Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-56422 |
|
Unsafe Deserialization in deserialization (CVE-2025-56422)
vulnerability in deserialization (CVE-2025-56422). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2743 |
|
Path Traversal in path-traversal (CVE-2026-2743)
path traversal in path-traversal (CVE-2026-2743). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11252 |
|
SQL Injection in sqli (CVE-2025-11252)
SQL injection in sqli (CVE-2025-11252). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11251 |
|
SQL Injection in sqli (CVE-2025-11251)
SQL injection in sqli (CVE-2025-11251). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27148 |
|
Vulnerability in storybook (CVE-2026-27148)
vulnerability in storybook (CVE-2026-27148). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2624 |
|
Vulnerability in epati (CVE-2026-2624)
vulnerability in epati (CVE-2026-2624). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27606 |
|
Path Traversal in path-traversal (CVE-2026-27606)
path traversal in path-traversal (CVE-2026-27606). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2777 |
|
Privilege Escalation in privilege-escalation (CVE-2026-2777)
vulnerability in privilege-escalation (CVE-2026-2777). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25896 |
|
Vulnerability in c (CVE-2026-25896)
vulnerability in c (CVE-2026-25896). Data can be tampered with by attackers. Mitigation: upgrade to `5.3.5` or later.
|
| CVE-2025-10970 |
|
SQL Injection in sqli (CVE-2025-10970)
SQL injection in sqli (CVE-2025-10970). Successful exploitation can lead to full system takeover.
|
| CVE-2025-9953 |
|
Vulnerability in sqli (CVE-2025-9953)
vulnerability in sqli (CVE-2025-9953). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8350 |
|
Vulnerability in CVE-2025-8350 (CVE-2025-8350)
vulnerability in CVE-2025-8350 (CVE-2025-8350). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13590 |
|
Unrestricted File Upload in wso2 (CVE-2025-13590)
vulnerability in wso2 (CVE-2025-13590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22208 |
|
Vulnerability in CVE-2026-22208 (CVE-2026-22208)
vulnerability in CVE-2026-22208 (CVE-2026-22208). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10969 |
|
SQL Injection in sqli (CVE-2025-10969)
SQL injection in sqli (CVE-2025-10969). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8668 |
|
Cross-Site Scripting (XSS) in CVE-2025-8668 (CVE-2025-8668)
cross-site scripting in CVE-2025-8668 (CVE-2025-8668). Data can be tampered with by attackers.
|
| CVE-2025-11242 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)
SSRF in ssrf (CVE-2025-11242). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6830 |
|
SQL Injection in sqli (CVE-2025-6830)
SQL injection in sqli (CVE-2025-6830). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1615 |
|
Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1709 |
|
Vulnerability in keylime (CVE-2026-1709)
vulnerability in keylime (CVE-2026-1709). Data can be tampered with by attackers. Mitigation: upgrade to `7.12.0` or later.
|
| CVE-2025-5329 |
|
SQL Injection in sqli (CVE-2025-5329)
SQL injection in sqli (CVE-2025-5329). Successful exploitation can lead to full system takeover.
|
| CVE-2025-5319 |
|
SQL Injection in sqli (CVE-2025-5319)
SQL injection in sqli (CVE-2025-5319). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22778 |
|
Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2020-37002 |
|
OS Command Injection in CVE-2020-37002 (CVE-2020-37002)
OS command injection in CVE-2020-37002 (CVE-2020-37002). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24858 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2026-24858)
vulnerability in Fortinet multiple-products (CVE-2026-24858). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-52025 |
|
SQL Injection in sqli (CVE-2025-52025)
SQL injection in sqli (CVE-2025-52025). Confidential information can be exposed externally.
|
| CVE-2025-4320 |
|
Vulnerability in CVE-2025-4320 (CVE-2025-4320)
vulnerability in CVE-2025-4320 (CVE-2025-4320). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56005 |
|
Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
|
| CVE-2026-23883 |
|
Use-After-Free in dos (CVE-2026-23883)
vulnerability in dos (CVE-2026-23883). Successful exploitation can lead to full system takeover. Exploitable via ``xf_Pointer_New``.
|
| CVE-2026-23884 |
|
Use-After-Free in dos (CVE-2026-23884)
vulnerability in dos (CVE-2026-23884). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23533 |
|
Vulnerability in dos (CVE-2026-23533)
vulnerability in dos (CVE-2026-23533). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23534 |
|
Vulnerability in dos (CVE-2026-23534)
vulnerability in dos (CVE-2026-23534). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23532 |
|
Vulnerability in dos (CVE-2026-23532)
vulnerability in dos (CVE-2026-23532). Successful exploitation can lead to full system takeover. Exploitable via ``gdi_SurfaceToSurface``.
|
| CVE-2026-23530 |
|
Vulnerability in dos (CVE-2026-23530)
vulnerability in dos (CVE-2026-23530). Successful exploitation can lead to full system takeover. Exploitable via ``freerdp_bitmap_decompress_planar``.
|
| CVE-2026-23531 |
|
Vulnerability in dos (CVE-2026-23531)
vulnerability in dos (CVE-2026-23531). Successful exploitation can lead to full system takeover. Exploitable via ``glyphData``.
|
| CVE-2025-60534 |
|
Authentication Bypass in blueaccesstech (CVE-2025-60534)
authentication bypass in blueaccesstech (CVE-2025-60534). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67268 |
|
Vulnerability in c (CVE-2025-67268)
vulnerability in c (CVE-2025-67268). Successful exploitation can lead to full system takeover.
|
| CVE-2025-12504 |
|
SQL Injection in sqli (CVE-2025-12504)
SQL injection in sqli (CVE-2025-12504). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11022 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-11022)
vulnerability in csrf (CVE-2025-11022). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64054 |
|
Cross-Site Scripting (XSS) in dos (CVE-2025-64054)
cross-site scripting in dos (CVE-2025-64054). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64055 |
|
Authentication Bypass in fanvil (CVE-2025-64055)
authentication bypass in fanvil (CVE-2025-64055). Successful exploitation can lead to full system takeover.
|
| CVE-2025-51683 |
|
SQL Injection in sqli (CVE-2025-51683)
SQL injection in sqli (CVE-2025-51683). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10437 |
|
SQL Injection in sqli (CVE-2025-10437)
SQL injection in sqli (CVE-2025-10437). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56385 |
|
SQL Injection in sqli (CVE-2025-56385)
SQL injection in sqli (CVE-2025-56385). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6520 |
|
SQL Injection in sqli (CVE-2025-6520)
SQL injection in sqli (CVE-2025-6520). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11253 |
|
SQL Injection in sqli (CVE-2025-11253)
SQL injection in sqli (CVE-2025-11253). Successful exploitation can lead to full system takeover.
|
| CVE-2025-54236 KEV |
|
[KEV] Vulnerability in Adobe commerce (CVE-2025-54236)
vulnerability in Adobe commerce (CVE-2025-54236). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2025-56447 |
|
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
|
| CVE-2025-57567 |
|
Code Injection in CVE-2025-57567 (CVE-2025-57567)
code injection in CVE-2025-57567 (CVE-2025-57567). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10610 |
|
SQL Injection in sqli (CVE-2025-10610)
SQL injection in sqli (CVE-2025-10610). Successful exploitation can lead to full system takeover.
|