Filter and search through 392,598 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-24139 | MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, all... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2026-24138 | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1754 and below contain an unauthenticated SSRF vul... | 7.5 | 394 | Neutral | No | No |
| CVE-2026-24137 | ## Summary The legacy TUF client `pkg/tuf/client.go`, which supports caching target files to disk, constructs a filesystem path by joining a cache ba... | 5.8 | 260 | Neutral | No | Yes |
| CVE-2026-24136 | Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24134 | ### Summary StudioCMS contains a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "... | 6.5 | 273 | Neutral | No | Yes |
| CVE-2026-24132 | I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24131 | ### Summary When pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24130 | ### Impact Instances of Moonraker configured with the `ldap` component enabled are vulnerable to LDAP search filter injection techniques via the logi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24129 | Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an a... | 8.0 | 467 | Neutral | No | No |
| CVE-2026-24128 | ### Impact A reflected cross site scripting (XSS) vulnerability in XWiki allows an attacker to execute arbitrary actions in XWiki with the rights of t... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24127 | Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the lo... | 5.4 | 129 | Neutral | No | No |
| CVE-2026-24124 | ## Summary Dragonfly Manager's Job REST API endpoints lack authentication, allowing unauthenticated attackers to create, query, modify, and delete jo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24123 | ### Summary BentoML's `bentofile.yaml` configuration allows path traversal attacks through multiple file path fields (`description`, `docker.setup_sc... | 7.4 | 483 | Neutral | No | Yes |
| CVE-2026-24117 | ## Summary `/api/v1/index/retrieve` supports retrieving a public key via a user-provided URL, allowing attackers to trigger SSRF to arbitrary interna... | 5.3 | 253 | Neutral | No | Yes |
| CVE-2026-24116 | On x86-64 platforms with AVX Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessa... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24061 | GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the ... | 9.8 | 690 | Viral | Yes | Yes |
| CVE-2026-24058 | ### Impact _What kind of vulnerability is it? Who is impacted?_ This issue impacts every Soft Serve instance. A critical authentication bypass allow... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24056 | ### Summary When pnpm installs a `file:` (directory) or `git:` dependency, it follows symlinks and reads their target contents without constraining th... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-24055 | Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-24049 | ### Summary - **Vulnerability Type:** Path Traversal (CWE-22) leading to Arbitrary File Permission Modification. - **Root Cause Component:** wheel... | 7.1 | 427 | Neutral | No | Yes |