Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-59929 |
|
Cross-Site Scripting (XSS) in CVE-2026-59929 (CVE-2026-59929)
cross-site scripting in CVE-2026-59929 (CVE-2026-59929). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-59261 |
|
Vulnerability in CVE-2026-59261 (CVE-2026-59261)
vulnerability in CVE-2026-59261 (CVE-2026-59261). Confidential information can be exposed externally.
|
| CVE-2026-14534 |
|
Vulnerability in c (CVE-2026-14534)
vulnerability in c (CVE-2026-14534). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56777 |
|
Vulnerability in n8n (CVE-2026-56777)
vulnerability in n8n (CVE-2026-56777). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71355 |
|
Vulnerability in deserialization (CVE-2025-71355)
vulnerability in deserialization (CVE-2025-71355). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49869 |
|
OS Command Injection in kestra (CVE-2026-49869)
OS command injection in kestra (CVE-2026-49869). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.0.45` or later.
|
| CVE-2026-57234 |
|
Vulnerability in ssrf (CVE-2026-57234)
vulnerability in ssrf (CVE-2026-57234). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.19.4` or later.
|
| CVE-2026-54070 |
|
Cross-Site Scripting (XSS) in CVE-2026-54070 (CVE-2026-54070)
cross-site scripting in CVE-2026-54070 (CVE-2026-54070). Confidential information can be exposed externally. Mitigation: upgrade to `3.7.0` or later.
|
| CVE-2026-47389 |
|
Vulnerability in c (CVE-2026-47389)
vulnerability in c (CVE-2026-47389). Confidential information can be exposed externally. Mitigation: upgrade to `4.5.10` or later.
|
| CVE-2026-53944 |
|
Vulnerability in CVE-2026-53944 (CVE-2026-53944)
vulnerability in CVE-2026-53944 (CVE-2026-53944). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.21.1` or later.
|
| CVE-2026-54512 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54512). Successful exploitation can lead to full system takeover. Exploitable via ``PolymorphicTypeValidator``. Mitigation: upgrade to `2.21.4` or later.
|
| CVE-2026-54513 |
|
Vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54513)
vulnerability in com.fasterxml.jackson.core:jackson-databind (CVE-2026-54513). Successful exploitation can lead to full system takeover. Exploitable via ``EvilType``. Mitigation: upgrade to `3.1.4` or later.
|
| CVE-2026-56315 |
|
Vulnerability in CVE-2026-56315 (CVE-2026-56315)
vulnerability in CVE-2026-56315 (CVE-2026-56315). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71351 |
|
Vulnerability in CVE-2025-71351 (CVE-2025-71351)
vulnerability in CVE-2025-71351 (CVE-2025-71351). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-53873 |
|
Vulnerability in picklescan (CVE-2026-53873)
vulnerability in picklescan (CVE-2026-53873). Successful exploitation can lead to full system takeover. Exploitable via ``profile.Profile.run``. Mitigation: upgrade to `1.0.4` or later.
|
| CVE-2025-71323 |
|
Vulnerability in picklescan (CVE-2025-71323)
vulnerability in picklescan (CVE-2025-71323). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-55743 |
|
OS Command Injection in CVE-2026-55743 (CVE-2026-55743)
OS command injection in CVE-2026-55743 (CVE-2026-55743). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71320 |
|
Vulnerability in picklescan (CVE-2025-71320)
vulnerability in picklescan (CVE-2025-71320). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2026-53864 |
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
| CVE-2026-53861 |
|
Vulnerability in openclaw (CVE-2026-53861)
vulnerability in openclaw (CVE-2026-53861). Confidential information can be exposed externally. Mitigation: upgrade to `2026.5.6` or later.
|
| CVE-2026-53855 |
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
| CVE-2026-53848 |
|
OS Command Injection in openclaw (CVE-2026-53848)
OS command injection in openclaw (CVE-2026-53848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.26` or later.
|
| CVE-2026-54090 |
|
Command Injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-54090)
command injection in github.com/filebrowser/filebrowser/v2 (CVE-2026-54090). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/login`. Mitigation: upgrade to `2.33.10` or later.
|
| CVE-2026-53836 |
|
Vulnerability in openclaw (CVE-2026-53836)
vulnerability in openclaw (CVE-2026-53836). Successful exploitation can lead to full system takeover.
|
| CVE-2026-48557 |
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
| CVE-2026-44287 |
|
Code Injection in CVE-2026-44287 (CVE-2026-44287)
code injection in CVE-2026-44287 (CVE-2026-44287). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.15.0-beta1` or later.
|
| CVE-2026-44463 |
|
OS Command Injection in zed (CVE-2026-44463)
OS command injection in zed (CVE-2026-44463). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.229.0` or later.
|
| CVE-2026-44462 |
|
Vulnerability in zed (CVE-2026-44462)
vulnerability in zed (CVE-2026-44462). Confidential information can be exposed externally. Mitigation: upgrade to `0.229.0` or later.
|
| CVE-2026-9818 |
|
Vulnerability in CVE-2026-9818 (CVE-2026-9818)
vulnerability in CVE-2026-9818 (CVE-2026-9818). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44587 |
|
Cross-Site Scripting (XSS) in carrierwave (CVE-2026-44587)
cross-site scripting in carrierwave (CVE-2026-44587). Risk of unauthorized operations or information disclosure. Exploitable via ``Regexp.quote``. Mitigation: upgrade to `2.2.7` or later.
|
| CVE-2026-45037 |
|
Vulnerability in tabby (CVE-2026-45037)
vulnerability in tabby (CVE-2026-45037). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.0.232` or later.
|
| CVE-2026-42590 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-42590). Data can be tampered with by attackers. Exploitable via ``FileName``.
|
| CVE-2026-40893 |
|
Vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893)
vulnerability in github.com/gotenberg/gotenberg/v8 (CVE-2026-40893). Data can be tampered with by attackers. Exploitable via ``FileName``.
|
| CVE-2026-43929 |
|
Vulnerability in ssrfcheck (CVE-2026-43929)
vulnerability in ssrfcheck (CVE-2026-43929). Confidential information can be exposed externally. Exploitable via ``ssrfcheck``.
|
| CVE-2026-43991 |
|
OS Command Injection in CVE-2026-43991 (CVE-2026-43991)
OS command injection in CVE-2026-43991 (CVE-2026-43991). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.x.y-security-1` or later.
|
| CVE-2026-45006 |
|
Vulnerability in openclaw (CVE-2026-45006)
vulnerability in openclaw (CVE-2026-45006). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44993 |
|
Vulnerability in openclaw (CVE-2026-44993)
vulnerability in openclaw (CVE-2026-44993). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34430 |
|
Vulnerability in deerflow (CVE-2026-34430)
vulnerability in deerflow (CVE-2026-34430). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32022 |
|
Vulnerability in openclaw (CVE-2026-32022)
vulnerability in openclaw (CVE-2026-32022). Confidential information can be exposed externally. Exploitable via ``tools.exec.safeBins``. Mitigation: upgrade to `2026.2.21` or later.
|
| CVE-2026-1773 |
|
Vulnerability in dos (CVE-2026-1773)
vulnerability in dos (CVE-2026-1773). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-5217 KEV |
|
[KEV] Vulnerability in Servicenow utah (CVE-2024-5217)
vulnerability in Servicenow utah (CVE-2024-5217). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-30103 |
|
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
|
| CVE-2023-3374 |
|
Vulnerability in privilege-escalation (CVE-2023-3374)
vulnerability in privilege-escalation (CVE-2023-3374). Successful exploitation can lead to full system takeover.
|
| CVE-2022-26871 KEV |
|
[KEV] Vulnerability in Trend micro trend-micro (CVE-2022-26871)
vulnerability in Trend micro trend-micro (CVE-2022-26871). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42321 KEV |
|
[KEV] Vulnerability in Microsoft exchange (CVE-2021-42321)
vulnerability in Microsoft exchange (CVE-2021-42321). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-0909 |
|
Vulnerability in private-address-check-project (CVE-2017-0909)
vulnerability in private-address-check-project (CVE-2017-0909). Successful exploitation can lead to full system takeover.
|
| CVE-2015-5946 |
|
Vulnerability in sugarcrm (CVE-2015-5946)
vulnerability in sugarcrm (CVE-2015-5946). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7540 |
|
Vulnerability in privilege-escalation (CVE-2017-7540)
vulnerability in privilege-escalation (CVE-2017-7540). Successful exploitation can lead to full system takeover.
|
| CVE-2016-6189 |
|
Vulnerability in alinto (CVE-2016-6189)
vulnerability in alinto (CVE-2016-6189). Risk of unauthorized operations or information disclosure.
|