Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-54033 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
SSRF in ssrf (CVE-2026-54033). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54030 Vulnerability in librechat (CVE-2026-54030)
vulnerability in librechat (CVE-2026-54030). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.5` or later.
CVE-2026-54029 Vulnerability in librechat (CVE-2026-54029)
vulnerability in librechat (CVE-2026-54029). Data can be tampered with by attackers. Exploitable via `DELETE /api/messages/`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54027 Vulnerability in librechat (CVE-2026-54027)
vulnerability in librechat (CVE-2026-54027). Data can be tampered with by attackers. Exploitable via `POST /api/files/images`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54025 Cross-Site Scripting (XSS) in librechat (CVE-2026-54025)
cross-site scripting in librechat (CVE-2026-54025). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54024 Vulnerability in librechat (CVE-2026-54024)
vulnerability in librechat (CVE-2026-54024). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/import`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-13351 Vulnerability in dos (CVE-2026-13351)
vulnerability in dos (CVE-2026-13351). Risk of unauthorized operations or information disclosure.
CVE-2026-13350 Vulnerability in CVE-2026-13350 (CVE-2026-13350)
vulnerability in CVE-2026-13350 (CVE-2026-13350). Risk of unauthorized operations or information disclosure.
CVE-2026-46498 Vulnerability in org.openidentityplatform.openam:openam-oauth2 (CVE-2026-46498)
vulnerability in org.openidentityplatform.openam:openam-oauth2 (CVE-2026-46498). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.1.1` or later.
CVE-2026-46406 Vulnerability in @anthropic-ai/claude-code (CVE-2026-46406)
vulnerability in @anthropic-ai/claude-code (CVE-2026-46406). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.1.128` or later.
CVE-2026-45794 Unsafe Deserialization in org.openidentityplatform.openam:openam-push-notification (CVE-2026-45794)
vulnerability in org.openidentityplatform.openam:openam-push-notification (CVE-2026-45794). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.1.1` or later.
CVE-2026-57456 Code Injection in vim (CVE-2026-57456)
code injection in vim (CVE-2026-57456). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.2.0699` or later.
CVE-2026-57455 Out-of-Bounds Write in c (CVE-2026-57455)
out-of-bounds write in c (CVE-2026-57455). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.2.0698` or later.
CVE-2026-57454 Out-of-Bounds Read in vim (CVE-2026-57454)
vulnerability in vim (CVE-2026-57454). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.2.0679` or later.
CVE-2026-57453 Command Injection in vim (CVE-2026-57453)
command injection in vim (CVE-2026-57453). Confidential information can be exposed externally. Mitigation: upgrade to `9.2.0678` or later.
CVE-2026-57452 Out-of-Bounds Read in vim (CVE-2026-57452)
vulnerability in vim (CVE-2026-57452). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.2.0671` or later.
CVE-2026-57451 Out-of-Bounds Read in c (CVE-2026-57451)
vulnerability in c (CVE-2026-57451). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.2.0670` or later.
CVE-2026-57438 Use-After-Free in nokogiri (CVE-2026-57438)
vulnerability in nokogiri (CVE-2026-57438). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
CVE-2026-55895 OS Command Injection in vim (CVE-2026-55895)
OS command injection in vim (CVE-2026-55895). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.2.0663` or later.
CVE-2026-55892 Out-of-Bounds Write in c (CVE-2026-55892)
out-of-bounds write in c (CVE-2026-55892). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.2.0662` or later.
CVE-2026-55693 Out-of-Bounds Write in c (CVE-2026-55693)
out-of-bounds write in c (CVE-2026-55693). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.2.0653` or later.
CVE-2026-55477 Vulnerability in CVE-2026-55477 (CVE-2026-55477)
vulnerability in CVE-2026-55477 (CVE-2026-55477). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.3.1` or later.
CVE-2026-54036 Vulnerability in librechat (CVE-2026-54036)
vulnerability in librechat (CVE-2026-54036). Data can be tampered with by attackers. Exploitable via `GET /api/auth/2fa/enable`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-57588 SQL Injection in sqli (CVE-2026-57588)
SQL injection in sqli (CVE-2026-57588). Risk of unauthorized operations or information disclosure.
CVE-2026-57534 Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
CVE-2026-6432 Vulnerability in CVE-2026-6432 (CVE-2026-6432)
vulnerability in CVE-2026-6432 (CVE-2026-6432). Risk of unauthorized operations or information disclosure.
CVE-2026-57587 SQL Injection in sqli (CVE-2026-57587)
SQL injection in sqli (CVE-2026-57587). Risk of unauthorized operations or information disclosure.
CVE-2026-57532 Vulnerability in CVE-2026-57532 (CVE-2026-57532)
vulnerability in CVE-2026-57532 (CVE-2026-57532). Risk of unauthorized operations or information disclosure.
CVE-2026-57535 Vulnerability in ssrf (CVE-2026-57535)
vulnerability in ssrf (CVE-2026-57535). Risk of unauthorized operations or information disclosure.
CVE-2026-49319 Vulnerability in CVE-2026-49319 (CVE-2026-49319)
vulnerability in CVE-2026-49319 (CVE-2026-49319). Data can be tampered with by attackers.
CVE-2026-57429 Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.
Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.
CVE-2026-57619 Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.
CVE-2026-57533 Vulnerability in CVE-2026-57533 (CVE-2026-57533)
vulnerability in CVE-2026-57533 (CVE-2026-57533). Risk of unauthorized operations or information disclosure.
CVE-2026-56071 Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.
CVE-2026-13314 Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
CVE-2026-13223 Vulnerability in CVE-2026-13223 (CVE-2026-13223)
vulnerability in CVE-2026-13223 (CVE-2026-13223). Risk of unauthorized operations or information disclosure.
CVE-2026-56122 Path Traversal in path-traversal (CVE-2026-56122)
path traversal in path-traversal (CVE-2026-56122). Confidential information can be exposed externally.
CVE-2026-13222 Vulnerability in CVE-2026-13222 (CVE-2026-13222)
vulnerability in CVE-2026-13222 (CVE-2026-13222). Risk of unauthorized operations or information disclosure.
CVE-2026-46735 OS Command Injection in CVE-2026-46735 (CVE-2026-46735)
OS command injection in CVE-2026-46735 (CVE-2026-46735). Successful exploitation can lead to full system takeover.
CVE-2026-56053 Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.
CVE-2026-56050 Vulnerability in CVE-2026-56050 (CVE-2026-56050)
vulnerability in CVE-2026-56050 (CVE-2026-56050). Risk of unauthorized operations or information disclosure.
CVE-2026-56049 Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.
CVE-2026-56054 Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.
CVE-2026-56051 Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
CVE-2026-57536 Vulnerability in CVE-2026-57536 (CVE-2026-57536)
vulnerability in CVE-2026-57536 (CVE-2026-57536). Risk of unauthorized operations or information disclosure.
CVE-2026-13225 Vulnerability in CVE-2026-13225 (CVE-2026-13225)
vulnerability in CVE-2026-13225 (CVE-2026-13225). Risk of unauthorized operations or information disclosure.
CVE-2026-56042 Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.
CVE-2026-56005 Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.
CVE-2026-56014 Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
CVE-2026-54848 Vulnerability in CVE-2026-54848 (CVE-2026-54848)
vulnerability in CVE-2026-54848 (CVE-2026-54848). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →