Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-915 Clear
ID Title
CVE-2026-54601 Vulnerability in CVE-2026-54601 (CVE-2026-54601)
vulnerability in CVE-2026-54601 (CVE-2026-54601). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/core/dataset/collection/create/reTrainingCollection`.
CVE-2026-43925 Vulnerability in CVE-2026-43925 (CVE-2026-43925)
vulnerability in CVE-2026-43925 (CVE-2026-43925). Risk of unauthorized operations or information disclosure.
CVE-2026-50281 Vulnerability in craftcms/cms (CVE-2026-50281)
vulnerability in craftcms/cms (CVE-2026-50281). Risk of unauthorized operations or information disclosure. Exploitable via ``newAttributes``. Mitigation: upgrade to `5.9.21` or later.
CVE-2026-50160 Vulnerability in hoppscotch (CVE-2026-50160)
vulnerability in hoppscotch (CVE-2026-50160). Confidential information can be exposed externally. Exploitable via `POST /v1/onboarding/config`.
CVE-2026-55223 Unsafe Deserialization in apache (CVE-2026-55223)
vulnerability in apache (CVE-2026-55223). Risk of unauthorized operations or information disclosure.
CVE-2026-48943 Vulnerability in c (CVE-2026-48943)
vulnerability in c (CVE-2026-48943). Risk of unauthorized operations or information disclosure. Exploitable via ``plg_user_k2``.
CVE-2026-45687 Vulnerability in CVE-2026-45687 (CVE-2026-45687)
vulnerability in CVE-2026-45687 (CVE-2026-45687). Confidential information can be exposed externally. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-54515 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54515)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54515). Risk of unauthorized operations or information disclosure. Exploitable via ``contextual``. Mitigation: upgrade to `2.18.9` or later.
CVE-2026-54516 Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54516). Risk of unauthorized operations or information disclosure. Exploitable via ``MapperFeature.INFER_PROPERTY_MUTATORS``. Mitigation: upgrade to `3.1.4` or later.
CVE-2026-55736 Vulnerability in privilege-escalation (CVE-2026-55736)
vulnerability in privilege-escalation (CVE-2026-55736). Risk of unauthorized operations or information disclosure.
CVE-2026-54351 Vulnerability in @budibase/server (CVE-2026-54351)
vulnerability in @budibase/server (CVE-2026-54351). Confidential information can be exposed externally. Exploitable via `POST /api/webhooks/trigger/`. Mitigation: upgrade to `3.39.9` or later.
CVE-2026-56276 Vulnerability in CVE-2026-56276 (CVE-2026-56276)
vulnerability in CVE-2026-56276 (CVE-2026-56276). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/user`.
CVE-2026-56142 Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
CVE-2026-42540 Vulnerability in CVE-2026-42540 (CVE-2026-42540)
vulnerability in CVE-2026-42540 (CVE-2026-42540). Risk of unauthorized operations or information disclosure.
CVE-2026-44495 Code Injection in axios (CVE-2026-44495)
code injection in axios (CVE-2026-44495). Confidential information can be exposed externally. Exploitable via ``Object.prototype.transformResponse``. Mitigation: upgrade to `1.15.0` or later.
CVE-2026-44494 Vulnerability in axios (CVE-2026-44494)
vulnerability in axios (CVE-2026-44494). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `1.15.0` or later.
CVE-2026-48150 Vulnerability in @budibase/server (CVE-2026-48150)
vulnerability in @budibase/server (CVE-2026-48150). Confidential information can be exposed externally. Exploitable via `GET /api/global/self/api_key`. Mitigation: upgrade to `3.39.0` or later.
CVE-2026-8327 Privilege Escalation in concrete5/concrete5 (CVE-2026-8327)
vulnerability in concrete5/concrete5 (CVE-2026-8327). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-47102 Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
CVE-2026-46625 Vulnerability in js-cookie (CVE-2026-46625)
vulnerability in js-cookie (CVE-2026-46625). Data can be tampered with by attackers. Exploitable via ``for...in``. Mitigation: upgrade to `3.0.7` or later.
CVE-2026-46517 Code Injection in lmdeploy (CVE-2026-46517)
code injection in lmdeploy (CVE-2026-46517). Successful exploitation can lead to full system takeover. Exploitable via ``get_model_arch``.
CVE-2026-6366 Vulnerability in drupal (CVE-2026-6366)
vulnerability in drupal (CVE-2026-6366). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.5.9, 10.6.7, 11.2.11, 11.3.7` or later.
CVE-2026-46721 Vulnerability in evoweb/sf-register (CVE-2026-46721)
vulnerability in evoweb/sf-register (CVE-2026-46721). Risk of unauthorized operations or information disclosure. Exploitable via ``create``. Mitigation: upgrade to `13.2.4` or later.
CVE-2026-45396 Vulnerability in open-webui (CVE-2026-45396)
vulnerability in open-webui (CVE-2026-45396). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/evaluations/feedback`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45058 Vulnerability in electerm (CVE-2026-45058)
vulnerability in electerm (CVE-2026-45058). Risk of unauthorized operations or information disclosure.
CVE-2026-46480 Vulnerability in flowise (CVE-2026-46480)
vulnerability in flowise (CVE-2026-46480). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluators/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46479 Vulnerability in flowise (CVE-2026-46479)
vulnerability in flowise (CVE-2026-46479). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/evaluations/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46478 Vulnerability in flowise (CVE-2026-46478)
vulnerability in flowise (CVE-2026-46478). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasetrows/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46477 Vulnerability in flowise (CVE-2026-46477)
vulnerability in flowise (CVE-2026-46477). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/datasets/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46476 Vulnerability in flowise (CVE-2026-46476)
vulnerability in flowise (CVE-2026-46476). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/customtemplates/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46475 Vulnerability in flowise (CVE-2026-46475)
vulnerability in flowise (CVE-2026-46475). Successful exploitation can lead to full system takeover. Exploitable via `PUT /api/v1/assistants/`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46441 Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42863 Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42862 Vulnerability in flowise (CVE-2026-42862)
vulnerability in flowise (CVE-2026-42862). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/tools/{toolId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42861 Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-45229 Vulnerability in CVE-2026-45229 (CVE-2026-45229)
vulnerability in CVE-2026-45229 (CVE-2026-45229). Successful exploitation can lead to full system takeover. Exploitable via `POST /update`.
CVE-2026-44635 Vulnerability in kysely (CVE-2026-44635)
vulnerability in kysely (CVE-2026-44635). Confidential information can be exposed externally. Exploitable via ``DefaultQueryCompiler.visitJSONPathLeg``. Mitigation: upgrade to `0.28.17` or later.
CVE-2026-31252 Code Injection in deserialization (CVE-2026-31252)
code injection in deserialization (CVE-2026-31252). Risk of unauthorized operations or information disclosure.
CVE-2026-31251 Vulnerability in deserialization (CVE-2026-31251)
vulnerability in deserialization (CVE-2026-31251). Risk of unauthorized operations or information disclosure.
CVE-2025-69690 Unsafe Deserialization in deserialization (CVE-2025-69690)
vulnerability in deserialization (CVE-2025-69690). Successful exploitation can lead to full system takeover.
CVE-2025-69691 Vulnerability in pfsense (CVE-2025-69691)
vulnerability in pfsense (CVE-2025-69691). Successful exploitation can lead to full system takeover.
CVE-2026-42264 Vulnerability in axios (CVE-2026-42264)
vulnerability in axios (CVE-2026-42264). Confidential information can be exposed externally. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `1.15.2` or later.
CVE-2026-41139 Vulnerability in mathjs (CVE-2026-41139)
vulnerability in mathjs (CVE-2026-41139). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
CVE-2026-33453 Vulnerability in apache (CVE-2026-33453)
vulnerability in apache (CVE-2026-33453). Successful exploitation can lead to full system takeover.
CVE-2026-42041 Authentication Bypass in axios (CVE-2026-42041)
authentication bypass in axios (CVE-2026-42041). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.1` or later.
CVE-2026-42044 Vulnerability in privilege-escalation (CVE-2026-42044)
vulnerability in privilege-escalation (CVE-2026-42044). Data can be tampered with by attackers. Mitigation: upgrade to `1.15.2` or later.
CVE-2026-42033 Vulnerability in axios (CVE-2026-42033)
vulnerability in axios (CVE-2026-42033). Confidential information can be exposed externally. Mitigation: upgrade to `1.15.1` or later.
CVE-2026-40897 Vulnerability in mathjs (CVE-2026-40897)
vulnerability in mathjs (CVE-2026-40897). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `15.2.0` or later.
CVE-2026-40175 Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.
CVE-2026-33228 Vulnerability in webreflection (CVE-2026-33228)
vulnerability in webreflection (CVE-2026-33228). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →