CodeAnt AI Vulnerability Database
A comprehensive hub for tracking high-impact vulnerabilities across application code and third-party libraries, for security teams and developers.
CVE-2020-37123
(9.8)
OS Command Injection (CWE-78) in Pinger ping.php Parameters
Remote Code Execution
February 5, 2026
CVE-2026-25546
(7.8)
OS Command Injection (CWE-78) in Godot MCP executeOperation Handler
Remote Code Execution
February 4, 2026
CVE-2026-25539
(9.1)
Path Traversal (CWE-22) in SiYuan /api/file/copyFile Allows Arbitrary File Write
Remote Code Execution via Arbitrary File Write
February 4, 2026
CVE-2026-25519
(8.1)
Improper Access Control (CWE-284) in OpenSlides SAML-Linked Local Logins
Authentication Bypass and Account Takeover
February 4, 2026
CVE-2026-25505
(9.8)
Missing Authentication and Hardcoded JWT Secret (CWE-306, CWE-321) in Bambuddy API
Complete Compromise of Application Functions and Data over the Network
February 4, 2026
CVE-2026-25161
(8.8)
Path Traversal (CWE-22) in Alist File Operation Handlers
Unauthorized File Access and Manipulation
February 4, 2026
CVE-2026-25160
(9.1)
Improper TLS Certificate Validation (CWE-295) in Alist Storage Drivers
Confidentiality and Integrity Compromise via Man-in-the-Middle
February 4, 2026
CVE-2026-25157
(7.7)
OS Command Injection (CWE-78) in OpenClaw sshNodeCommand and SSH Target Parsing
Remote and Local Command Execution
February 4, 2026
CVE-2026-25143
(7.8)
OS Command Injection (CWE-78) in melange Patch Pipeline
Remote Code Execution on Build Infrastructure
February 4, 2026
CVE-2026-24844
(7.9)
Command Injection via Unescaped Variable Substitution (CWE-78) in Melange Pipelines
Remote Code Execution in Build Environment
February 4, 2026
