Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-57572 |
|
Vulnerability in kidocode (CVE-2026-57572)
vulnerability in kidocode (CVE-2026-57572). Successful exploitation can lead to full system takeover.
|
| CVE-2026-57573 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-57573)
SSRF in ssrf (CVE-2026-57573). Confidential information can be exposed externally. Exploitable via `POST /crawl/stream`.
|
| CVE-2026-57571 |
|
Path Traversal in kidocode (CVE-2026-57571)
path traversal in kidocode (CVE-2026-57571). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56264 |
|
Code Injection in kidocode (CVE-2026-56264)
code injection in kidocode (CVE-2026-56264). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56262 |
|
Vulnerability in kidocode (CVE-2026-56262)
vulnerability in kidocode (CVE-2026-56262). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56258 |
|
Path Traversal in kidocode (CVE-2026-56258)
path traversal in kidocode (CVE-2026-56258). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56263 |
|
Cross-Site Scripting (XSS) in kidocode (CVE-2026-56263)
cross-site scripting in kidocode (CVE-2026-56263). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-56265 |
|
Vulnerability in kidocode (CVE-2026-56265)
vulnerability in kidocode (CVE-2026-56265). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53755 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53755)
SSRF in crawl4ai (CVE-2026-53755). Confidential information can be exposed externally. Exploitable via ``browser_config``. Mitigation: upgrade to `0.8.9` or later.
|
| CVE-2026-53754 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-53754)
SSRF in crawl4ai (CVE-2026-53754). Confidential information can be exposed externally. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.8` or later.
|
| CVE-2026-56266 |
|
SSRF (Server-Side Request Forgery) in crawl4ai (CVE-2026-56266)
SSRF in crawl4ai (CVE-2026-56266). Confidential information can be exposed externally. Exploitable via ``output_path``. Mitigation: upgrade to `0.8.7` or later.
|
| CVE-2026-53753 |
|
Code Injection in crawl4ai (CVE-2026-53753)
code injection in crawl4ai (CVE-2026-53753). Successful exploitation can lead to full system takeover. Exploitable via `POST /crawl`. Mitigation: upgrade to `0.8.7` or later.
|