Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: attack-types Clear
ID Title
CVE-2026-0535 Cross-Site Scripting (XSS) in autodesk (CVE-2026-0535)
cross-site scripting in autodesk (CVE-2026-0535). Confidential information can be exposed externally.
CVE-2026-0534 Cross-Site Scripting (XSS) in autodesk (CVE-2026-0534)
cross-site scripting in autodesk (CVE-2026-0534). Confidential information can be exposed externally.
CVE-2026-0533 Cross-Site Scripting (XSS) in autodesk (CVE-2026-0533)
cross-site scripting in autodesk (CVE-2026-0533). Confidential information can be exposed externally.
CVE-2025-68900 Cross-Site Scripting (XSS) in CVE-2025-68900 (CVE-2025-68900)
cross-site scripting in CVE-2025-68900 (CVE-2025-68900). Risk of unauthorized operations or information disclosure.
CVE-2025-56589 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-56589)
SSRF in ssrf (CVE-2025-56589). Confidential information can be exposed externally.
CVE-2025-69612 Path Traversal in path-traversal (CVE-2025-69612)
path traversal in path-traversal (CVE-2025-69612). Confidential information can be exposed externally.
CVE-2025-4764 SQL Injection in sqli (CVE-2025-4764)
SQL injection in sqli (CVE-2025-4764). Successful exploitation can lead to full system takeover.
CVE-2025-4763 Cross-Site Scripting (XSS) in aida (CVE-2025-4763)
cross-site scripting in aida (CVE-2025-4763). Risk of unauthorized operations or information disclosure.
CVE-2026-24049 Path Traversal in privilege-escalation (CVE-2026-24049)
path traversal in privilege-escalation (CVE-2026-24049). Data can be tampered with by attackers.
CVE-2025-71176 Vulnerability in dos (CVE-2025-71176)
vulnerability in dos (CVE-2025-71176). Risk of unauthorized operations or information disclosure.
CVE-2026-24046 Path Traversal in path-traversal (CVE-2026-24046)
path traversal in path-traversal (CVE-2026-24046). Confidential information can be exposed externally.
CVE-2026-23960 Cross-Site Scripting (XSS) in argoproj (CVE-2026-23960)
cross-site scripting in argoproj (CVE-2026-23960). Risk of unauthorized operations or information disclosure.
CVE-2021-47870 Cross-Site Scripting (XSS) in get-simple (CVE-2021-47870)
cross-site scripting in get-simple (CVE-2021-47870). Risk of unauthorized operations or information disclosure.
CVE-2021-47817 Cross-Site Scripting (XSS) in open-emr (CVE-2021-47817)
cross-site scripting in open-emr (CVE-2021-47817). Risk of unauthorized operations or information disclosure.
CVE-2026-23956 Vulnerability in seroval (CVE-2026-23956)
vulnerability in seroval (CVE-2026-23956). Risk of unauthorized operations or information disclosure. Exploitable via ``Seroval``. Mitigation: upgrade to `1.4.1` or later.
CVE-2025-59465 Vulnerability in dos (CVE-2025-59465)
vulnerability in dos (CVE-2025-59465). Risk of unauthorized operations or information disclosure. Exploitable via ``HPACK``.
CVE-2025-56005 Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
CVE-2026-23883 Use-After-Free in dos (CVE-2026-23883)
vulnerability in dos (CVE-2026-23883). Successful exploitation can lead to full system takeover. Exploitable via ``xf_Pointer_New``.
CVE-2026-23884 Use-After-Free in dos (CVE-2026-23884)
vulnerability in dos (CVE-2026-23884). Successful exploitation can lead to full system takeover.
CVE-2026-23533 Vulnerability in dos (CVE-2026-23533)
vulnerability in dos (CVE-2026-23533). Successful exploitation can lead to full system takeover.
CVE-2026-23534 Vulnerability in dos (CVE-2026-23534)
vulnerability in dos (CVE-2026-23534). Successful exploitation can lead to full system takeover.
CVE-2026-23532 Vulnerability in dos (CVE-2026-23532)
vulnerability in dos (CVE-2026-23532). Successful exploitation can lead to full system takeover. Exploitable via ``gdi_SurfaceToSurface``.
CVE-2026-23530 Vulnerability in dos (CVE-2026-23530)
vulnerability in dos (CVE-2026-23530). Successful exploitation can lead to full system takeover. Exploitable via ``freerdp_bitmap_decompress_planar``.
CVE-2026-23531 Vulnerability in dos (CVE-2026-23531)
vulnerability in dos (CVE-2026-23531). Successful exploitation can lead to full system takeover. Exploitable via ``glyphData``.
CVE-2025-68616 Open Redirect in weasyprint (CVE-2025-68616)
vulnerability in weasyprint (CVE-2025-68616). Confidential information can be exposed externally. Exploitable via ``default_url_fetcher``. Mitigation: upgrade to `68.0` or later.
CVE-2021-47839 Cross-Site Scripting (XSS) in CVE-2021-47839 (CVE-2021-47839)
cross-site scripting in CVE-2021-47839 (CVE-2021-47839). Risk of unauthorized operations or information disclosure.
CVE-2021-47836 Cross-Site Scripting (XSS) in CVE-2021-47836 (CVE-2021-47836)
cross-site scripting in CVE-2021-47836 (CVE-2021-47836). Risk of unauthorized operations or information disclosure.
CVE-2021-47814 Vulnerability in dos (CVE-2021-47814)
vulnerability in dos (CVE-2021-47814). Risk of unauthorized operations or information disclosure.
CVE-2026-22774 Vulnerability in dos (CVE-2026-22774)
vulnerability in dos (CVE-2026-22774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
CVE-2026-22775 Vulnerability in dos (CVE-2026-22775)
vulnerability in dos (CVE-2026-22775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
CVE-2025-67246 Privilege Escalation in privilege-escalation (CVE-2025-67246)
vulnerability in privilege-escalation (CVE-2025-67246). Confidential information can be exposed externally.
CVE-2026-0990 Vulnerability in dos (CVE-2026-0990)
vulnerability in dos (CVE-2026-0990). Risk of unauthorized operations or information disclosure.
CVE-2026-0897 Vulnerability in keras (CVE-2026-0897)
vulnerability in keras (CVE-2026-0897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.1` or later.
CVE-2025-14242 Vulnerability in dos (CVE-2025-14242)
vulnerability in dos (CVE-2025-14242). Risk of unauthorized operations or information disclosure.
CVE-2025-15514 Vulnerability in dos (CVE-2025-15514)
vulnerability in dos (CVE-2025-15514). Risk of unauthorized operations or information disclosure.
CVE-2026-22610 Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
CVE-2026-21884 Cross-Site Scripting (XSS) in react (CVE-2026-21884)
cross-site scripting in react (CVE-2026-21884). Confidential information can be exposed externally.
CVE-2025-59057 Cross-Site Scripting (XSS) in react (CVE-2025-59057)
cross-site scripting in react (CVE-2025-59057). Confidential information can be exposed externally.
CVE-2025-9222 Cross-Site Scripting (XSS) in gitlab (CVE-2025-9222)
cross-site scripting in gitlab (CVE-2025-9222). Confidential information can be exposed externally.
CVE-2025-65518 Vulnerability in dos (CVE-2025-65518)
vulnerability in dos (CVE-2025-65518). Risk of unauthorized operations or information disclosure.
CVE-2025-50334 Vulnerability in dos (CVE-2025-50334)
vulnerability in dos (CVE-2025-50334). Risk of unauthorized operations or information disclosure.
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
CVE-2025-69264 Vulnerability in pnpm (CVE-2025-69264)
vulnerability in pnpm (CVE-2025-69264). Successful exploitation can lead to full system takeover.
CVE-2025-69263 pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
CVE-2026-22188 Vulnerability in dos (CVE-2026-22188)
vulnerability in dos (CVE-2026-22188). Risk of unauthorized operations or information disclosure.
CVE-2025-60534 Authentication Bypass in blueaccesstech (CVE-2025-60534)
authentication bypass in blueaccesstech (CVE-2025-60534). Successful exploitation can lead to full system takeover.
CVE-2026-0625 Vulnerability in CVE-2026-0625 (CVE-2026-0625)
vulnerability in CVE-2026-0625 (CVE-2026-0625). Risk of unauthorized operations or information disclosure.
CVE-2025-69223 Vulnerability in dos (CVE-2025-69223)
vulnerability in dos (CVE-2025-69223). Risk of unauthorized operations or information disclosure.
CVE-2025-68428 Vulnerability in path-traversal (CVE-2025-68428)
vulnerability in path-traversal (CVE-2025-68428). Confidential information can be exposed externally. Exploitable via ``addImage``.
CVE-2025-63396 Vulnerability in pytorch (CVE-2025-63396)
vulnerability in pytorch (CVE-2025-63396). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.1, 2.8.0` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →