Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-28364 Vulnerability in c (CVE-2026-28364)
vulnerability in c (CVE-2026-28364). Confidential information can be exposed externally.
CVE-2026-25109 OS Command Injection in copeland (CVE-2026-25109)
OS command injection in copeland (CVE-2026-25109). Successful exploitation can lead to full system takeover.
CVE-2026-20910 OS Command Injection in copeland (CVE-2026-20910)
OS command injection in copeland (CVE-2026-20910). Successful exploitation can lead to full system takeover.
CVE-2026-56351 SQL Injection in n8n (CVE-2026-56351)
SQL injection in n8n (CVE-2026-56351). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.4.0` or later.
CVE-2025-14343 Cross-Site Scripting (XSS) in CVE-2025-14343 (CVE-2025-14343)
cross-site scripting in CVE-2025-14343 (CVE-2025-14343). Risk of unauthorized operations or information disclosure.
CVE-2026-1695 Cross-Site Scripting (XSS) in arcinfo (CVE-2026-1695)
cross-site scripting in arcinfo (CVE-2026-1695). Risk of unauthorized operations or information disclosure.
CVE-2026-27970 Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
cross-site scripting in angular (CVE-2026-27970). Risk of unauthorized operations or information disclosure.
CVE-2026-27830 Code Injection in deserialization (CVE-2026-27830)
code injection in deserialization (CVE-2026-27830). Successful exploitation can lead to full system takeover. Exploitable via ``javax.naming.Reference``.
CVE-2026-27148 Vulnerability in storybook (CVE-2026-27148)
vulnerability in storybook (CVE-2026-27148). Successful exploitation can lead to full system takeover.
CVE-2026-56368 Vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-56368)
vulnerability in Magick.NET-Q16-AnyCPU (CVE-2026-56368). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `14.10.3` or later.
CVE-2026-2624 Vulnerability in epati (CVE-2026-2624)
vulnerability in epati (CVE-2026-2624). Successful exploitation can lead to full system takeover.
CVE-2026-27609 Cross-Site Request Forgery (CSRF) in csrf (CVE-2026-27609)
vulnerability in csrf (CVE-2026-27609). Data can be tampered with by attackers. Exploitable via `POST /apps/`.
CVE-2026-27595 Vulnerability in csrf (CVE-2026-27595)
vulnerability in csrf (CVE-2026-27595). Data can be tampered with by attackers. Exploitable via ``readOnlyMasterKey``.
CVE-2026-27606 Path Traversal in path-traversal (CVE-2026-27606)
path traversal in path-traversal (CVE-2026-27606). Successful exploitation can lead to full system takeover.
CVE-2026-26351 Cross-Site Scripting (XSS) in getsimple-ce (CVE-2026-26351)
cross-site scripting in getsimple-ce (CVE-2026-26351). Risk of unauthorized operations or information disclosure.
CVE-2025-63409 Vulnerability in privilege-escalation (CVE-2025-63409)
vulnerability in privilege-escalation (CVE-2025-63409). Successful exploitation can lead to full system takeover.
CVE-2026-2777 Privilege Escalation in privilege-escalation (CVE-2026-2777)
vulnerability in privilege-escalation (CVE-2026-2777). Successful exploitation can lead to full system takeover.
CVE-2026-1773 Vulnerability in dos (CVE-2026-1773)
vulnerability in dos (CVE-2026-1773). Risk of unauthorized operations or information disclosure.
CVE-2026-25965 Path Traversal in path-traversal (CVE-2026-25965)
path traversal in path-traversal (CVE-2026-25965). Confidential information can be exposed externally.
CVE-2025-14905 Vulnerability in c (CVE-2025-14905)
vulnerability in c (CVE-2025-14905). Successful exploitation can lead to full system takeover. Exploitable via ``schema_attr_enum_callback``.
CVE-2026-25747 Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
CVE-2026-2492 Vulnerability in privilege-escalation (CVE-2026-2492)
vulnerability in privilege-escalation (CVE-2026-2492). Successful exploitation can lead to full system takeover.
CVE-2026-2044 Vulnerability in gimp (CVE-2026-2044)
vulnerability in gimp (CVE-2026-2044). Successful exploitation can lead to full system takeover.
CVE-2026-2048 Out-of-Bounds Write in gimp (CVE-2026-2048)
out-of-bounds write in gimp (CVE-2026-2048). Successful exploitation can lead to full system takeover.
CVE-2026-2047 Vulnerability in gimp (CVE-2026-2047)
vulnerability in gimp (CVE-2026-2047). Successful exploitation can lead to full system takeover.
CVE-2026-2045 Out-of-Bounds Write in gimp (CVE-2026-2045)
out-of-bounds write in gimp (CVE-2026-2045). Successful exploitation can lead to full system takeover.
CVE-2026-0797 Vulnerability in gimp (CVE-2026-0797)
vulnerability in gimp (CVE-2026-0797). Successful exploitation can lead to full system takeover.
CVE-2026-2635 Vulnerability in CVE-2026-2635 (CVE-2026-2635)
vulnerability in CVE-2026-2635 (CVE-2026-2635). Risk of unauthorized operations or information disclosure.
CVE-2026-2033 Path Traversal in path-traversal (CVE-2026-2033)
path traversal in path-traversal (CVE-2026-2033). Risk of unauthorized operations or information disclosure.
CVE-2019-25434 SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can...
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to tr...
CVE-2026-25896 Vulnerability in c (CVE-2026-25896)
vulnerability in c (CVE-2026-25896). Data can be tampered with by attackers. Mitigation: upgrade to `5.3.5` or later.
CVE-2026-2472 Cross-Site Scripting (XSS) in CVE-2026-2472 (CVE-2026-2472)
cross-site scripting in CVE-2026-2472 (CVE-2026-2472). Confidential information can be exposed externally.
CVE-2026-2818 Vulnerability in path-traversal (CVE-2026-2818)
vulnerability in path-traversal (CVE-2026-2818). Data can be tampered with by attackers.
CVE-2025-10970 SQL Injection in sqli (CVE-2025-10970)
SQL injection in sqli (CVE-2025-10970). Successful exploitation can lead to full system takeover.
CVE-2026-26200 Vulnerability in hdfgroup (CVE-2026-26200)
vulnerability in hdfgroup (CVE-2026-26200). Successful exploitation can lead to full system takeover.
CVE-2026-25535 Vulnerability in dos (CVE-2026-25535)
vulnerability in dos (CVE-2026-25535). Risk of unauthorized operations or information disclosure. Exploitable via ``addImage``.
CVE-2025-9953 Vulnerability in sqli (CVE-2025-9953)
vulnerability in sqli (CVE-2025-9953). Successful exploitation can lead to full system takeover.
CVE-2025-8350 Vulnerability in CVE-2025-8350 (CVE-2025-8350)
vulnerability in CVE-2025-8350 (CVE-2025-8350). Successful exploitation can lead to full system takeover.
CVE-2025-13590 Unrestricted File Upload in wso2 (CVE-2025-13590)
vulnerability in wso2 (CVE-2025-13590). Successful exploitation can lead to full system takeover.
CVE-2026-0974 Vulnerability in wordpress (CVE-2026-0974)
vulnerability in wordpress (CVE-2026-0974). Successful exploitation can lead to full system takeover.
CVE-2025-14009 Code Injection in nltk (CVE-2025-14009)
code injection in nltk (CVE-2025-14009). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.3` or later.
CVE-2026-23230 In the Linux kernel, the following vulnerability has been resolved: smb: client: split...
In the Linux kernel, the following vulnerability has been resolved: smb: client: split...
CVE-2025-8308 Cross-Site Scripting (XSS) in CVE-2025-8308 (CVE-2025-8308)
cross-site scripting in CVE-2025-8308 (CVE-2025-8308). Risk of unauthorized operations or information disclosure.
CVE-2025-70397 SQL Injection in sqli (CVE-2025-70397)
SQL injection in sqli (CVE-2025-70397). Successful exploitation can lead to full system takeover.
CVE-2026-22208 Vulnerability in CVE-2026-22208 (CVE-2026-22208)
vulnerability in CVE-2026-22208 (CVE-2026-22208). Successful exploitation can lead to full system takeover.
CVE-2025-7631 SQL Injection in c (CVE-2025-7631)
SQL injection in c (CVE-2025-7631). Risk of unauthorized operations or information disclosure.
CVE-2025-8303 Cross-Site Scripting (XSS) in CVE-2025-8303 (CVE-2025-8303)
cross-site scripting in CVE-2025-8303 (CVE-2025-8303). Risk of unauthorized operations or information disclosure.
CVE-2026-23111 Use-After-Free in privilege-escalation (CVE-2026-23111)
vulnerability in privilege-escalation (CVE-2026-23111). Successful exploitation can lead to full system takeover.
CVE-2025-14349 Vulnerability in privilege-escalation (CVE-2025-14349)
vulnerability in privilege-escalation (CVE-2025-14349). Successful exploitation can lead to full system takeover.
CVE-2026-1618 Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc....
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc....

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →