Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-13676 |
|
Vulnerability in openjsf (CVE-2026-13676)
vulnerability in openjsf (CVE-2026-13676). Data can be tampered with by attackers.
|
| CVE-2026-10796 |
|
OS Command Injection in openjsf (CVE-2026-10796)
OS command injection in openjsf (CVE-2026-10796). Successful exploitation can lead to full system takeover. Exploitable via ``eval``.
|
| CVE-2026-25244 |
|
OS Command Injection in @wdio/browserstack-service (CVE-2026-25244)
OS command injection in @wdio/browserstack-service (CVE-2026-25244). Successful exploitation can lead to full system takeover. Exploitable via ``source``. Mitigation: upgrade to `9.24.0` or later.
|
| CVE-2026-6322 |
|
Vulnerability in fast-uri (CVE-2026-6322)
vulnerability in fast-uri (CVE-2026-6322). Data can be tampered with by attackers. Exploitable via ``evil.com``. Mitigation: upgrade to `3.1.2` or later.
|
| CVE-2026-6321 |
|
Path Traversal in fast-uri (CVE-2026-6321)
path traversal in fast-uri (CVE-2026-6321). Data can be tampered with by attackers. Mitigation: upgrade to `3.1.1` or later.
|
| CVE-2014-6393 |
|
Cross-Site Scripting (XSS) in express (CVE-2014-6393)
cross-site scripting in express (CVE-2014-6393). Risk of unauthorized operations or information disclosure.
|
| CVE-2015-8856 |
|
Cross-Site Scripting (XSS) in openjsf (CVE-2015-8856)
cross-site scripting in openjsf (CVE-2015-8856). Risk of unauthorized operations or information disclosure.
|