Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-0535 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0535)
cross-site scripting in autodesk (CVE-2026-0535). Confidential information can be exposed externally.
|
| CVE-2026-0534 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0534)
cross-site scripting in autodesk (CVE-2026-0534). Confidential information can be exposed externally.
|
| CVE-2026-0533 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0533)
cross-site scripting in autodesk (CVE-2026-0533). Confidential information can be exposed externally.
|
| CVE-2025-68900 |
|
Cross-Site Scripting (XSS) in CVE-2025-68900 (CVE-2025-68900)
cross-site scripting in CVE-2025-68900 (CVE-2025-68900). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56589 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-56589)
SSRF in ssrf (CVE-2025-56589). Confidential information can be exposed externally.
|
| CVE-2025-69612 |
|
Path Traversal in path-traversal (CVE-2025-69612)
path traversal in path-traversal (CVE-2025-69612). Confidential information can be exposed externally.
|
| CVE-2025-4764 |
|
SQL Injection in sqli (CVE-2025-4764)
SQL injection in sqli (CVE-2025-4764). Successful exploitation can lead to full system takeover.
|
| CVE-2025-4763 |
|
Cross-Site Scripting (XSS) in aida (CVE-2025-4763)
cross-site scripting in aida (CVE-2025-4763). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24049 |
|
Path Traversal in privilege-escalation (CVE-2026-24049)
path traversal in privilege-escalation (CVE-2026-24049). Data can be tampered with by attackers.
|
| CVE-2025-71176 |
|
Vulnerability in dos (CVE-2025-71176)
vulnerability in dos (CVE-2025-71176). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24046 |
|
Path Traversal in path-traversal (CVE-2026-24046)
path traversal in path-traversal (CVE-2026-24046). Confidential information can be exposed externally.
|
| CVE-2026-23960 |
|
Cross-Site Scripting (XSS) in argoproj (CVE-2026-23960)
cross-site scripting in argoproj (CVE-2026-23960). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47870 |
|
Cross-Site Scripting (XSS) in get-simple (CVE-2021-47870)
cross-site scripting in get-simple (CVE-2021-47870). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47817 |
|
Cross-Site Scripting (XSS) in open-emr (CVE-2021-47817)
cross-site scripting in open-emr (CVE-2021-47817). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23956 |
|
Vulnerability in seroval (CVE-2026-23956)
vulnerability in seroval (CVE-2026-23956). Risk of unauthorized operations or information disclosure. Exploitable via ``Seroval``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2025-59465 |
|
Vulnerability in dos (CVE-2025-59465)
vulnerability in dos (CVE-2025-59465). Risk of unauthorized operations or information disclosure. Exploitable via ``HPACK``.
|
| CVE-2025-56005 |
|
Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
|
| CVE-2026-23883 |
|
Use-After-Free in dos (CVE-2026-23883)
vulnerability in dos (CVE-2026-23883). Successful exploitation can lead to full system takeover. Exploitable via ``xf_Pointer_New``.
|
| CVE-2026-23884 |
|
Use-After-Free in dos (CVE-2026-23884)
vulnerability in dos (CVE-2026-23884). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23533 |
|
Vulnerability in dos (CVE-2026-23533)
vulnerability in dos (CVE-2026-23533). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23534 |
|
Vulnerability in dos (CVE-2026-23534)
vulnerability in dos (CVE-2026-23534). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23532 |
|
Vulnerability in dos (CVE-2026-23532)
vulnerability in dos (CVE-2026-23532). Successful exploitation can lead to full system takeover. Exploitable via ``gdi_SurfaceToSurface``.
|
| CVE-2026-23530 |
|
Vulnerability in dos (CVE-2026-23530)
vulnerability in dos (CVE-2026-23530). Successful exploitation can lead to full system takeover. Exploitable via ``freerdp_bitmap_decompress_planar``.
|
| CVE-2026-23531 |
|
Vulnerability in dos (CVE-2026-23531)
vulnerability in dos (CVE-2026-23531). Successful exploitation can lead to full system takeover. Exploitable via ``glyphData``.
|
| CVE-2025-68616 |
|
Open Redirect in weasyprint (CVE-2025-68616)
vulnerability in weasyprint (CVE-2025-68616). Confidential information can be exposed externally. Exploitable via ``default_url_fetcher``. Mitigation: upgrade to `68.0` or later.
|
| CVE-2021-47839 |
|
Cross-Site Scripting (XSS) in CVE-2021-47839 (CVE-2021-47839)
cross-site scripting in CVE-2021-47839 (CVE-2021-47839). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47836 |
|
Cross-Site Scripting (XSS) in CVE-2021-47836 (CVE-2021-47836)
cross-site scripting in CVE-2021-47836 (CVE-2021-47836). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47814 |
|
Vulnerability in dos (CVE-2021-47814)
vulnerability in dos (CVE-2021-47814). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22774 |
|
Vulnerability in dos (CVE-2026-22774)
vulnerability in dos (CVE-2026-22774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2026-22775 |
|
Vulnerability in dos (CVE-2026-22775)
vulnerability in dos (CVE-2026-22775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2025-67246 |
|
Privilege Escalation in privilege-escalation (CVE-2025-67246)
vulnerability in privilege-escalation (CVE-2025-67246). Confidential information can be exposed externally.
|
| CVE-2026-0990 |
|
Vulnerability in dos (CVE-2026-0990)
vulnerability in dos (CVE-2026-0990). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0897 |
|
Vulnerability in keras (CVE-2026-0897)
vulnerability in keras (CVE-2026-0897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.1` or later.
|
| CVE-2025-14242 |
|
Vulnerability in dos (CVE-2025-14242)
vulnerability in dos (CVE-2025-14242). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15514 |
|
Vulnerability in dos (CVE-2025-15514)
vulnerability in dos (CVE-2025-15514). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22610 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
|
| CVE-2026-21884 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-21884)
cross-site scripting in react (CVE-2026-21884). Confidential information can be exposed externally.
|
| CVE-2025-59057 |
|
Cross-Site Scripting (XSS) in react (CVE-2025-59057)
cross-site scripting in react (CVE-2025-59057). Confidential information can be exposed externally.
|
| CVE-2025-9222 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2025-9222)
cross-site scripting in gitlab (CVE-2025-9222). Confidential information can be exposed externally.
|
| CVE-2025-65518 |
|
Vulnerability in dos (CVE-2025-65518)
vulnerability in dos (CVE-2025-65518). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-50334 |
|
Vulnerability in dos (CVE-2025-50334)
vulnerability in dos (CVE-2025-50334). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69262 |
|
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
|
| CVE-2025-69264 |
|
Vulnerability in pnpm (CVE-2025-69264)
vulnerability in pnpm (CVE-2025-69264). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69263 |
|
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
|
| CVE-2026-22188 |
|
Vulnerability in dos (CVE-2026-22188)
vulnerability in dos (CVE-2026-22188). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-60534 |
|
Authentication Bypass in blueaccesstech (CVE-2025-60534)
authentication bypass in blueaccesstech (CVE-2025-60534). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0625 |
|
Vulnerability in CVE-2026-0625 (CVE-2026-0625)
vulnerability in CVE-2026-0625 (CVE-2026-0625). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69223 |
|
Vulnerability in dos (CVE-2025-69223)
vulnerability in dos (CVE-2025-69223). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68428 |
|
Vulnerability in path-traversal (CVE-2025-68428)
vulnerability in path-traversal (CVE-2025-68428). Confidential information can be exposed externally. Exploitable via ``addImage``.
|
| CVE-2025-63396 |
|
Vulnerability in pytorch (CVE-2025-63396)
vulnerability in pytorch (CVE-2025-63396). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.1, 2.8.0` or later.
|