Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-55647 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-55647)
cross-site scripting in vue (CVE-2026-55647). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59102 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-59102)
cross-site scripting in vue (CVE-2026-59102). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58034 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-58034)
cross-site scripting in vue (CVE-2026-58034). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58035 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-58035)
cross-site scripting in vue (CVE-2026-58035). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58176 |
|
Vulnerability in vue (CVE-2026-58176)
vulnerability in vue (CVE-2026-58176). Data can be tampered with by attackers.
|
| CVE-2026-57958 |
|
Cross-Site Scripting (XSS) in laravel (CVE-2026-57958)
cross-site scripting in laravel (CVE-2026-57958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57950 |
|
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
|
| CVE-2026-57949 |
|
Vulnerability in vue (CVE-2026-57949)
vulnerability in vue (CVE-2026-57949). Confidential information can be exposed externally. Exploitable via `GET /admin-api/crm/follow-up-record/get`.
|
| CVE-2026-36848 |
|
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
Gigamon GVOS v5.16.1 and below is vulnerable to Directory Traversal in the GVOS H-VUE subsystem.
|
| CVE-2026-13528 |
|
Path Traversal in vue (CVE-2026-13528)
path traversal in vue (CVE-2026-13528). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48787 |
|
OS Command Injection in vue (CVE-2026-48787)
OS command injection in vue (CVE-2026-48787). Risk of unauthorized operations or information disclosure. Exploitable via `POST /autoCode/addFunc`.
|
| CVE-2026-53721 |
|
Vulnerability in nuxt (CVE-2026-53721)
vulnerability in nuxt (CVE-2026-53721). Confidential information can be exposed externally. Exploitable via ``routeRules``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-53722 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-53722)
cross-site scripting in nuxt (CVE-2026-53722). Risk of unauthorized operations or information disclosure. Exploitable via ``href``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-49993 |
|
Vulnerability in @nuxt/webpack-builder (CVE-2026-49993)
vulnerability in @nuxt/webpack-builder (CVE-2026-49993). Confidential information can be exposed externally. Exploitable via ``Origin``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-10173 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-10173)
cross-site scripting in vue (CVE-2026-10173). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47200 |
|
Vulnerability in nuxt (CVE-2026-47200)
vulnerability in nuxt (CVE-2026-47200). Risk of unauthorized operations or information disclosure. Exploitable via ``experimental.componentIslands``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-9374 |
|
Vulnerability in vue (CVE-2026-9374)
vulnerability in vue (CVE-2026-9374). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46342 |
|
Cross-Site Scripting (XSS) in nuxt (CVE-2026-46342)
cross-site scripting in nuxt (CVE-2026-46342). Risk of unauthorized operations or information disclosure. Exploitable via ``props``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45670 |
|
Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-45669 |
|
Vulnerability in nuxt (CVE-2026-45669)
vulnerability in nuxt (CVE-2026-45669). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-23695 |
|
Cross-Site Scripting (XSS) in cockpit-hq/cockpit (CVE-2026-23695)
cross-site scripting in cockpit-hq/cockpit (CVE-2026-23695). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44589 |
|
SSRF (Server-Side Request Forgery) in nuxt-og-image (CVE-2026-44589)
SSRF in nuxt-og-image (CVE-2026-44589). Risk of unauthorized operations or information disclosure. Exploitable via ``isBlockedUrl``. Mitigation: upgrade to `6.4.9` or later.
|
| CVE-2026-45228 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-45228)
cross-site scripting in vue (CVE-2026-45228). Risk of unauthorized operations or information disclosure. Exploitable via `POST /update`.
|
| CVE-2026-44245 |
|
Cross-Site Scripting (XSS) in github.com/kyverno/policy-reporter-ui (CVE-2026-44245)
cross-site scripting in github.com/kyverno/policy-reporter-ui (CVE-2026-44245). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.2` or later.
|
| CVE-2026-43900 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-43900)
cross-site scripting in vue (CVE-2026-43900). Confidential information can be exposed externally. Mitigation: upgrade to `1.0.4-beta.1` or later.
|