🚨 CodeAnt AI found a CVSS 10.0 vulnerability. Undetected for 6 years.

🚨 CodeAnt AI found a CVSS 10.0 vulnerability.

🚨 CodeAnt AI found a CVSS 10.0 vulnerability. Undetected for 6 years.

CodeAnt AI Vulnerability Database

A comprehensive hub for tracking high-impact vulnerabilities across application code and third-party libraries, for security teams and developers.

CVE-2026-30861

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

Remote Code Execution

March 7, 2026

CVE-2026-30860

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

Remote Code Execution via SQL Injection on the Database Server

March 7, 2026

CVE-2026-30855

HIGH RISK

HIGH

(8.8)

Authorization Bypass in Tenant Management (CWE-284) in WeKnora

Cross-Tenant Account Takeover and Data Destruction

March 7, 2026

CVE-2026-30851

HIGH RISK

HIGH

(8.1)

Improper Authentication via Header Injection (CWE-287) in Caddy forward_auth copy_headers

Authentication Bypass and Privilege Escalation via Trust of Spoofed Identity Headers

March 7, 2026

CVE-2026-30834

HIGH RISK

HIGH

(7.5)

Server-Side Request Forgery (CWE-918) in PinchTab /download Endpoint

Internal Network and Local File/Data Exposure via SSRF

March 7, 2026

CVE-2026-30832

CRITICAL RISK

CRITICAL

(9.1)

Server-Side Request Forgery (CWE-918) via LFS Endpoint in Soft Serve Git Server

Internal network access and data exfiltration via SSRF

March 7, 2026

CVE-2026-29784

HIGH RISK

HIGH

(7.5)

Incomplete CSRF Protection (CWE-352) in Ghost Session Verification Endpoint

Account Takeover / Site Compromise

March 7, 2026

CVE-2026-29779

HIGH RISK

HIGH

(7.5)

Sensitive Configuration Exposure (CWE-200) in UptimeFlare Client Bundle

Disclosure of Sensitive Configuration Data

March 7, 2026

CVE-2026-29778

HIGH RISK

HIGH

(7.1)

Path Traversal (CWE-23) in pyLoad edit_package Folder Handling

Arbitrary File System Access Within Application Privileges

March 7, 2026

CVE-2026-28678

HIGH RISK

HIGH

(8.1)

Insufficiently Protected Authentication Tokens (CWE-522) in DSA Study Hub Auth Flow

Account Takeover and Session Abuse

March 7, 2026

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

CodeAnt AI Vulnerability Database

SUBSCRIBE

SUBSCRIBE

CRITICAL RISK

CRITICAL

(9.9)

Command Injection in MCP Stdio Configuration Validation (CWE-78) in WeKnora

CRITICAL RISK

CRITICAL

(9.9)

SQL Injection via PostgreSQL Array/Row Expressions (CWE-89) in WeKnora Query Engine

HIGH RISK

HIGH

(8.8)

Authorization Bypass in Tenant Management (CWE-284) in WeKnora

HIGH RISK

HIGH

(8.1)

Improper Authentication via Header Injection (CWE-287) in Caddy forward_auth copy_headers

HIGH RISK

HIGH

(7.5)

Server-Side Request Forgery (CWE-918) in PinchTab /download Endpoint

CRITICAL RISK

CRITICAL

(9.1)

Server-Side Request Forgery (CWE-918) via LFS Endpoint in Soft Serve Git Server

HIGH RISK

HIGH

(7.5)

Incomplete CSRF Protection (CWE-352) in Ghost Session Verification Endpoint

HIGH RISK

HIGH

(7.5)

Sensitive Configuration Exposure (CWE-200) in UptimeFlare Client Bundle

HIGH RISK

HIGH

(7.1)

Path Traversal (CWE-23) in pyLoad edit_package Folder Handling

HIGH RISK

HIGH

(8.1)

Insufficiently Protected Authentication Tokens (CWE-522) in DSA Study Hub Auth Flow

Load More

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare