Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-25949 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-25949)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-25949). Risk of unauthorized operations or information disclosure. Exploitable via ``respondingTimeouts.readTimeout``. Mitigation: upgrade to `3.6.8` or later.
|
| CVE-2025-13002 |
|
Cross-Site Scripting (XSS) in farktor (CVE-2025-13002)
cross-site scripting in farktor (CVE-2025-13002). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2007 |
|
Vulnerability in privilege-escalation (CVE-2026-2007)
vulnerability in privilege-escalation (CVE-2026-2007). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10969 |
|
SQL Injection in sqli (CVE-2025-10969)
SQL injection in sqli (CVE-2025-10969). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26158 |
|
Vulnerability in privilege-escalation (CVE-2026-26158)
vulnerability in privilege-escalation (CVE-2026-26158). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37208 |
|
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste i...
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.
|
| CVE-2020-37209 |
|
Vulnerability in dos (CVE-2020-37209)
vulnerability in dos (CVE-2020-37209). Confidential information can be exposed externally.
|
| CVE-2020-37210 |
|
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste i...
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
|
| CVE-2020-37211 |
|
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character...
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
|
| CVE-2020-37212 |
|
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste...
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
|
| CVE-2020-37204 |
|
Vulnerability in dos (CVE-2020-37204)
vulnerability in dos (CVE-2020-37204). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37205 |
|
Vulnerability in dos (CVE-2020-37205)
vulnerability in dos (CVE-2020-37205). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37206 |
|
Vulnerability in dos (CVE-2020-37206)
vulnerability in dos (CVE-2020-37206). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37207 |
|
Vulnerability in dos (CVE-2020-37207)
vulnerability in dos (CVE-2020-37207). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37196 |
|
Vulnerability in dos (CVE-2020-37196)
vulnerability in dos (CVE-2020-37196). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37197 |
|
Vulnerability in dos (CVE-2020-37197)
vulnerability in dos (CVE-2020-37197). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37199 |
|
Vulnerability in dos (CVE-2020-37199)
vulnerability in dos (CVE-2020-37199). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69873 |
|
Vulnerability in dos (CVE-2025-69873)
vulnerability in dos (CVE-2025-69873). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65480 |
|
OS Command Injection in CVE-2025-65480 (CVE-2025-65480)
OS command injection in CVE-2025-65480 (CVE-2025-65480). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8668 |
|
Cross-Site Scripting (XSS) in CVE-2025-8668 (CVE-2025-8668)
cross-site scripting in CVE-2025-8668 (CVE-2025-8668). Data can be tampered with by attackers.
|
| CVE-2025-66274 |
|
Vulnerability in dos (CVE-2025-66274)
vulnerability in dos (CVE-2025-66274). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10913 |
|
Cross-Site Scripting (XSS) in CVE-2025-10913 (CVE-2025-10913)
cross-site scripting in CVE-2025-10913 (CVE-2025-10913). Data can be tampered with by attackers.
|
| CVE-2025-6967 |
|
Vulnerability in CVE-2025-6967 (CVE-2025-6967)
vulnerability in CVE-2025-6967 (CVE-2025-6967). Confidential information can be exposed externally.
|
| CVE-2025-7636 |
|
SQL Injection in sqli (CVE-2025-7636)
SQL injection in sqli (CVE-2025-7636). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11242 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)
SSRF in ssrf (CVE-2025-11242). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25639 |
|
Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
|
| CVE-2025-14831 |
|
Vulnerability in dos (CVE-2025-14831)
vulnerability in dos (CVE-2025-14831). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-6830 |
|
SQL Injection in sqli (CVE-2025-6830)
SQL injection in sqli (CVE-2025-6830). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7799 |
|
Cross-Site Scripting (XSS) in CVE-2025-7799 (CVE-2025-7799)
cross-site scripting in CVE-2025-7799 (CVE-2025-7799). Data can be tampered with by attackers.
|
| CVE-2026-1615 |
|
Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25580 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25580)
SSRF in ssrf (CVE-2026-25580). Confidential information can be exposed externally. Mitigation: upgrade to `1.56.0` or later.
|
| CVE-2026-25640 |
|
Path Traversal in path-traversal (CVE-2026-25640)
path traversal in path-traversal (CVE-2026-25640). Confidential information can be exposed externally. Mitigation: upgrade to `1.51.0` or later.
|
| CVE-2026-1709 |
|
Vulnerability in keylime (CVE-2026-1709)
vulnerability in keylime (CVE-2026-1709). Data can be tampered with by attackers. Mitigation: upgrade to `7.12.0` or later.
|
| CVE-2026-25727 |
|
Vulnerability in dos (CVE-2026-25727)
vulnerability in dos (CVE-2026-25727). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69619 |
|
Path Traversal in path-traversal (CVE-2025-69619)
path traversal in path-traversal (CVE-2025-69619). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37131 |
|
Vulnerability in dos (CVE-2020-37131)
vulnerability in dos (CVE-2020-37131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1312 |
|
SQL Injection in django (CVE-2026-1312)
SQL injection in django (CVE-2026-1312). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-1287 |
|
SQL Injection in django (CVE-2026-1287)
SQL injection in django (CVE-2026-1287). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-20111 |
|
Vulnerability in cisco (CVE-2026-20111)
vulnerability in cisco (CVE-2026-20111). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70545 |
|
Cross-Site Scripting (XSS) in belden (CVE-2025-70545)
cross-site scripting in belden (CVE-2025-70545). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5329 |
|
SQL Injection in sqli (CVE-2025-5329)
SQL injection in sqli (CVE-2025-5329). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1819 |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
|
| CVE-2025-69620 |
|
Path Traversal in path-traversal (CVE-2025-69620)
path traversal in path-traversal (CVE-2025-69620). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5319 |
|
SQL Injection in sqli (CVE-2025-5319)
SQL injection in sqli (CVE-2025-5319). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6397 |
|
Cross-Site Scripting (XSS) in CVE-2025-6397 (CVE-2025-6397)
cross-site scripting in CVE-2025-6397 (CVE-2025-6397). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7760 |
|
Cross-Site Scripting (XSS) in CVE-2025-7760 (CVE-2025-7760)
cross-site scripting in CVE-2025-7760 (CVE-2025-7760). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8456 |
|
Cross-Site Scripting (XSS) in CVE-2025-8456 (CVE-2025-8456)
cross-site scripting in CVE-2025-8456 (CVE-2025-8456). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8461 |
|
Cross-Site Scripting (XSS) in CVE-2025-8461 (CVE-2025-8461)
cross-site scripting in CVE-2025-8461 (CVE-2025-8461). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8589 |
|
Cross-Site Scripting (XSS) in CVE-2025-8589 (CVE-2025-8589)
cross-site scripting in CVE-2025-8589 (CVE-2025-8589). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22778 |
|
Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|