Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42172 |
|
Vulnerability in CVE-2026-42172 (CVE-2026-42172)
vulnerability in CVE-2026-42172 (CVE-2026-42172). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43918 |
|
Vulnerability in CVE-2026-43918 (CVE-2026-43918)
vulnerability in CVE-2026-43918 (CVE-2026-43918). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46455 |
|
Vulnerability in apache (CVE-2026-46455)
vulnerability in apache (CVE-2026-46455). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14725 |
|
Vulnerability in CVE-2026-14725 (CVE-2026-14725)
vulnerability in CVE-2026-14725 (CVE-2026-14725). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-36359 |
|
Vulnerability in ibm (CVE-2025-36359)
vulnerability in ibm (CVE-2025-36359). Confidential information can be exposed externally.
|
| CVE-2026-54479 |
|
Vulnerability in CVE-2026-54479 (CVE-2026-54479)
vulnerability in CVE-2026-54479 (CVE-2026-54479). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71335 |
|
Vulnerability in flowiseai (CVE-2025-71335)
vulnerability in flowiseai (CVE-2025-71335). Confidential information can be exposed externally.
|
| CVE-2026-9705 |
|
Vulnerability in redhat (CVE-2026-9705)
vulnerability in redhat (CVE-2026-9705). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49277 |
|
Vulnerability in CVE-2026-49277 (CVE-2026-49277)
vulnerability in CVE-2026-49277 (CVE-2026-49277). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-45757 |
|
Vulnerability in CVE-2026-45757 (CVE-2026-45757)
vulnerability in CVE-2026-45757 (CVE-2026-45757). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.5.0` or later.
|
| CVE-2026-52809 |
|
Vulnerability in gogs.io/gogs (CVE-2026-52809)
vulnerability in gogs.io/gogs (CVE-2026-52809). Confidential information can be exposed externally. Exploitable via `POST /user/forget_password`. Mitigation: upgrade to `0.14.3` or later.
|
| CVE-2026-49229 |
|
Vulnerability in @actual-app/sync-server (CVE-2026-49229)
vulnerability in @actual-app/sync-server (CVE-2026-49229). Confidential information can be exposed externally. Exploitable via `PATCH /admin/users`. Mitigation: upgrade to `26.6.0` or later.
|
| CVE-2026-9162 |
|
Vulnerability in mattermost (CVE-2026-9162)
vulnerability in mattermost (CVE-2026-9162). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12796 |
|
Vulnerability in litellm (CVE-2026-12796)
vulnerability in litellm (CVE-2026-12796). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12772 |
|
Vulnerability in litellm (CVE-2026-12772)
vulnerability in litellm (CVE-2026-12772). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55423 |
|
Vulnerability in langflow (CVE-2026-55423)
vulnerability in langflow (CVE-2026-55423). Confidential information can be exposed externally. Exploitable via ``access_token_lf``. Mitigation: upgrade to `1.7.1` or later.
|
| CVE-2025-62340 |
|
Vulnerability in hcltech (CVE-2025-62340)
vulnerability in hcltech (CVE-2025-62340). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53928 |
|
Vulnerability in nocodb (CVE-2026-53928)
vulnerability in nocodb (CVE-2026-53928). Risk of unauthorized operations or information disclosure. Exploitable via ``passwordChange``.
|
| CVE-2026-54321 |
|
Vulnerability in github.com/daytonaio/daytona (CVE-2026-54321)
vulnerability in github.com/daytonaio/daytona (CVE-2026-54321). Confidential information can be exposed externally. Mitigation: upgrade to `0.184.0` or later.
|
| CVE-2026-53843 |
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
| CVE-2026-53776 |
|
Vulnerability in CVE-2026-53776 (CVE-2026-53776)
vulnerability in CVE-2026-53776 (CVE-2026-53776). Confidential information can be exposed externally.
|
| CVE-2026-44188 |
|
Vulnerability in CVE-2026-44188 (CVE-2026-44188)
vulnerability in CVE-2026-44188 (CVE-2026-44188). Confidential information can be exposed externally.
|
| CVE-2026-53830 |
|
Vulnerability in openclaw (CVE-2026-53830)
vulnerability in openclaw (CVE-2026-53830). Data can be tampered with by attackers.
|
| CVE-2026-53824 |
|
Vulnerability in openclaw (CVE-2026-53824)
vulnerability in openclaw (CVE-2026-53824). Data can be tampered with by attackers.
|
| CVE-2026-46657 |
|
Vulnerability in CVE-2026-46657 (CVE-2026-46657)
vulnerability in CVE-2026-46657 (CVE-2026-46657). Confidential information can be exposed externally.
|
| CVE-2026-46656 |
|
Vulnerability in CVE-2026-46656 (CVE-2026-46656)
vulnerability in CVE-2026-46656 (CVE-2026-46656). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46401 |
|
Vulnerability in CVE-2026-46401 (CVE-2026-46401)
vulnerability in CVE-2026-46401 (CVE-2026-46401). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53926 |
|
Vulnerability in nocodb (CVE-2026-53926)
vulnerability in nocodb (CVE-2026-53926). Risk of unauthorized operations or information disclosure. Exploitable via ``revokeAllOAuthTokensByUser``. Mitigation: upgrade to `2026.05.1` or later.
|
| CVE-2026-48726 |
|
Vulnerability in apache-airflow (CVE-2026-48726)
vulnerability in apache-airflow (CVE-2026-48726). Confidential information can be exposed externally. Exploitable via ``FabAuthManager``. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2026-9802 |
|
Vulnerability in org.keycloak:keycloak-services (CVE-2026-9802)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9802). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.3` or later.
|
| CVE-2026-8670 |
|
Vulnerability in avantra (CVE-2026-8670)
vulnerability in avantra (CVE-2026-8670). Successful exploitation can lead to full system takeover.
|
| CVE-2026-46554 |
|
Vulnerability in nocodb (CVE-2026-46554)
vulnerability in nocodb (CVE-2026-46554). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1815 |
|
Vulnerability in CVE-2026-1815 (CVE-2026-1815)
vulnerability in CVE-2026-1815 (CVE-2026-1815). Confidential information can be exposed externally.
|
| CVE-2026-44511 |
|
Vulnerability in katalyst-koi (CVE-2026-44511)
vulnerability in katalyst-koi (CVE-2026-44511). Confidential information can be exposed externally. Mitigation: upgrade to `5.6.0` or later.
|
| CVE-2026-22706 |
|
Vulnerability in @strapi/admin (CVE-2026-22706)
vulnerability in @strapi/admin (CVE-2026-22706). Confidential information can be exposed externally. Exploitable via `POST /api/auth/refresh`. Mitigation: upgrade to `5.33.3` or later.
|
| CVE-2026-5545 |
|
Vulnerability in haxx (CVE-2026-5545)
vulnerability in haxx (CVE-2026-5545). Data can be tampered with by attackers.
|
| CVE-2026-44648 |
|
Vulnerability in sillytavern (CVE-2026-44648)
vulnerability in sillytavern (CVE-2026-44648). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/users/change-password`. Mitigation: upgrade to `1.18.0` or later.
|
| CVE-2026-44873 |
|
Vulnerability in arubanetworks (CVE-2026-44873)
vulnerability in arubanetworks (CVE-2026-44873). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43983 |
|
Vulnerability in pocket-id (CVE-2026-43983)
vulnerability in pocket-id (CVE-2026-43983). Confidential information can be exposed externally. Mitigation: upgrade to `2.6.0` or later.
|
| CVE-2026-43911 |
|
Vulnerability in dani-garcia (CVE-2026-43911)
vulnerability in dani-garcia (CVE-2026-43911). Confidential information can be exposed externally. Mitigation: upgrade to `1.35.5` or later.
|
| CVE-2026-44553 |
|
Vulnerability in open-webui (CVE-2026-44553)
vulnerability in open-webui (CVE-2026-44553). Confidential information can be exposed externally. Exploitable via `POST /api/v1/users/{B_id}/update`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2026-41902 |
|
Vulnerability in laravel (CVE-2026-41902)
vulnerability in laravel (CVE-2026-41902). Confidential information can be exposed externally. Exploitable via `Referer header`.
|
| CVE-2026-40934 |
|
Vulnerability in jupyter-server (CVE-2026-40934)
vulnerability in jupyter-server (CVE-2026-40934). Confidential information can be exposed externally. Mitigation: upgrade to `2.18.0` or later.
|
| CVE-2026-41519 |
|
Vulnerability in weblate (CVE-2026-41519)
vulnerability in weblate (CVE-2026-41519). Risk of unauthorized operations or information disclosure. Exploitable via ``authtoken_token``. Mitigation: upgrade to `5.17.1` or later.
|
| CVE-2026-6848 |
|
Vulnerability in redhat (CVE-2026-6848)
vulnerability in redhat (CVE-2026-6848). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-50486 |
|
Vulnerability in phpgurukul (CVE-2025-50486)
vulnerability in phpgurukul (CVE-2025-50486). Confidential information can be exposed externally.
|
| CVE-2025-50485 |
|
Vulnerability in phpgurukul (CVE-2025-50485)
vulnerability in phpgurukul (CVE-2025-50485). Confidential information can be exposed externally.
|
| CVE-2025-50487 |
|
Vulnerability in phpgurukul (CVE-2025-50487)
vulnerability in phpgurukul (CVE-2025-50487). Confidential information can be exposed externally.
|
| CVE-2025-50484 |
|
Vulnerability in phpgurukul (CVE-2025-50484)
vulnerability in phpgurukul (CVE-2025-50484). Confidential information can be exposed externally.
|
| CVE-2025-50491 |
|
Vulnerability in phpgurukul (CVE-2025-50491)
vulnerability in phpgurukul (CVE-2025-50491). Confidential information can be exposed externally.
|