Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-44557 |
|
Authorization Flaw in open-webui (CVE-2026-44557)
vulnerability in open-webui (CVE-2026-44557). Risk of unauthorized operations or information disclosure. Exploitable via `POST /query/doc`. Mitigation: upgrade to `0.9.0` or later.
|
| CVE-2025-66170 |
|
Authorization Flaw in apache (CVE-2025-66170)
vulnerability in apache (CVE-2025-66170). Confidential information can be exposed externally.
|
| CVE-2026-40213 |
|
Authorization Flaw in openstack-cyborg (CVE-2026-40213)
vulnerability in openstack-cyborg (CVE-2026-40213). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.0.1` or later.
|
| CVE-2026-44283 |
|
Authorization Flaw in go.etcd.io/etcd/v3 (CVE-2026-44283)
vulnerability in go.etcd.io/etcd/v3 (CVE-2026-44283). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.5.30` or later.
|
| CVE-2026-39852 |
|
Authorization Flaw in io.quarkus:quarkus-vertx-http (CVE-2026-39852)
vulnerability in io.quarkus:quarkus-vertx-http (CVE-2026-39852). Confidential information can be exposed externally. Mitigation: upgrade to `3.35.1.1` or later.
|
| CVE-2026-39402 |
|
Authorization Flaw in dos (CVE-2026-39402)
vulnerability in dos (CVE-2026-39402). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33489 |
|
Vulnerability in github.com/coredns/coredns (CVE-2026-33489)
vulnerability in github.com/coredns/coredns (CVE-2026-33489). Confidential information can be exposed externally. Mitigation: upgrade to `1.14.3` or later.
|
| CVE-2026-42812 |
|
Vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812)
vulnerability in org.apache.polaris:polaris-runtime-service (CVE-2026-42812). Successful exploitation can lead to full system takeover. Exploitable via ``write.metadata.path``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-43001 |
|
Authorization Flaw in keystone (CVE-2026-43001)
vulnerability in keystone (CVE-2026-43001). Confidential information can be exposed externally. Exploitable via `POST /v3/credentials`.
|
| CVE-2026-42432 |
|
Vulnerability in openclaw (CVE-2026-42432)
vulnerability in openclaw (CVE-2026-42432). Successful exploitation can lead to full system takeover. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.4.8` or later.
|
| CVE-2026-42429 |
|
Privilege Escalation in openclaw (CVE-2026-42429)
vulnerability in openclaw (CVE-2026-42429). Data can be tampered with by attackers. Exploitable via ``operator.read``. Mitigation: upgrade to `2026.4.8` or later.
|
| CVE-2026-41427 |
|
Authorization Flaw in better-auth (CVE-2026-41427)
vulnerability in better-auth (CVE-2026-41427). Data can be tampered with by attackers. Mitigation: upgrade to `1.6.5` or later.
|
| CVE-2025-13480 |
|
Authorization Flaw in fudosecurity (CVE-2025-13480)
vulnerability in fudosecurity (CVE-2025-13480). Confidential information can be exposed externally.
|
| CVE-2026-39454 |
|
Vulnerability in skygroup (CVE-2026-39454)
vulnerability in skygroup (CVE-2026-39454). Successful exploitation can lead to full system takeover.
|
| CVE-2025-40897 |
|
Authorization Flaw in CVE-2025-40897 (CVE-2025-40897)
vulnerability in CVE-2025-40897 (CVE-2025-40897). Data can be tampered with by attackers.
|
| CVE-2026-24069 |
|
Authorization Flaw in CVE-2026-24069 (CVE-2026-24069)
vulnerability in CVE-2026-24069 (CVE-2026-24069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33551 |
|
Authorization Flaw in keystone (CVE-2026-33551)
vulnerability in keystone (CVE-2026-33551). Confidential information can be exposed externally. Mitigation: upgrade to `26.1.1` or later.
|
| CVE-2026-27140 |
|
Authorization Flaw in toolchain (CVE-2026-27140)
vulnerability in toolchain (CVE-2026-27140). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.25.9, 1.26.2` or later.
|
| CVE-2026-28808 |
|
Authorization Flaw in erlang (CVE-2026-28808)
vulnerability in erlang (CVE-2026-28808). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35029 |
|
Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
|
| CVE-2026-41365 |
|
Authorization Flaw in openclaw (CVE-2026-41365)
vulnerability in openclaw (CVE-2026-41365). Risk of unauthorized operations or information disclosure. Exploitable via ``openclaw``. Mitigation: upgrade to `2026.3.31` or later.
|
| CVE-2026-30689 |
|
Authorization Flaw in anjoy8 (CVE-2026-30689)
vulnerability in anjoy8 (CVE-2026-30689). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4263 |
|
Authorization Flaw in CVE-2026-4263 (CVE-2026-4263)
vulnerability in CVE-2026-4263 (CVE-2026-4263). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-4262 |
|
Authorization Flaw in CVE-2026-4262 (CVE-2026-4262)
vulnerability in CVE-2026-4262 (CVE-2026-4262). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33217 |
|
Authorization Flaw in linuxfoundation (CVE-2026-33217)
vulnerability in linuxfoundation (CVE-2026-33217). Data can be tampered with by attackers.
|
| CVE-2026-32642 |
|
Authorization Flaw in apache (CVE-2026-32642)
vulnerability in apache (CVE-2026-32642). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32067 |
|
Authorization Flaw in openclaw (CVE-2026-32067)
vulnerability in openclaw (CVE-2026-32067). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69196 |
|
Authorization Flaw in jlowin (CVE-2025-69196)
vulnerability in jlowin (CVE-2025-69196). Confidential information can be exposed externally.
|
| CVE-2026-32597 |
|
Vulnerability in pyjwt (CVE-2026-32597)
vulnerability in pyjwt (CVE-2026-32597). Data can be tampered with by attackers. Exploitable via ``crit``. Mitigation: upgrade to `2.12.0` or later.
|
| CVE-2026-1471 |
|
Authorization Flaw in neo4j (CVE-2026-1471)
vulnerability in neo4j (CVE-2026-1471). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.26.22, 2026.1.4` or later.
|
| CVE-2026-1524 |
|
Authentication Bypass in neo4j (CVE-2026-1524)
authentication bypass in neo4j (CVE-2026-1524). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.26.22, 2026.2.0` or later.
|
| CVE-2026-31892 |
|
Authorization Flaw in argoproj (CVE-2026-31892)
vulnerability in argoproj (CVE-2026-31892). Confidential information can be exposed externally. Mitigation: upgrade to `4.0.2` or later.
|
| CVE-2026-1497 |
|
Authorization Flaw in neo4j (CVE-2026-1497)
vulnerability in neo4j (CVE-2026-1497). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `5.26.22, 2026.2.0` or later.
|
| CVE-2026-28229 |
|
Authorization Flaw in github.com/argoproj/argo-workflows/v4 (CVE-2026-28229)
vulnerability in github.com/argoproj/argo-workflows/v4 (CVE-2026-28229). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.2` or later.
|
| CVE-2026-29773 |
|
Authorization Flaw in privilege-escalation (CVE-2026-29773)
vulnerability in privilege-escalation (CVE-2026-29773). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23925 |
|
Authorization Flaw in zabbix (CVE-2026-23925)
vulnerability in zabbix (CVE-2026-23925). Confidential information can be exposed externally.
|
| CVE-2026-3009 |
|
Authorization Flaw in redhat (CVE-2026-3009)
vulnerability in redhat (CVE-2026-3009). Confidential information can be exposed externally.
|
| CVE-2026-2293 |
|
Authorization Flaw in nestjs (CVE-2026-2293)
vulnerability in nestjs (CVE-2026-2293). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21721 |
|
Authorization Flaw in privilege-escalation (CVE-2026-21721)
vulnerability in privilege-escalation (CVE-2026-21721). Confidential information can be exposed externally.
|
| CVE-2026-22822 |
|
Authorization Flaw in external-secrets (CVE-2026-22822)
vulnerability in external-secrets (CVE-2026-22822). Successful exploitation can lead to full system takeover. Exploitable via ``getSecretKey``.
|
| CVE-2025-2515 |
|
Authorization Flaw in privilege-escalation (CVE-2025-2515)
vulnerability in privilege-escalation (CVE-2025-2515). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8886 |
|
Information Disclosure in CVE-2025-8886 (CVE-2025-8886)
vulnerability in CVE-2025-8886 (CVE-2025-8886). Confidential information can be exposed externally.
|
| CVE-2025-10696 |
|
Authorization Flaw in c (CVE-2025-10696)
vulnerability in c (CVE-2025-10696). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55177 KEV |
|
[KEV] Authorization Flaw in Meta platforms meta-platforms (CVE-2025-55177)
vulnerability in Meta platforms meta-platforms (CVE-2025-55177). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-20701 |
|
Authorization Flaw in CVE-2025-20701 (CVE-2025-20701)
vulnerability in CVE-2025-20701 (CVE-2025-20701). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6018 |
|
Authorization Flaw in privilege-escalation (CVE-2025-6018)
vulnerability in privilege-escalation (CVE-2025-6018). Successful exploitation can lead to full system takeover.
|
| CVE-2025-21479 KEV |
|
[KEV] Authorization Flaw in Qualcomm multiple-chipsets (CVE-2025-21479)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-21479). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-21480 KEV |
|
[KEV] Authorization Flaw in Qualcomm multiple-chipsets (CVE-2025-21480)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-21480). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-10306 |
|
Authorization Flaw in CVE-2024-10306 (CVE-2024-10306)
vulnerability in CVE-2024-10306 (CVE-2024-10306). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-27427 |
|
Authorization Flaw in apache (CVE-2025-27427)
vulnerability in apache (CVE-2025-27427). Risk of unauthorized operations or information disclosure.
|