Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-25949 Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-25949)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-25949). Risk of unauthorized operations or information disclosure. Exploitable via ``respondingTimeouts.readTimeout``. Mitigation: upgrade to `3.6.8` or later.
CVE-2025-13002 Cross-Site Scripting (XSS) in farktor (CVE-2025-13002)
cross-site scripting in farktor (CVE-2025-13002). Risk of unauthorized operations or information disclosure.
CVE-2026-2007 Vulnerability in privilege-escalation (CVE-2026-2007)
vulnerability in privilege-escalation (CVE-2026-2007). Risk of unauthorized operations or information disclosure.
CVE-2025-10969 SQL Injection in sqli (CVE-2025-10969)
SQL injection in sqli (CVE-2025-10969). Successful exploitation can lead to full system takeover.
CVE-2026-26158 Vulnerability in privilege-escalation (CVE-2026-26158)
vulnerability in privilege-escalation (CVE-2026-26158). Successful exploitation can lead to full system takeover.
CVE-2020-37208 SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste i...
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.
CVE-2020-37209 Vulnerability in dos (CVE-2020-37209)
vulnerability in dos (CVE-2020-37209). Confidential information can be exposed externally.
CVE-2020-37210 SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste i...
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
CVE-2020-37211 SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character...
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37212 SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste...
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVE-2020-37204 Vulnerability in dos (CVE-2020-37204)
vulnerability in dos (CVE-2020-37204). Risk of unauthorized operations or information disclosure.
CVE-2020-37205 Vulnerability in dos (CVE-2020-37205)
vulnerability in dos (CVE-2020-37205). Risk of unauthorized operations or information disclosure.
CVE-2020-37206 Vulnerability in dos (CVE-2020-37206)
vulnerability in dos (CVE-2020-37206). Risk of unauthorized operations or information disclosure.
CVE-2020-37207 Vulnerability in dos (CVE-2020-37207)
vulnerability in dos (CVE-2020-37207). Risk of unauthorized operations or information disclosure.
CVE-2020-37196 Vulnerability in dos (CVE-2020-37196)
vulnerability in dos (CVE-2020-37196). Risk of unauthorized operations or information disclosure.
CVE-2020-37197 Vulnerability in dos (CVE-2020-37197)
vulnerability in dos (CVE-2020-37197). Risk of unauthorized operations or information disclosure.
CVE-2020-37199 Vulnerability in dos (CVE-2020-37199)
vulnerability in dos (CVE-2020-37199). Risk of unauthorized operations or information disclosure.
CVE-2025-69873 Vulnerability in dos (CVE-2025-69873)
vulnerability in dos (CVE-2025-69873). Risk of unauthorized operations or information disclosure.
CVE-2025-65480 OS Command Injection in CVE-2025-65480 (CVE-2025-65480)
OS command injection in CVE-2025-65480 (CVE-2025-65480). Successful exploitation can lead to full system takeover.
CVE-2025-8668 Cross-Site Scripting (XSS) in CVE-2025-8668 (CVE-2025-8668)
cross-site scripting in CVE-2025-8668 (CVE-2025-8668). Data can be tampered with by attackers.
CVE-2025-66274 Vulnerability in dos (CVE-2025-66274)
vulnerability in dos (CVE-2025-66274). Risk of unauthorized operations or information disclosure.
CVE-2025-10913 Cross-Site Scripting (XSS) in CVE-2025-10913 (CVE-2025-10913)
cross-site scripting in CVE-2025-10913 (CVE-2025-10913). Data can be tampered with by attackers.
CVE-2025-6967 Vulnerability in CVE-2025-6967 (CVE-2025-6967)
vulnerability in CVE-2025-6967 (CVE-2025-6967). Confidential information can be exposed externally.
CVE-2025-7636 SQL Injection in sqli (CVE-2025-7636)
SQL injection in sqli (CVE-2025-7636). Successful exploitation can lead to full system takeover.
CVE-2025-11242 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)
SSRF in ssrf (CVE-2025-11242). Successful exploitation can lead to full system takeover.
CVE-2026-25639 Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
CVE-2025-14831 Vulnerability in dos (CVE-2025-14831)
vulnerability in dos (CVE-2025-14831). Risk of unauthorized operations or information disclosure.
CVE-2025-6830 SQL Injection in sqli (CVE-2025-6830)
SQL injection in sqli (CVE-2025-6830). Successful exploitation can lead to full system takeover.
CVE-2025-7799 Cross-Site Scripting (XSS) in CVE-2025-7799 (CVE-2025-7799)
cross-site scripting in CVE-2025-7799 (CVE-2025-7799). Data can be tampered with by attackers.
CVE-2026-1615 Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
CVE-2026-25580 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25580)
SSRF in ssrf (CVE-2026-25580). Confidential information can be exposed externally. Mitigation: upgrade to `1.56.0` or later.
CVE-2026-25640 Path Traversal in path-traversal (CVE-2026-25640)
path traversal in path-traversal (CVE-2026-25640). Confidential information can be exposed externally. Mitigation: upgrade to `1.51.0` or later.
CVE-2026-1709 Vulnerability in keylime (CVE-2026-1709)
vulnerability in keylime (CVE-2026-1709). Data can be tampered with by attackers. Mitigation: upgrade to `7.12.0` or later.
CVE-2026-25727 Vulnerability in dos (CVE-2026-25727)
vulnerability in dos (CVE-2026-25727). Risk of unauthorized operations or information disclosure.
CVE-2025-69619 Path Traversal in path-traversal (CVE-2025-69619)
path traversal in path-traversal (CVE-2025-69619). Risk of unauthorized operations or information disclosure.
CVE-2020-37131 Vulnerability in dos (CVE-2020-37131)
vulnerability in dos (CVE-2020-37131). Risk of unauthorized operations or information disclosure.
CVE-2026-1312 SQL Injection in django (CVE-2026-1312)
SQL injection in django (CVE-2026-1312). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2026-1287 SQL Injection in django (CVE-2026-1287)
SQL injection in django (CVE-2026-1287). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
CVE-2026-20111 Vulnerability in cisco (CVE-2026-20111)
vulnerability in cisco (CVE-2026-20111). Risk of unauthorized operations or information disclosure.
CVE-2025-70545 Cross-Site Scripting (XSS) in belden (CVE-2025-70545)
cross-site scripting in belden (CVE-2025-70545). Risk of unauthorized operations or information disclosure.
CVE-2025-5329 SQL Injection in sqli (CVE-2025-5329)
SQL injection in sqli (CVE-2025-5329). Successful exploitation can lead to full system takeover.
CVE-2026-1819 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
CVE-2025-69620 Path Traversal in path-traversal (CVE-2025-69620)
path traversal in path-traversal (CVE-2025-69620). Risk of unauthorized operations or information disclosure.
CVE-2025-5319 SQL Injection in sqli (CVE-2025-5319)
SQL injection in sqli (CVE-2025-5319). Successful exploitation can lead to full system takeover.
CVE-2025-6397 Cross-Site Scripting (XSS) in CVE-2025-6397 (CVE-2025-6397)
cross-site scripting in CVE-2025-6397 (CVE-2025-6397). Risk of unauthorized operations or information disclosure.
CVE-2025-7760 Cross-Site Scripting (XSS) in CVE-2025-7760 (CVE-2025-7760)
cross-site scripting in CVE-2025-7760 (CVE-2025-7760). Risk of unauthorized operations or information disclosure.
CVE-2025-8456 Cross-Site Scripting (XSS) in CVE-2025-8456 (CVE-2025-8456)
cross-site scripting in CVE-2025-8456 (CVE-2025-8456). Risk of unauthorized operations or information disclosure.
CVE-2025-8461 Cross-Site Scripting (XSS) in CVE-2025-8461 (CVE-2025-8461)
cross-site scripting in CVE-2025-8461 (CVE-2025-8461). Risk of unauthorized operations or information disclosure.
CVE-2025-8589 Cross-Site Scripting (XSS) in CVE-2025-8589 (CVE-2025-8589)
cross-site scripting in CVE-2025-8589 (CVE-2025-8589). Risk of unauthorized operations or information disclosure.
CVE-2026-22778 Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →