Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54998 |
|
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate...
|
| CVE-2026-57955 |
|
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers...
|
| CVE-2026-53857 |
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
| CVE-2026-48305 |
|
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write...
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write...
|
| CVE-2026-11462 |
|
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
|
| CVE-2026-7313 |
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
|
| CVE-2026-47740 |
|
shopper/framework: Authorization bypass in multiple Livewire admin components
shopper/framework: Authorization bypass in multiple Livewire admin components
|
| CVE-2026-45206 |
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to...
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to...
|
| CVE-2026-34927 |
|
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to...
An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to...
|
| CVE-2026-2740 |
|
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and...
Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and...
|
| CVE-2026-22069 |
|
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the...
|
| CVE-2026-42354 |
|
Vulnerability in sso (CVE-2026-42354)
vulnerability in sso (CVE-2026-42354). Confidential information can be exposed externally. Exploitable via ``Moved``.
|
| CVE-2026-44335 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44335)
SSRF in ssrf (CVE-2026-44335). Successful exploitation can lead to full system takeover. Exploitable via ``requests``. Mitigation: upgrade to `>= 1.6.32` or later.
|
| CVE-2026-33823 |
|
Vulnerability in microsoft (CVE-2026-33823)
vulnerability in microsoft (CVE-2026-33823). Confidential information can be exposed externally.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-38431 |
|
Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
|
| CVE-2024-7399 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-27199 KEV |
|
[KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48700 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-9715 KEV |
|
[KEV] Use-After-Free in Adobe acrobat (CVE-2020-9715)
vulnerability in Adobe acrobat (CVE-2020-9715). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-35616 KEV |
|
[KEV] Vulnerability in Fortinet forticlient-ems (CVE-2026-35616)
vulnerability in Fortinet forticlient-ems (CVE-2026-35616). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-59249 |
|
Vulnerability in microsoft (CVE-2025-59249)
vulnerability in microsoft (CVE-2025-59249). Successful exploitation can lead to full system takeover.
|
| CVE-2025-59248 |
|
Vulnerability in microsoft (CVE-2025-59248)
vulnerability in microsoft (CVE-2025-59248). Confidential information can be exposed externally.
|
| CVE-2025-53782 |
|
Vulnerability in microsoft (CVE-2025-53782)
vulnerability in microsoft (CVE-2025-53782). Successful exploitation can lead to full system takeover.
|
| CVE-2025-33051 |
|
Information Disclosure in microsoft (CVE-2025-33051)
vulnerability in microsoft (CVE-2025-33051). Confidential information can be exposed externally.
|
| CVE-2023-4665 |
|
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows...
Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows...
|
| CVE-2023-4664 |
|
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege...
Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege...
|
| CVE-2017-1373 |
|
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force I...
Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.
|
| CVE-2017-1371 |
|
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access...
Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.
|