Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-58583 |
|
Privilege Escalation in privilege-escalation (CVE-2026-58583)
vulnerability in privilege-escalation (CVE-2026-58583). Confidential information can be exposed externally.
|
| CVE-2026-58473 |
|
Vulnerability in CVE-2026-58473 (CVE-2026-58473)
vulnerability in CVE-2026-58473 (CVE-2026-58473). Confidential information can be exposed externally.
|
| CVE-2026-58472 |
|
Vulnerability in c (CVE-2026-58472)
vulnerability in c (CVE-2026-58472). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58471 |
|
Vulnerability in c (CVE-2026-58471)
vulnerability in c (CVE-2026-58471). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58470 |
|
Vulnerability in c (CVE-2026-58470)
vulnerability in c (CVE-2026-58470). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-58469 |
|
Out-of-Bounds Read in c (CVE-2026-58469)
vulnerability in c (CVE-2026-58469). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-57172 |
|
Vulnerability in CVE-2026-57172 (CVE-2026-57172)
vulnerability in CVE-2026-57172 (CVE-2026-57172). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55647 |
|
Cross-Site Scripting (XSS) in vue (CVE-2026-55647)
cross-site scripting in vue (CVE-2026-55647). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55635 |
|
SQL Injection in CVE-2026-55635 (CVE-2026-55635)
SQL injection in CVE-2026-55635 (CVE-2026-55635). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55633 |
|
Unrestricted File Upload in CVE-2026-55633 (CVE-2026-55633)
vulnerability in CVE-2026-55633 (CVE-2026-55633). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55631 |
|
Path Traversal in path-traversal (CVE-2026-55631)
path traversal in path-traversal (CVE-2026-55631). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55592 |
|
Cross-Site Scripting (XSS) in CVE-2026-55592 (CVE-2026-55592)
cross-site scripting in CVE-2026-55592 (CVE-2026-55592). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-55417 |
|
Vulnerability in CVE-2026-55417 (CVE-2026-55417)
vulnerability in CVE-2026-55417 (CVE-2026-55417). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53751 |
|
Code Injection in CVE-2026-53751 (CVE-2026-53751)
code injection in CVE-2026-53751 (CVE-2026-53751). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53730 |
|
Vulnerability in CVE-2026-53730 (CVE-2026-53730)
vulnerability in CVE-2026-53730 (CVE-2026-53730). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53729 |
|
Vulnerability in CVE-2026-53729 (CVE-2026-53729)
vulnerability in CVE-2026-53729 (CVE-2026-53729). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53511 |
|
Code Injection in CVE-2026-53511 (CVE-2026-53511)
code injection in CVE-2026-53511 (CVE-2026-53511). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50530 |
|
Vulnerability in CVE-2026-50530 (CVE-2026-50530)
vulnerability in CVE-2026-50530 (CVE-2026-50530). Risk of unauthorized operations or information disclosure. Exploitable via `POST /de2api/chartData/getData.`.
|
| CVE-2026-50529 |
|
Authorization Flaw in CVE-2026-50529 (CVE-2026-50529)
vulnerability in CVE-2026-50529 (CVE-2026-50529). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50007 |
|
Vulnerability in CVE-2026-50007 (CVE-2026-50007)
vulnerability in CVE-2026-50007 (CVE-2026-50007). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49471 |
|
Vulnerability in flask (CVE-2026-49471)
vulnerability in flask (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
|
| GHSA-j8v8-g9cx-5qf4 |
|
Vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4)
vulnerability in @better-auth/scim (GHSA-j8v8-g9cx-5qf4). Risk of unauthorized operations or information disclosure. Exploitable via `POST /scim/generate-token`. Mitigation: upgrade to `1.7.0-beta.4` or later.
|
| GHSA-2vg6-77g8-24mp |
|
Vulnerability in better-auth (GHSA-2vg6-77g8-24mp)
vulnerability in better-auth (GHSA-2vg6-77g8-24mp). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /scim/v2/Users/`. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53518 |
|
Vulnerability in @better-auth/oauth-provider (CVE-2026-53518)
vulnerability in @better-auth/oauth-provider (CVE-2026-53518). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53513 |
|
Vulnerability in @better-auth/sso (CVE-2026-53513)
vulnerability in @better-auth/sso (CVE-2026-53513). Risk of unauthorized operations or information disclosure. Exploitable via `POST /sso/register`. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53517 |
|
Vulnerability in @better-auth/oauth-provider (CVE-2026-53517)
vulnerability in @better-auth/oauth-provider (CVE-2026-53517). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/token`. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-9h47-pqcx-hjr4 |
|
Vulnerability in better-auth (GHSA-9h47-pqcx-hjr4)
vulnerability in better-auth (GHSA-9h47-pqcx-hjr4). Risk of unauthorized operations or information disclosure. Exploitable via `Referer header`. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-86j7-9j95-vpqj |
|
Cross-Site Scripting (XSS) in better-auth (GHSA-86j7-9j95-vpqj)
cross-site scripting in better-auth (GHSA-86j7-9j95-vpqj). Risk of unauthorized operations or information disclosure. Exploitable via `POST /oauth2/register`. Mitigation: upgrade to `1.7.0-beta.4` or later.
|
| CVE-2026-53516 |
|
Authentication Bypass in better-auth (CVE-2026-53516)
authentication bypass in better-auth (CVE-2026-53516). Risk of unauthorized operations or information disclosure. Exploitable via ``next``. Mitigation: upgrade to `1.6.11` or later.
|
| CVE-2026-53514 |
|
Authentication Bypass in better-auth (CVE-2026-53514)
authentication bypass in better-auth (CVE-2026-53514). Risk of unauthorized operations or information disclosure. Exploitable via ``organization``. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-p2fr-6hmx-4528 |
|
Vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528)
vulnerability in @better-auth/oauth-provider (GHSA-p2fr-6hmx-4528). Risk of unauthorized operations or information disclosure. Exploitable via ``aud``. Mitigation: upgrade to `1.7.0-beta.4` or later.
|
| CVE-2026-58468 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-58468 (CVE-2026-58468)
SSRF in CVE-2026-58468 (CVE-2026-58468). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44877 |
|
Information Disclosure in CVE-2026-44877 (CVE-2026-44877)
vulnerability in CVE-2026-44877 (CVE-2026-44877). Confidential information can be exposed externally.
|
| CVE-2026-53512 |
|
Authentication Bypass in better-auth (CVE-2026-53512)
authentication bypass in better-auth (CVE-2026-53512). Risk of unauthorized operations or information disclosure. Exploitable via ``oauthApplication``. Mitigation: upgrade to `1.6.11` or later.
|
| GHSA-7856-g3gv-9wq8 |
|
Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-7856-g3gv-9wq8). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
|
| GHSA-3g4q-2f67-2gvh |
|
Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-3g4q-2f67-2gvh). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
|
| GHSA-59qp-cfj3-rp64 |
|
Vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64)
vulnerability in github.com/tinfoil-factory/netfoil (GHSA-59qp-cfj3-rp64). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.3.0` or later.
|
| GHSA-fqf6-gxhh-2xhw |
|
Vulnerability in uucore (GHSA-fqf6-gxhh-2xhw)
vulnerability in uucore (GHSA-fqf6-gxhh-2xhw). Risk of unauthorized operations or information disclosure. Exploitable via ``determine_backup_mode``. Mitigation: upgrade to `0.6.0` or later.
|
| CVE-2026-53509 |
|
SSRF (Server-Side Request Forgery) in @aborruso/ckan-mcp-server (CVE-2026-53509)
SSRF in @aborruso/ckan-mcp-server (CVE-2026-53509). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `0.4.106` or later.
|
| CVE-2026-7017 |
|
Vulnerability in CVE-2026-7017 (CVE-2026-7017)
vulnerability in CVE-2026-7017 (CVE-2026-7017). Confidential information can be exposed externally. Exploitable via `Authorization header`.
|
| CVE-2026-59708 |
|
Vulnerability in CVE-2026-59708 (CVE-2026-59708)
vulnerability in CVE-2026-59708 (CVE-2026-59708). Confidential information can be exposed externally. Exploitable via `GET /api/v1/public/`.
|
| CVE-2026-48958 |
|
Vulnerability in CVE-2026-48958 (CVE-2026-48958)
vulnerability in CVE-2026-48958 (CVE-2026-48958). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48957 |
|
An improper access check allows unauthorized users to access com_privacy datasets.
An improper access check allows unauthorized users to access com_privacy datasets.
|
| CVE-2026-48956 |
|
An improper access check allows users to display a list of modules in the frontend.
An improper access check allows users to display a list of modules in the frontend.
|
| CVE-2026-48955 |
|
Vulnerability in CVE-2026-48955 (CVE-2026-48955)
vulnerability in CVE-2026-48955 (CVE-2026-48955). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48954 |
|
Improper validation leads to a generic XSS vector in the language override feature.
Improper validation leads to a generic XSS vector in the language override feature.
|
| CVE-2026-48953 |
|
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
Lack of escaping leads to an XSS vulnerability in the generic image output layout.
|
| CVE-2026-48952 |
|
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
Lack of escaping leads to an XSS vulnerability in the update list view of com_installer.
|
| CVE-2026-48951 |
|
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components.
|
| CVE-2026-48950 |
|
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
Lack of escaping leads to an XSS vulnerability in the file management view of com_templates.
|