Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8769 |
|
Vulnerability in @ai-sdk/provider-utils (CVE-2026-8769)
vulnerability in @ai-sdk/provider-utils (CVE-2026-8769). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8768 |
|
SSRF (Server-Side Request Forgery) in vercel (CVE-2026-8768)
SSRF in vercel (CVE-2026-8768). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8767 |
|
Command Injection in vercel (CVE-2026-8767)
command injection in vercel (CVE-2026-8767). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46508 |
|
Command Injection in vercel (CVE-2026-46508)
command injection in vercel (CVE-2026-46508). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.9.14000` or later.
|
| CVE-2026-45773 |
|
Cross-Site Request Forgery (CSRF) in turbo (CVE-2026-45773)
vulnerability in turbo (CVE-2026-45773). Data can be tampered with by attackers. Exploitable via ``turbo``. Mitigation: upgrade to `2.9.14` or later.
|
| CVE-2026-45772 |
|
Vulnerability in turbo (CVE-2026-45772)
vulnerability in turbo (CVE-2026-45772). Successful exploitation can lead to full system takeover. Exploitable via ``yarnPath``. Mitigation: upgrade to `2.9.14` or later.
|
| CVE-2026-44479 |
|
Information Disclosure in vercel (CVE-2026-44479)
vulnerability in vercel (CVE-2026-44479). Confidential information can be exposed externally. Exploitable via ``VERCEL_TOKEN``. Mitigation: upgrade to `52.0.1` or later.
|
| CVE-2026-45109 |
|
Vulnerability in next (CVE-2026-45109)
vulnerability in next (CVE-2026-45109). Confidential information can be exposed externally. Exploitable via ``middleware.ts``. Mitigation: upgrade to `16.2.6` or later.
|
| CVE-2026-44572 |
|
Vulnerability in next (CVE-2026-44572)
vulnerability in next (CVE-2026-44572). Risk of unauthorized operations or information disclosure. Exploitable via ``Location``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44581 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44581)
cross-site scripting in next (CVE-2026-44581). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44582 |
|
Vulnerability in next (CVE-2026-44582)
vulnerability in next (CVE-2026-44582). Risk of unauthorized operations or information disclosure. Exploitable via ``_rsc``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44580 |
|
Cross-Site Scripting (XSS) in next (CVE-2026-44580)
cross-site scripting in next (CVE-2026-44580). Risk of unauthorized operations or information disclosure. Exploitable via ``beforeInteractive``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44579 |
|
Vulnerability in next (CVE-2026-44579)
vulnerability in next (CVE-2026-44579). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44577 |
|
Vulnerability in next (CVE-2026-44577)
vulnerability in next (CVE-2026-44577). Risk of unauthorized operations or information disclosure. Exploitable via ``images.localPatterns``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44578 |
|
SSRF (Server-Side Request Forgery) in next (CVE-2026-44578)
SSRF in next (CVE-2026-44578). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44576 |
|
Vulnerability in next (CVE-2026-44576)
vulnerability in next (CVE-2026-44576). Risk of unauthorized operations or information disclosure. Exploitable via ``RSC``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44575 |
|
Vulnerability in next (CVE-2026-44575)
vulnerability in next (CVE-2026-44575). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44574 |
|
Vulnerability in next (CVE-2026-44574)
vulnerability in next (CVE-2026-44574). Confidential information can be exposed externally. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2026-44573 |
|
Authorization Flaw in next (CVE-2026-44573)
vulnerability in next (CVE-2026-44573). Confidential information can be exposed externally. Exploitable via ``i18n``. Mitigation: upgrade to `16.2.5` or later.
|
| CVE-2015-8315 |
|
Vulnerability in dos (CVE-2015-8315)
vulnerability in dos (CVE-2015-8315). Risk of unauthorized operations or information disclosure.
|