Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-58583 Privilege Escalation in privilege-escalation (CVE-2026-58583)
vulnerability in privilege-escalation (CVE-2026-58583). Confidential information can be exposed externally.
CVE-2026-58473 Vulnerability in CVE-2026-58473 (CVE-2026-58473)
vulnerability in CVE-2026-58473 (CVE-2026-58473). Confidential information can be exposed externally.
CVE-2026-58472 Vulnerability in c (CVE-2026-58472)
vulnerability in c (CVE-2026-58472). Risk of unauthorized operations or information disclosure.
CVE-2026-58471 Vulnerability in c (CVE-2026-58471)
vulnerability in c (CVE-2026-58471). Risk of unauthorized operations or information disclosure.
CVE-2026-58470 Vulnerability in c (CVE-2026-58470)
vulnerability in c (CVE-2026-58470). Risk of unauthorized operations or information disclosure.
CVE-2026-58469 Out-of-Bounds Read in c (CVE-2026-58469)
vulnerability in c (CVE-2026-58469). Risk of unauthorized operations or information disclosure.
CVE-2026-57172 Vulnerability in CVE-2026-57172 (CVE-2026-57172)
vulnerability in CVE-2026-57172 (CVE-2026-57172). Risk of unauthorized operations or information disclosure.
CVE-2026-55647 Cross-Site Scripting (XSS) in vue (CVE-2026-55647)
cross-site scripting in vue (CVE-2026-55647). Risk of unauthorized operations or information disclosure.
CVE-2026-55635 SQL Injection in CVE-2026-55635 (CVE-2026-55635)
SQL injection in CVE-2026-55635 (CVE-2026-55635). Risk of unauthorized operations or information disclosure.
CVE-2026-55633 Unrestricted File Upload in CVE-2026-55633 (CVE-2026-55633)
vulnerability in CVE-2026-55633 (CVE-2026-55633). Risk of unauthorized operations or information disclosure.
CVE-2026-55631 Path Traversal in path-traversal (CVE-2026-55631)
path traversal in path-traversal (CVE-2026-55631). Risk of unauthorized operations or information disclosure.
CVE-2026-55592 Cross-Site Scripting (XSS) in CVE-2026-55592 (CVE-2026-55592)
cross-site scripting in CVE-2026-55592 (CVE-2026-55592). Risk of unauthorized operations or information disclosure.
CVE-2026-55417 Vulnerability in CVE-2026-55417 (CVE-2026-55417)
vulnerability in CVE-2026-55417 (CVE-2026-55417). Risk of unauthorized operations or information disclosure.
CVE-2026-53751 Code Injection in CVE-2026-53751 (CVE-2026-53751)
code injection in CVE-2026-53751 (CVE-2026-53751). Risk of unauthorized operations or information disclosure.
CVE-2026-53730 Vulnerability in CVE-2026-53730 (CVE-2026-53730)
vulnerability in CVE-2026-53730 (CVE-2026-53730). Risk of unauthorized operations or information disclosure.
CVE-2026-53729 Vulnerability in CVE-2026-53729 (CVE-2026-53729)
vulnerability in CVE-2026-53729 (CVE-2026-53729). Risk of unauthorized operations or information disclosure.
CVE-2026-53511 Code Injection in CVE-2026-53511 (CVE-2026-53511)
code injection in CVE-2026-53511 (CVE-2026-53511). Risk of unauthorized operations or information disclosure.
CVE-2026-50530 Vulnerability in CVE-2026-50530 (CVE-2026-50530)
vulnerability in CVE-2026-50530 (CVE-2026-50530). Risk of unauthorized operations or information disclosure. Exploitable via `POST /de2api/chartData/getData.`.
CVE-2026-50529 Authorization Flaw in CVE-2026-50529 (CVE-2026-50529)
vulnerability in CVE-2026-50529 (CVE-2026-50529). Risk of unauthorized operations or information disclosure.
CVE-2026-50007 Vulnerability in CVE-2026-50007 (CVE-2026-50007)
vulnerability in CVE-2026-50007 (CVE-2026-50007). Risk of unauthorized operations or information disclosure.
CVE-2026-49471 Vulnerability in flask (CVE-2026-49471)
vulnerability in flask (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
GHSA-j8v8-g9cx-5qf4 Vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4)
vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4). Risk of unauthorized operations or information disclosure. Exploitable via `POST /scim/generate-token`. Mitigation: upgrade to `1.7.0-beta.4` or later.
GHSA-2vg6-77g8-24mp Vulnerability in better-auth (GHSA-2vg6-77g8-24mp)
vulnerability in better-auth (GHSA-2vg6-77g8-24mp). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /scim/v2/Users/`. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53518 Vulnerability in @better-auth/oauth-provider (CVE-2026-53518)
vulnerability in @better-auth/oauth-provider (CVE-2026-53518). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53513 Vulnerability in @better-auth/sso (CVE-2026-53513)
vulnerability in @better-auth/sso (CVE-2026-53513). Risk of unauthorized operations or information disclosure. Exploitable via `POST /sso/register`. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53517 Vulnerability in @better-auth/oauth-provider (CVE-2026-53517)
vulnerability in @better-auth/oauth-provider (CVE-2026-53517). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
GHSA-9h47-pqcx-hjr4 Vulnerability in better-auth (GHSA-9h47-pqcx-hjr4)
vulnerability in better-auth (GHSA-9h47-pqcx-hjr4). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `1.6.11` or later.
GHSA-86j7-9j95-vpqj Cross-Site Scripting (XSS) in better-auth (GHSA-86j7-9j95-vpqj)
cross-site scripting in better-auth (GHSA-86j7-9j95-vpqj). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/register`. Mitigation: upgrade to `1.7.0-beta.4` or later.
CVE-2026-53516 Authentication Bypass in better-auth (CVE-2026-53516)
authentication bypass in better-auth (CVE-2026-53516). Risk of unauthorized operations or information disclosure. Exploitable via ``next``. Mitigation: upgrade to `1.6.11` or later.
CVE-2026-53514 Authentication Bypass in better-auth (CVE-2026-53514)
authentication bypass in better-auth (CVE-2026-53514). Risk of unauthorized operations or information disclosure. Exploitable via ``organization``. Mitigation: upgrade to `1.6.11` or later.
GHSA-p2fr-6hmx-4528 Vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528)
vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528). Risk of unauthorized operations or information disclosure. Exploitable via ``aud``. Mitigation: upgrade to `1.7.0-beta.4` or later.
CVE-2026-58468 SSRF (Server-Side Request Forgery) in CVE-2026-58468 (CVE-2026-58468)
SSRF in CVE-2026-58468 (CVE-2026-58468). Risk of unauthorized operations or information disclosure.
CVE-2026-44877 Information Disclosure in CVE-2026-44877 (CVE-2026-44877)
vulnerability in CVE-2026-44877 (CVE-2026-44877). Confidential information can be exposed externally.
CVE-2026-53512 Authentication Bypass in better-auth (CVE-2026-53512)
authentication bypass in better-auth (CVE-2026-53512). Risk of unauthorized operations or information disclosure. Exploitable via ``oauthApplication``. Mitigation: upgrade to `1.6.11` or later.
GHSA-7856-g3gv-9wq8 Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
GHSA-3g4q-2f67-2gvh Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
GHSA-59qp-cfj3-rp64 Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
GHSA-fqf6-gxhh-2xhw Vulnerability in uucore (GHSA-fqf6-gxhh-2xhw)
vulnerability in uucore (GHSA-fqf6-gxhh-2xhw). Risk of unauthorized operations or information disclosure. Exploitable via ``determine_backup_mode``. Mitigation: upgrade to `0.6.0` or later.
CVE-2026-53509 SSRF (Server-Side Request Forgery) in @aborruso/ckan-mcp-server (CVE-2026-53509)
SSRF in @aborruso/ckan-mcp-server (CVE-2026-53509). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `0.4.106` or later.
CVE-2026-7017 Vulnerability in CVE-2026-7017 (CVE-2026-7017)
vulnerability in CVE-2026-7017 (CVE-2026-7017). Confidential information can be exposed externally. Exploitable via `Authorization header`.
CVE-2026-59708 Vulnerability in CVE-2026-59708 (CVE-2026-59708)
vulnerability in CVE-2026-59708 (CVE-2026-59708). Confidential information can be exposed externally. Exploitable via `GET /api/v1/public/`.
CVE-2026-48958 Vulnerability in CVE-2026-48958 (CVE-2026-48958)
vulnerability in CVE-2026-48958 (CVE-2026-48958). Risk of unauthorized operations or information disclosure.
CVE-2026-48957 An improper access check allows unauthorized users to access com_privacy datasets.
An improper access check allows unauthorized users to access com_privacy datasets.
CVE-2026-48956 An improper access check allows users to display a list of modules in the frontend.
An improper access check allows users to display a list of modules in the frontend.
CVE-2026-48955 Vulnerability in CVE-2026-48955 (CVE-2026-48955)
vulnerability in CVE-2026-48955 (CVE-2026-48955). Risk of unauthorized operations or information disclosure.
CVE-2026-48954 Improper validation leads to a generic XSS vector in the language override feature.
Improper validation leads to a generic XSS vector in the language override feature.
CVE-2026-48953 Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
CVE-2026-48952 Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
CVE-2026-48951 Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
CVE-2026-48950 Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →