48945 Unrestricted File Upload in joomlaworks (CVE-2026-48945)
vulnerability in joomlaworks (CVE-2026-48945). Risk of unauthorized operations or information disclosure.
CVE-2026-4522 Vulnerability in CVE-2026-4522 (CVE-2026-4522)
vulnerability in CVE-2026-4522 (CVE-2026-4522). Risk of unauthorized operations or information disclosure.
CVE-2026-48942 Cross-Site Scripting (XSS) in joomlaworks (CVE-2026-48942)
cross-site scripting in joomlaworks (CVE-2026-48942). Risk of unauthorized operations or information disclosure. Exploitable via ``src``.
CVE-2026-48940 Cross-Site Scripting (XSS) in joomlaworks (CVE-2026-48940)
cross-site scripting in joomlaworks (CVE-2026-48940). Risk of unauthorized operations or information disclosure. Exploitable via ``embedVideo``.
CVE-2026-12844 Vulnerability in CVE-2026-12844 (CVE-2026-12844)
vulnerability in CVE-2026-12844 (CVE-2026-12844). Risk of unauthorized operations or information disclosure.
GHSA-3fxj-6jh8-hvhx Vulnerability in github.com/go-chi/chi/v5/middleware (GHSA-3fxj-6jh8-hvhx)
vulnerability in github.com/go-chi/chi/v5/middleware (GHSA-3fxj-6jh8-hvhx). Risk of unauthorized operations or information disclosure. Exploitable via ``RealIP``. Mitigation: upgrade to `5.3.0` or later.
GHSA-rjr7-jggh-pgcp Vulnerability in github.com/go-chi/chi/middleware (GHSA-rjr7-jggh-pgcp)
vulnerability in github.com/go-chi/chi/middleware (GHSA-rjr7-jggh-pgcp). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.3.0` or later.
GHSA-9g5q-2w5x-hmxf Vulnerability in github.com/go-chi/chi/middleware (GHSA-9g5q-2w5x-hmxf)
vulnerability in github.com/go-chi/chi/middleware (GHSA-9g5q-2w5x-hmxf). Risk of unauthorized operations or information disclosure. Exploitable via ``Request.RemoteAddr``. Mitigation: upgrade to `5.3.0` or later.
GHSA-r4v7-6wcg-ghj5 Vulnerability in github.com/gtsteffaniak/filebrowser (GHSA-r4v7-6wcg-ghj5)
vulnerability in github.com/gtsteffaniak/filebrowser (GHSA-r4v7-6wcg-ghj5). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.0-20260522161427-fa5abc8c67f3a` or later.
CVE-2026-54679 Vulnerability in jqlang (CVE-2026-54679)
vulnerability in jqlang (CVE-2026-54679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.2` or later.
CVE-2026-49839 Out-of-Bounds Write in jqlang (CVE-2026-49839)
out-of-bounds write in jqlang (CVE-2026-49839). Data can be tampered with by attackers. Mitigation: upgrade to `1.8.2` or later.
CVE-2026-47770 Vulnerability in c (CVE-2026-47770)
vulnerability in c (CVE-2026-47770). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.2` or later.
GHSA-fq3w-p4fg-mw73 Vulnerability in fixurjavainstall (GHSA-fq3w-p4fg-mw73)
vulnerability in fixurjavainstall (GHSA-fq3w-p4fg-mw73). Risk of unauthorized operations or information disclosure. Exploitable via ``dev``. Mitigation: upgrade to `0.8.1` or later.
GHSA-wrr4-782v-jhwh Vulnerability in neotoma (GHSA-wrr4-782v-jhwh)
vulnerability in neotoma (GHSA-wrr4-782v-jhwh). Risk of unauthorized operations or information disclosure. Exploitable via ``getAuthenticatedUserId``. Mitigation: upgrade to `0.14.0` or later.
GHSA-jf6w-2mvx-633j Cross-Site Scripting (XSS) in justhtml (GHSA-jf6w-2mvx-633j)
cross-site scripting in justhtml (GHSA-jf6w-2mvx-633j). Risk of unauthorized operations or information disclosure. Exploitable via ``justhtml``. Mitigation: upgrade to `1.22.0` or later.
CVE-2026-46560 Vulnerability in org.openidentityplatform.openam:openam-radius (CVE-2026-46560)
vulnerability in org.openidentityplatform.openam:openam-radius (CVE-2026-46560). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.1.1` or later.
CVE-2026-55439 Path Traversal in path-traversal (CVE-2026-55439)
path traversal in path-traversal (CVE-2026-55439). Confidential information can be exposed externally. Exploitable via `GET /apis/console.api.migration.halo.run/v1alpha1/backups/{name}/files/{filename}`. Mitigation: upgrade to `2.24.3` or later.
CVE-2026-55413 Code Injection in CVE-2026-55413 (CVE-2026-55413)
code injection in CVE-2026-55413 (CVE-2026-55413). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
CVE-2026-55412 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-55412)
SSRF in ssrf (CVE-2026-55412). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.20.178-lts` or later.
CVE-2026-55411 Vulnerability in CVE-2026-55411 (CVE-2026-55411)
vulnerability in CVE-2026-55411 (CVE-2026-55411). Confidential information can be exposed externally. Exploitable via `POST /api/data-sources/decrypt`. Mitigation: upgrade to `3.20.1780-lts` or later.
CVE-2026-55092 Path Traversal in aquasec (CVE-2026-55092)
path traversal in aquasec (CVE-2026-55092). Data can be tampered with by attackers. Mitigation: upgrade to `0.71.1` or later.
CVE-2026-54573 Authorization Flaw in privilege-escalation (CVE-2026-54573)
vulnerability in privilege-escalation (CVE-2026-54573). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
CVE-2026-54448 Vulnerability in aquasec (CVE-2026-54448)
vulnerability in aquasec (CVE-2026-54448). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.71.0` or later.
CVE-2026-54040 Vulnerability in librechat (CVE-2026-54040)
vulnerability in librechat (CVE-2026-54040). Data can be tampered with by attackers. Exploitable via `POST /api/auth/2fa/backup/regenerate`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54037 Vulnerability in librechat (CVE-2026-54037)
vulnerability in librechat (CVE-2026-54037). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/fork`. Mitigation: upgrade to `0.8.4-rc1` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →