Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-33634 KEV |
|
[KEV] Vulnerability in Aquasecurity trivy (CVE-2026-33634)
vulnerability in Aquasecurity trivy (CVE-2026-33634). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33017 KEV |
|
[KEV] Vulnerability in langflow (CVE-2026-33017)
vulnerability in langflow (CVE-2026-33017). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/build_public_tmp/{flow_id}/flow`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.0` or later.
|
| CVE-2026-24858 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2026-24858)
vulnerability in Fortinet multiple-products (CVE-2026-24858). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34291 KEV |
|
[KEV] Vulnerability in langflow (CVE-2025-34291)
vulnerability in langflow (CVE-2025-34291). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2025-54236 KEV |
|
[KEV] Vulnerability in Adobe commerce (CVE-2025-54236)
vulnerability in Adobe commerce (CVE-2025-54236). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2025-57819 KEV |
|
[KEV] SQL Injection in Sangoma freepbx (CVE-2025-57819)
SQL injection in Sangoma freepbx (CVE-2025-57819). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38950 KEV |
|
[KEV] Path Traversal in Zkteco biotime (CVE-2023-38950)
path traversal in Zkteco biotime (CVE-2023-38950). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24472 KEV |
|
[KEV] Vulnerability in Fortinet fortios-and-fortiproxy (CVE-2025-24472)
vulnerability in Fortinet fortios-and-fortiproxy (CVE-2025-24472). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2024-55591 KEV |
|
[KEV] Vulnerability in Fortinet fortios-and-fortiproxy (CVE-2024-55591)
vulnerability in Fortinet fortios-and-fortiproxy (CVE-2024-55591). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2022-26258 KEV |
|
[KEV] OS Command Injection in D-link dir-820l (CVE-2022-26258)
OS command injection in D-link dir-820l (CVE-2022-26258). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2018-1273 KEV |
|
[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
code injection in Vmware tanzu vmware-tanzu (CVE-2018-1273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42237 KEV |
|
[KEV] Unsafe Deserialization in Sitecore xp (CVE-2021-42237)
vulnerability in Sitecore xp (CVE-2021-42237). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|