Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-54234 Vulnerability in dos (CVE-2026-54234)
vulnerability in dos (CVE-2026-54234). Risk of unauthorized operations or information disclosure.
CVE-2026-42341 Vulnerability in CVE-2026-42341 (CVE-2026-42341)
vulnerability in CVE-2026-42341 (CVE-2026-42341). Risk of unauthorized operations or information disclosure.
CVE-2026-42331 Vulnerability in CVE-2026-42331 (CVE-2026-42331)
vulnerability in CVE-2026-42331 (CVE-2026-42331). Risk of unauthorized operations or information disclosure. Exploitable via ``gateway_id``.
CVE-2026-34038 OS Command Injection in CVE-2026-34038 (CVE-2026-34038)
OS command injection in CVE-2026-34038 (CVE-2026-34038). Successful exploitation can lead to full system takeover.
CVE-2026-33734 SQL Injection in sqli (CVE-2026-33734)
SQL injection in sqli (CVE-2026-33734). Risk of unauthorized operations or information disclosure. Exploitable via ``Massmailer``.
CVE-2026-55438 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55438)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55438). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55426 OS Command Injection in linuxfabrik-lib (CVE-2026-55426)
OS command injection in linuxfabrik-lib (CVE-2026-55426). Risk of unauthorized operations or information disclosure. Exploitable via ``shell_exec``. Mitigation: upgrade to `5.0.0` or later.
CVE-2026-55437 Cross-Site Scripting (XSS) in github.com/coder/coder/v2 (CVE-2026-55437)
cross-site scripting in github.com/coder/coder/v2 (CVE-2026-55437). Risk of unauthorized operations or information disclosure. Exploitable via ``AgentLogLine``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55436 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55436)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55436). Confidential information can be exposed externally. Exploitable via ``aibridgeproxyd``. Mitigation: upgrade to `2.32.7` or later.
CVE-2026-55435 Authorization Flaw in github.com/coder/coder/v2 (CVE-2026-55435)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55435). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /api/v2/users/{user}/keys`. Mitigation: upgrade to `2.32.7` or later.
CVE-2026-55434 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55434)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55434). Risk of unauthorized operations or information disclosure. Exploitable via ``io.ReadAll``. Mitigation: upgrade to `2.33.8` or later.
CVE-2026-55433 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55433)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55433). Risk of unauthorized operations or information disclosure. Exploitable via ``ActionRead``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55432 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55432)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55432). Risk of unauthorized operations or information disclosure. Exploitable via ``CreateSubAgent``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55431 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55431)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55431). Confidential information can be exposed externally. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55078 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55078)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55078). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v2/files`. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55430 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55430)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55430). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55428 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55428)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55428). Confidential information can be exposed externally. Exploitable via ``Addresses``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55429 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55429)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55429). Confidential information can be exposed externally. Exploitable via ``UpsertWorkspaceApp``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55079 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55079)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55079). Risk of unauthorized operations or information disclosure. Exploitable via ``NewDataBuilder``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55427 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55427)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55427). Successful exploitation can lead to full system takeover. Exploitable via ``HostnameSuffix``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55077 Vulnerability in github.com/coder/coder/v2 (CVE-2026-55077)
vulnerability in github.com/coder/coder/v2 (CVE-2026-55077). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v2/users/{user}/password`. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55075 Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55075)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55075). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-55076 Authentication Bypass in github.com/coder/coder/v2 (CVE-2026-55076)
authentication bypass in github.com/coder/coder/v2 (CVE-2026-55076). Confidential information can be exposed externally. Exploitable via ``email_verified``. Mitigation: upgrade to `2.29.17` or later.
CVE-2026-54640 XXE (XML External Entity) in io.openremote:openremote-agent (CVE-2026-54640)
vulnerability in io.openremote:openremote-agent (CVE-2026-54640). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/{realm}/agent/{agentId}/import`. Mitigation: upgrade to `1.24.2` or later.
CVE-2026-54641 Vulnerability in io.openremote:openremote-manager (CVE-2026-54641)
vulnerability in io.openremote:openremote-manager (CVE-2026-54641). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.2` or later.
CVE-2026-53935 Authorization Flaw in github.com/cilium/cilium (CVE-2026-53935)
vulnerability in github.com/cilium/cilium (CVE-2026-53935). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.17.16` or later.
CVE-2026-53624 Vulnerability in github.com/gofiber/fiber (CVE-2026-53624)
vulnerability in github.com/gofiber/fiber (CVE-2026-53624). Risk of unauthorized operations or information disclosure. Exploitable via ``helmet``. Mitigation: upgrade to `3.4.0` or later.
CVE-2026-54771 Vulnerability in langroid (CVE-2026-54771)
vulnerability in langroid (CVE-2026-54771). Risk of unauthorized operations or information disclosure. Exploitable via ``Entity.USER``. Mitigation: upgrade to `0.65.3` or later.
CVE-2026-54769 Code Injection in langroid (CVE-2026-54769)
code injection in langroid (CVE-2026-54769). Risk of unauthorized operations or information disclosure. Exploitable via ``TableChatAgent``. Mitigation: upgrade to `0.65.2` or later.
CVE-2026-54760 Path Traversal in langroid (CVE-2026-54760)
path traversal in langroid (CVE-2026-54760). Risk of unauthorized operations or information disclosure. Exploitable via ``_validate_query``. Mitigation: upgrade to `0.65.1` or later.
CVE-2026-54637 SSRF (Server-Side Request Forgery) in d7y.io/dragonfly/v2 (CVE-2026-54637)
SSRF in d7y.io/dragonfly/v2 (CVE-2026-54637). Risk of unauthorized operations or information disclosure. Exploitable via `GET /download/dea/deadbeefcafebabedeadbeefcafebabedeadbeefcafebabedeadbeefcafebabe`. Mitigation: upgrade to `2.4.4-rc.3` or later.
CVE-2026-53759 Vulnerability in linuxfabrik-lib (CVE-2026-53759)
vulnerability in linuxfabrik-lib (CVE-2026-53759). Risk of unauthorized operations or information disclosure. Exploitable via ``PrivateTemp``. Mitigation: upgrade to `4.2.0` or later.
GHSA-x76w-8c62-48mg Information Disclosure in craftcms/cms (GHSA-x76w-8c62-48mg)
vulnerability in craftcms/cms (GHSA-x76w-8c62-48mg). Risk of unauthorized operations or information disclosure. Exploitable via ``assetId``. Mitigation: upgrade to `5.9.14` or later.
CVE-2026-53486 Path Traversal in @xhmikosr/decompress (CVE-2026-53486)
path traversal in @xhmikosr/decompress (CVE-2026-53486). Risk of unauthorized operations or information disclosure. Exploitable via ``path.relative``. Mitigation: upgrade to `11.1.3` or later.
CVE-2026-35366 Vulnerability in uu_printenv (CVE-2026-35366)
vulnerability in uu_printenv (CVE-2026-35366). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.0` or later.
CVE-2026-35362 Vulnerability in uucore (CVE-2026-35362)
vulnerability in uucore (CVE-2026-35362). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.0` or later.
CVE-2026-35365 Vulnerability in uu_mv (CVE-2026-35365)
vulnerability in uu_mv (CVE-2026-35365). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0` or later.
CVE-2026-35358 Vulnerability in uu_cp (CVE-2026-35358)
vulnerability in uu_cp (CVE-2026-35358). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.7.0` or later.
CVE-2026-35347 Vulnerability in uu_comm (CVE-2026-35347)
vulnerability in uu_comm (CVE-2026-35347). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.0` or later.
CVE-2026-59089 Vulnerability in dos (CVE-2026-59089)
vulnerability in dos (CVE-2026-59089). Risk of unauthorized operations or information disclosure.
CVE-2026-58404 SSRF (Server-Side Request Forgery) in gohugo (CVE-2026-58404)
SSRF in gohugo (CVE-2026-58404). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
CVE-2026-58403 Vulnerability in gohugo (CVE-2026-58403)
vulnerability in gohugo (CVE-2026-58403). Confidential information can be exposed externally. Mitigation: upgrade to `0.163.1` or later.
CVE-2026-58402 Cross-Site Scripting (XSS) in gohugo (CVE-2026-58402)
cross-site scripting in gohugo (CVE-2026-58402). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.163.3` or later.
CVE-2026-55646 Vulnerability in vllm (CVE-2026-55646)
vulnerability in vllm (CVE-2026-55646). Risk of unauthorized operations or information disclosure.
CVE-2026-53763 Vulnerability in trustedfirmware (CVE-2026-53763)
vulnerability in trustedfirmware (CVE-2026-53763). Risk of unauthorized operations or information disclosure.
CVE-2026-44362 Vulnerability in c (CVE-2026-44362)
vulnerability in c (CVE-2026-44362). Data can be tampered with by attackers. Exploitable via ``subkey_version``.
CVE-2026-42546 Vulnerability in c (CVE-2026-42546)
vulnerability in c (CVE-2026-42546). Risk of unauthorized operations or information disclosure. Exploitable via ``OPTEE_MSG_ATTR_TYPE_MASK``.
CVE-2026-41516 Vulnerability in trustedfirmware (CVE-2026-41516)
vulnerability in trustedfirmware (CVE-2026-41516). Risk of unauthorized operations or information disclosure.
CVE-2026-41515 Vulnerability in trustedfirmware (CVE-2026-41515)
vulnerability in trustedfirmware (CVE-2026-41515). Risk of unauthorized operations or information disclosure.
CVE-2026-41514 Vulnerability in trustedfirmware (CVE-2026-41514)
vulnerability in trustedfirmware (CVE-2026-41514). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →