Busca de CVEs
361.085 resultadosCVE-2026-55092HIGHTrivy: Path traversal via a crafted vulnerability database or other downloaded artifactsEPSS 0.3%CVE-2026-9083MEDIUMKeycloak: keycloak: information disclosure through arbitrary filesystem path probingEPSS 0.5%CVE-2026-9799MEDIUMKeycloak: keycloak: unauthorized access to resources via uma permission ticket bypassEPSS 0.2%CVE-2026-9705MEDIUMKeycloak: keycloak: attacker can re-enable and take over disabled clients via registration access tokenEPSS 0.3%CVE-2026-9086HIGHKeycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypassEPSS 0.4%CVE-2026-9099HIGHKeycloak: group-admin escalation to realm-adminEPSS 0.3%CVE-2026-9800HIGHKeycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparisonEPSS 0.3%CVE-2026-55411MEDIUMToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secretsEPSS 0.1%CVE-2026-55412HIGHToolJet Cloud - SSRF to Azure Cloud Infrastructure CompromiseEPSS 0.2%CVE-2026-13350LOWPermissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.EPSS 0.2%CVE-2026-55413CRITICALToolJet - Marketplace Plugin Poisoning Enables Instance-Wide Remote Code ExecutionEPSS 0.3%CVE-2026-54573MEDIUMAuthorization Bypass in API Key/OAuth Scopes via Path Parsing DiscrepancyEPSS 0.3%CVE-2026-55439MEDIUMHalo: Path Traversal in Backup Download Leads to Arbitrary File ReadEPSS 0.3%CVE-2026-54024MEDIUMLibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size LimitsEPSS 0.2%CVE-2026-54025MEDIUMLibreChat: Stored XSS via unescaped image alt text in markdown artifact previewEPSS 0.1%CVE-2026-54027MEDIUMLibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload AuthorizationEPSS 0.2%CVE-2026-54029MEDIUMLibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User FilterEPSS 0.2%CVE-2026-54033HIGHLibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLsEPSS 0.2%CVE-2026-45233HIGHHTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in AutosaveEPSS 0.6%CVE-2026-54037MEDIUMLibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/forkEPSS 0.3%