CVE search
364,310 resultsCVE-2026-44017HIGHDocling: Unsafe Zip Extraction in EasyOCR Model DownloadEPSS 0.5%CVE-2026-44022MEDIUMDocling: Potential Path Traversal via LaTeX \includegraphics and \input CommandsEPSS 0.2%CVE-2026-44020HIGHDocling: Unsafe XML Entity Expansion in USPTO Patent BackendEPSS 0.3%CVE-2026-44016HIGHDocling: Unsafe Playwright-based HTML RenderingEPSS 0.4%CVE-2026-48704HIGHWarp Markdown notebook links may open executable local filesEPSS 0.3%CVE-2026-48719HIGHWarp branch selector command injection via Git branch namesEPSS 0.9%CVE-2026-48720HIGHWarp: SSH remote output can lead to local file overwrite and persistenceEPSS 0.2%CVE-2026-48721HIGHWarp: Env-var prefixes can lead to denylisted command autoexecutionEPSS 0.1%CVE-2026-48731HIGHWarp: Linux external editor command injectionEPSS 0.5%CVE-2026-48732HIGHWarp: Remote SSH cwd can lead to unauthorized remote command executionEPSS 1.0%CVE-2026-54686MEDIUMWarp: DCS lifecycle hook spoofing can alter terminal session metadataEPSS 0.3%CVE-2026-54699HIGHWarp: OS command injection when opening terminal links from WSLEPSS 0.4%CVE-2026-48703HIGHWarp: Command Injection via Warp code search tool argumentsEPSS 0.2%CVE-2026-48725HIGHWarp may allow terminal output to access the local clipboard through OSC 52EPSS 0.2%CVE-2026-55611NONEAnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)EPSS 0.2%CVE-2026-48789MEDIUMAnythingLLM: Windows path containment bypass in document folder routeEPSS 0.2%CVE-2026-49851HIGHMistune: Potential DoS via quadratic-time parsing in parse_link_textEPSS 0.4%CVE-2026-53130HIGHfs/omfs: reject s_sys_blocksize smaller than OMFS_DIR_STARTEPSS 0.1%CVE-2026-53129—fs/mbcache: cancel shrink work before destroying the cacheEPSS 0.1%CVE-2026-53128—drbd: Balance RCU calls in drbd_adm_dump_devices()EPSS 0.1%