Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-5426 Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
CVE-2026-31843 Vulnerability in laravel (CVE-2026-31843)
vulnerability in laravel (CVE-2026-31843). Successful exploitation can lead to full system takeover.
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
CVE-2026-6388 Vulnerability in privilege-escalation (CVE-2026-6388)
vulnerability in privilege-escalation (CVE-2026-6388). Data can be tampered with by attackers.
CVE-2026-34197 KEV [KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
CVE-2026-40500 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-40500)
SSRF in ssrf (CVE-2026-40500). Confidential information can be exposed externally.
CVE-2026-6384 Vulnerability in dos (CVE-2026-6384)
vulnerability in dos (CVE-2026-6384). Successful exploitation can lead to full system takeover. Exploitable via ``ReadJeffsImage``.
CVE-2026-20186 Command Injection in dos (CVE-2026-20186)
command injection in dos (CVE-2026-20186). Successful exploitation can lead to full system takeover.
CVE-2026-20148 Path Traversal in path-traversal (CVE-2026-20148)
path traversal in path-traversal (CVE-2026-20148). Confidential information can be exposed externally.
CVE-2026-30461 Command Injection in thedaylightstudio (CVE-2026-30461)
command injection in thedaylightstudio (CVE-2026-30461). Confidential information can be exposed externally.
CVE-2025-40899 Cross-Site Scripting (XSS) in c (CVE-2025-40899)
cross-site scripting in c (CVE-2025-40899). Data can be tampered with by attackers.
CVE-2026-26291 Cross-Site Scripting (XSS) in CVE-2026-26291 (CVE-2026-26291)
cross-site scripting in CVE-2026-26291 (CVE-2026-26291). Risk of unauthorized operations or information disclosure.
CVE-2026-56370 Out-of-Bounds Read in Magick.NET-Q16-AnyCPU (CVE-2026-56370)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-56370). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.12.0` or later.
CVE-2025-65134 Cross-Site Scripting (XSS) in CVE-2025-65134 (CVE-2025-65134)
cross-site scripting in CVE-2025-65134 (CVE-2025-65134). Risk of unauthorized operations or information disclosure.
CVE-2026-39813 Vulnerability in path-traversal (CVE-2026-39813)
vulnerability in path-traversal (CVE-2026-39813). Successful exploitation can lead to full system takeover.
CVE-2025-61624 Path Traversal in path-traversal (CVE-2025-61624)
path traversal in path-traversal (CVE-2025-61624). Data can be tampered with by attackers.
CVE-2026-37980 Cross-Site Scripting (XSS) in redhat (CVE-2026-37980)
cross-site scripting in redhat (CVE-2026-37980). Confidential information can be exposed externally. Exploitable via ``organization.alias``.
CVE-2009-0238 KEV [KEV] Code Injection in Microsoft office (CVE-2009-0238)
code injection in Microsoft office (CVE-2009-0238). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-33908 Vulnerability in dos (CVE-2026-33908)
vulnerability in dos (CVE-2026-33908). Risk of unauthorized operations or information disclosure.
CVE-2026-31280 Vulnerability in dos (CVE-2026-31280)
vulnerability in dos (CVE-2026-31280). Risk of unauthorized operations or information disclosure.
CVE-2025-63743 Cross-Site Scripting (XSS) in CVE-2025-63743 (CVE-2025-63743)
cross-site scripting in CVE-2025-63743 (CVE-2025-63743). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.3.2` or later.
CVE-2026-1462 Unsafe Deserialization in keras (CVE-2026-1462)
vulnerability in keras (CVE-2026-1462). Successful exploitation can lead to full system takeover. Exploitable via ``TFSMLayer``. Mitigation: upgrade to `3.13.2` or later.
CVE-2026-36942 SQL Injection in sqli (CVE-2026-36942)
SQL injection in sqli (CVE-2026-36942). Risk of unauthorized operations or information disclosure.
CVE-2026-36946 SQL Injection in sqli (CVE-2026-36946)
SQL injection in sqli (CVE-2026-36946). Risk of unauthorized operations or information disclosure.
CVE-2026-31415 Vulnerability in c (CVE-2026-31415)
vulnerability in c (CVE-2026-31415). Risk of unauthorized operations or information disclosure. Exploitable via ``__u16``.
CVE-2026-36874 SQL Injection in sqli (CVE-2026-36874)
SQL injection in sqli (CVE-2026-36874). Risk of unauthorized operations or information disclosure.
CVE-2026-6179 Cross-Site Scripting (XSS) in fptsoftware (CVE-2026-6179)
cross-site scripting in fptsoftware (CVE-2026-6179). Risk of unauthorized operations or information disclosure.
CVE-2026-25204 Unsafe Deserialization in dos (CVE-2026-25204)
vulnerability in dos (CVE-2026-25204). Risk of unauthorized operations or information disclosure.
CVE-2012-1854 KEV [KEV] Vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854)
vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-21529 KEV [KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2023-21529)
vulnerability in Microsoft exchange-server (CVE-2023-21529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2020-9715 KEV [KEV] Use-After-Free in Adobe acrobat (CVE-2020-9715)
vulnerability in Adobe acrobat (CVE-2020-9715). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-21643 KEV [KEV] SQL Injection in Fortinet forticlient-ems (CVE-2026-21643)
SQL injection in Fortinet forticlient-ems (CVE-2026-21643). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-34621 KEV [KEV] Vulnerability in Adobe acrobat-and-reader (CVE-2026-34621)
vulnerability in Adobe acrobat-and-reader (CVE-2026-34621). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-36424 KEV [KEV] Out-of-Bounds Read in Microsoft windows (CVE-2023-36424)
vulnerability in Microsoft windows (CVE-2023-36424). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-60710 KEV [KEV] Vulnerability in Microsoft windows (CVE-2025-60710)
vulnerability in Microsoft windows (CVE-2025-60710). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-31845 Cross-Site Scripting (XSS) in CVE-2026-31845 (CVE-2026-31845)
cross-site scripting in CVE-2026-31845 (CVE-2026-31845). Confidential information can be exposed externally.
CVE-2026-32146 Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification
Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification
CVE-2026-4153 Vulnerability in gimp (CVE-2026-4153)
vulnerability in gimp (CVE-2026-4153). Successful exploitation can lead to full system takeover.
CVE-2026-4154 Vulnerability in gimp (CVE-2026-4154)
vulnerability in gimp (CVE-2026-4154). Successful exploitation can lead to full system takeover.
CVE-2026-4152 Vulnerability in gimp (CVE-2026-4152)
vulnerability in gimp (CVE-2026-4152). Successful exploitation can lead to full system takeover.
CVE-2026-4150 Vulnerability in gimp (CVE-2026-4150)
vulnerability in gimp (CVE-2026-4150). Successful exploitation can lead to full system takeover.
CVE-2026-4151 Vulnerability in gimp (CVE-2026-4151)
vulnerability in gimp (CVE-2026-4151). Successful exploitation can lead to full system takeover.
CVE-2026-40175 Vulnerability in axios (CVE-2026-40175)
vulnerability in axios (CVE-2026-40175). Risk of unauthorized operations or information disclosure. Exploitable via `GET /pings`. Mitigation: upgrade to `0.31.0` or later.
CVE-2026-6068 Use-After-Free in nasm (CVE-2026-6068)
vulnerability in nasm (CVE-2026-6068). Successful exploitation can lead to full system takeover.
CVE-2026-33092 Vulnerability in privilege-escalation (CVE-2026-33092)
vulnerability in privilege-escalation (CVE-2026-33092). Successful exploitation can lead to full system takeover.
CVE-2026-39304 Vulnerability in apache (CVE-2026-39304)
vulnerability in apache (CVE-2026-39304). Risk of unauthorized operations or information disclosure.
CVE-2026-6057 Path Traversal in path-traversal (CVE-2026-6057)
path traversal in path-traversal (CVE-2026-6057). Successful exploitation can lead to full system takeover.
CVE-2026-39848 Vulnerability in csrf (CVE-2026-39848)
vulnerability in csrf (CVE-2026-39848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.0` or later.
CVE-2026-21904 Cross-Site Scripting (XSS) in juniper (CVE-2026-21904)
cross-site scripting in juniper (CVE-2026-21904). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →