Filter and search through 392,208 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-24124 | ## Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jo... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-24123 | ### Summary BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description`, `docker.setup_sc... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24117 | ## Summary `/api/v1/index/retrieve` supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary interna... | 5.3 | 253 | Neutral | No | Yes |
| CVE-2026-24116 | On x86-64 platforms with AVX Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessa... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24061 | GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the ... | 9.8 | 690 | Viral | Yes | Yes |
| CVE-2026-24058 | ### Impact _What kind of vulnerability is it? Who is impacted?_ This issue impacts every Soft Serve instance. A critical authentication bypass allow... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24056 | ### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining th... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24055 | Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24049 | ### Summary - **Vulnerability Type:** Path Traversal (CWE-22) leading to Arbitrary File Permission Modification. - **Root Cause Component:** wheel... | 7.1 | 427 | Neutral | No | Yes |
| CVE-2026-24048 | ### Impact The `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. T... | 3.5 | 225 | Neutral | No | Yes |
| CVE-2026-24047 | ### Impact The `resolveSafeChildPath` utility function in `@backstage/backend-plugin-api`, which is used to prevent path traversal attacks, failed to... | 6.3 | 186 | Neutral | No | Yes |
| CVE-2026-24046 | ### Impact Multiple Scaffolder actions and archive extraction utilities were vulnerable to symlink-based path traversal attacks. An attacker with acc... | 7.1 | 429 | Neutral | No | Yes |
| CVE-2026-24042 | Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticat... | 9.4 | 587 | Neutral | No | No |
| CVE-2026-24039 | Horilla is a free and open source Human Resource Management System (HRMS). Version 1.4.0 has Improper Access Control, allowing low-privileged employee... | 4.3 | 107 | Neutral | No | No |
| CVE-2026-24038 | Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the OTP handling logic has a flawed equality check that c... | 8.1 | 484 | Neutral | No | No |
| CVE-2026-24037 | Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function attempts to block XSS by matching ... | 4.8 | 103 | Neutral | No | No |
| CVE-2026-24036 | Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished job postings through the /recru... | 5.3 | 132 | Neutral | No | No |
| CVE-2026-24035 | Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exists in Horilla HR Software star... | 4.3 | 107 | Neutral | No | No |
| CVE-2026-24034 | Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be tri... | 5.4 | 129 | Neutral | No | No |
| CVE-2026-24026 | Rejected reason: Not used | 0.0 | 0 | Neutral | No | No |