Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-58116 |
|
Code Injection in hiyouga (CVE-2026-58116)
code injection in hiyouga (CVE-2026-58116). Successful exploitation can lead to full system takeover.
|
| CVE-2026-13751 |
|
Vulnerability in snowflake (CVE-2026-13751)
vulnerability in snowflake (CVE-2026-13751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55698 |
|
Vulnerability in pnpm (CVE-2026-55698)
vulnerability in pnpm (CVE-2026-55698). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55697 |
|
OS Command Injection in pnpm (CVE-2026-55697)
OS command injection in pnpm (CVE-2026-55697). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
|
| CVE-2026-55487 |
|
Vulnerability in pnpm (CVE-2026-55487)
vulnerability in pnpm (CVE-2026-55487). Successful exploitation can lead to full system takeover. Exploitable via ``bf1b731ee6``. Mitigation: upgrade to `10.34.2` or later.
|
| CVE-2026-56447 |
|
Vulnerability in misp-project (CVE-2026-56447)
vulnerability in misp-project (CVE-2026-56447). Successful exploitation can lead to full system takeover.
|
| CVE-2026-50195 |
|
Vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195)
vulnerability in Amazon github.com/containerd/containerd/v2 (CVE-2026-50195). Successful exploitation can lead to full system takeover. Exploitable via ``IfNotPresent``. Mitigation: upgrade to `2.3.2` or later.
|
| CVE-2026-46580 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-46580)
vulnerability in @theia/ai-chat-ui (CVE-2026-46580). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-44691 |
|
Vulnerability in @theia/debug (CVE-2026-44691)
vulnerability in @theia/debug (CVE-2026-44691). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.69.0` or later.
|
| CVE-2026-44688 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-44688)
vulnerability in @theia/ai-chat-ui (CVE-2026-44688). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-22551 |
|
Vulnerability in @theia/ai-chat-ui (CVE-2026-22551)
vulnerability in @theia/ai-chat-ui (CVE-2026-22551). Confidential information can be exposed externally. Mitigation: upgrade to `1.71.0` or later.
|
| CVE-2026-22283 |
|
Vulnerability in dell (CVE-2026-22283)
vulnerability in dell (CVE-2026-22283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-54325 |
|
Vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325)
vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325). Risk of unauthorized operations or information disclosure. Exploitable via ``project_trust``. Mitigation: upgrade to `0.79.0` or later.
|
| CVE-2026-48124 |
|
Code Injection in CVE-2026-48124 (CVE-2026-48124)
code injection in CVE-2026-48124 (CVE-2026-48124). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-12057 |
|
Vulnerability in foxit (CVE-2026-12057)
vulnerability in foxit (CVE-2026-12057). Successful exploitation can lead to full system takeover.
|
| CVE-2026-53810 |
|
OS Command Injection in openclaw (CVE-2026-53810)
OS command injection in openclaw (CVE-2026-53810). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2026.5.18` or later.
|
| CVE-2026-52858 |
|
Code Injection in vim (CVE-2026-52858)
code injection in vim (CVE-2026-52858). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47174 |
|
Vulnerability in CVE-2026-47174 (CVE-2026-47174)
vulnerability in CVE-2026-47174 (CVE-2026-47174). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47172 |
|
Vulnerability in CVE-2026-47172 (CVE-2026-47172)
vulnerability in CVE-2026-47172 (CVE-2026-47172). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46529 |
|
Command Injection in c (CVE-2026-46529)
command injection in c (CVE-2026-46529). Successful exploitation can lead to full system takeover. Exploitable via ``g_shell_quote``. Mitigation: upgrade to `1.6.2` or later.
|
| CVE-2026-47292 |
|
Code Injection in microsoft (CVE-2026-47292)
code injection in microsoft (CVE-2026-47292). Successful exploitation can lead to full system takeover.
|
| CVE-2026-11269 |
|
Vulnerability in google (CVE-2026-11269)
vulnerability in google (CVE-2026-11269). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8879 |
|
Vulnerability in securly (CVE-2026-8879)
vulnerability in securly (CVE-2026-8879). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5241 |
|
Vulnerability in huggingface (CVE-2026-5241)
vulnerability in huggingface (CVE-2026-5241). Successful exploitation can lead to full system takeover. Exploitable via ``trust_remote_code``.
|
| CVE-2022-49042 |
|
Vulnerability in synology (CVE-2022-49042)
vulnerability in synology (CVE-2022-49042). Successful exploitation can lead to full system takeover.
|
| CVE-2022-49036 |
|
Vulnerability in synology (CVE-2022-49036)
vulnerability in synology (CVE-2022-49036). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44358 |
|
Vulnerability in CVE-2026-44358 (CVE-2026-44358)
vulnerability in CVE-2026-44358 (CVE-2026-44358). Data can be tampered with by attackers. Mitigation: upgrade to `1.0.1` or later.
|
| CVE-2026-42089 |
|
Vulnerability in yeoman-environment (CVE-2026-42089)
vulnerability in yeoman-environment (CVE-2026-42089). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.0.1` or later.
|
| CVE-2026-5817 |
|
Vulnerability in docker (CVE-2026-5817)
vulnerability in docker (CVE-2026-5817). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5843 |
|
Vulnerability in docker (CVE-2026-5843)
vulnerability in docker (CVE-2026-5843). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-7373 |
|
Vulnerability in privilege-escalation (CVE-2026-7373)
vulnerability in privilege-escalation (CVE-2026-7373). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43999 |
|
Authorization Flaw in vm2 (CVE-2026-43999)
vulnerability in vm2 (CVE-2026-43999). Successful exploitation can lead to full system takeover. Exploitable via ``builtin``. Mitigation: upgrade to `3.11.0` or later.
|
| CVE-2026-44995 |
|
Vulnerability in openclaw (CVE-2026-44995)
vulnerability in openclaw (CVE-2026-44995). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.20` or later.
|
| CVE-2026-45184 |
|
Vulnerability in CVE-2026-45184 (CVE-2026-45184)
vulnerability in CVE-2026-45184 (CVE-2026-45184). Confidential information can be exposed externally.
|
| CVE-2026-44336 |
|
Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
|
| CVE-2026-43944 |
|
Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
|
| CVE-2026-43940 |
|
Path Traversal in electerm (CVE-2026-43940)
path traversal in electerm (CVE-2026-43940). Successful exploitation can lead to full system takeover. Exploitable via ``runWidget``. Mitigation: upgrade to `3.7.16` or later.
|
| CVE-2026-44312 |
|
Vulnerability in css_parser (CVE-2026-44312)
vulnerability in css_parser (CVE-2026-44312). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.22.0` or later.
|
| CVE-2026-44484 |
|
Vulnerability in pytorch-lightning (CVE-2026-44484)
vulnerability in pytorch-lightning (CVE-2026-44484). Successful exploitation can lead to full system takeover.
|
| CVE-2026-43003 |
|
OS Command Injection in ironic-python-agent (CVE-2026-43003)
OS command injection in ironic-python-agent (CVE-2026-43003). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `11.6.0` or later.
|
| CVE-2026-42510 |
|
Vulnerability in ironic (CVE-2026-42510)
vulnerability in ironic (CVE-2026-42510). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `35.0.1` or later.
|
| CVE-2026-41355 |
|
Vulnerability in openclaw (CVE-2026-41355)
vulnerability in openclaw (CVE-2026-41355). Successful exploitation can lead to full system takeover.
|
| CVE-2026-6859 |
|
Vulnerability in redhat (CVE-2026-6859)
vulnerability in redhat (CVE-2026-6859). Successful exploitation can lead to full system takeover. Exploitable via ``linux_train.py``.
|
| CVE-2026-41253 |
|
Vulnerability in c (CVE-2026-41253)
vulnerability in c (CVE-2026-41253). Confidential information can be exposed externally.
|
| CVE-2026-40959 |
|
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.
|
| CVE-2026-22217 |
|
Vulnerability in openclaw (CVE-2026-22217)
vulnerability in openclaw (CVE-2026-22217). Data can be tampered with by attackers. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.2.23` or later.
|
| CVE-2026-28500 |
|
Vulnerability in onnx (CVE-2026-28500)
vulnerability in onnx (CVE-2026-28500). Confidential information can be exposed externally. Mitigation: upgrade to `1.21.0rc1` or later.
|
| CVE-2026-4255 |
|
Vulnerability in thermalright (CVE-2026-4255)
vulnerability in thermalright (CVE-2026-4255). Successful exploitation can lead to full system takeover.
|