Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-25639 |
|
Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
|
| CVE-2025-10464 |
|
Vulnerability in CVE-2025-10464 (CVE-2025-10464)
vulnerability in CVE-2025-10464 (CVE-2025-10464). Confidential information can be exposed externally.
|
| CVE-2025-10465 |
|
Unrestricted File Upload in CVE-2025-10465 (CVE-2025-10465)
vulnerability in CVE-2025-10465 (CVE-2025-10465). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6830 |
|
SQL Injection in sqli (CVE-2025-6830)
SQL injection in sqli (CVE-2025-6830). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10463 |
|
Authentication Bypass in CVE-2025-10463 (CVE-2025-10463)
authentication bypass in CVE-2025-10463 (CVE-2025-10463). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7799 |
|
Cross-Site Scripting (XSS) in CVE-2025-7799 (CVE-2025-7799)
cross-site scripting in CVE-2025-7799 (CVE-2025-7799). Data can be tampered with by attackers.
|
| CVE-2026-1615 |
|
Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2141 |
|
Vulnerability in 5kcrm (CVE-2026-2141)
vulnerability in 5kcrm (CVE-2026-2141). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25565 |
|
Authorization Flaw in wekan-project (CVE-2026-25565)
vulnerability in wekan-project (CVE-2026-25565). Data can be tampered with by attackers.
|
| CVE-2026-25566 |
|
Authorization Flaw in wekan-project (CVE-2026-25566)
vulnerability in wekan-project (CVE-2026-25566). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25568 |
|
Authorization Flaw in wekan-project (CVE-2026-25568)
vulnerability in wekan-project (CVE-2026-25568). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25859 |
|
Authorization Flaw in wekan-project (CVE-2026-25859)
vulnerability in wekan-project (CVE-2026-25859). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25561 |
|
Authorization Flaw in wekan-project (CVE-2026-25561)
vulnerability in wekan-project (CVE-2026-25561). Data can be tampered with by attackers.
|
| CVE-2026-25562 |
|
Vulnerability in wekan-project (CVE-2026-25562)
vulnerability in wekan-project (CVE-2026-25562). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25749 |
|
Vulnerability in c (CVE-2026-25749)
vulnerability in c (CVE-2026-25749). Data can be tampered with by attackers.
|
| CVE-2026-25580 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25580)
SSRF in ssrf (CVE-2026-25580). Confidential information can be exposed externally. Mitigation: upgrade to `1.56.0` or later.
|
| CVE-2026-25640 |
|
Path Traversal in path-traversal (CVE-2026-25640)
path traversal in path-traversal (CVE-2026-25640). Confidential information can be exposed externally. Mitigation: upgrade to `1.51.0` or later.
|
| CVE-2026-25727 |
|
Vulnerability in dos (CVE-2026-25727)
vulnerability in dos (CVE-2026-25727). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25556 |
|
Vulnerability in artifex (CVE-2026-25556)
vulnerability in artifex (CVE-2026-25556). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69619 |
|
Path Traversal in path-traversal (CVE-2025-69619)
path traversal in path-traversal (CVE-2025-69619). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37131 |
|
Vulnerability in dos (CVE-2020-37131)
vulnerability in dos (CVE-2020-37131). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1312 |
|
SQL Injection in django (CVE-2026-1312)
SQL injection in django (CVE-2026-1312). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-1287 |
|
SQL Injection in django (CVE-2026-1287)
SQL injection in django (CVE-2026-1287). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-1207 |
|
SQL Injection in django (CVE-2026-1207)
SQL injection in django (CVE-2026-1207). Risk of unauthorized operations or information disclosure. Exploitable via ``RasterField``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2025-61732 |
|
Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
|
| CVE-2025-11953 KEV |
|
[KEV] OS Command Injection in React native community react-native-community (CVE-2025-11953)
OS command injection in React native community react-native-community (CVE-2025-11953). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24423 KEV |
|
[KEV] Vulnerability in Smartertools smartermail (CVE-2026-24423)
vulnerability in Smartertools smartermail (CVE-2026-24423). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-25521 |
|
Vulnerability in locutus (CVE-2026-25521)
vulnerability in locutus (CVE-2026-25521). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25536 |
|
Vulnerability in lfprojects (CVE-2026-25536)
vulnerability in lfprojects (CVE-2026-25536). Confidential information can be exposed externally.
|
| CVE-2026-23074 |
|
Use-After-Free in linux (CVE-2026-23074)
vulnerability in linux (CVE-2026-23074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23103 |
|
Vulnerability in linux (CVE-2026-23103)
vulnerability in linux (CVE-2026-23103). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23110 |
|
Vulnerability in linux (CVE-2026-23110)
vulnerability in linux (CVE-2026-23110). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23095 |
|
Vulnerability in c (CVE-2026-23095)
vulnerability in c (CVE-2026-23095). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23099 |
|
Out-of-Bounds Read in c (CVE-2026-23099)
vulnerability in c (CVE-2026-23099). Confidential information can be exposed externally.
|
| CVE-2026-23084 |
|
Vulnerability in linux (CVE-2026-23084)
vulnerability in linux (CVE-2026-23084). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23087 |
|
Vulnerability in linux (CVE-2026-23087)
vulnerability in linux (CVE-2026-23087). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20123 |
|
Open Redirect in cisco (CVE-2026-20123)
vulnerability in cisco (CVE-2026-20123). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20111 |
|
Vulnerability in cisco (CVE-2026-20111)
vulnerability in cisco (CVE-2026-20111). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0537 |
|
Out-of-Bounds Write in autodesk (CVE-2026-0537)
out-of-bounds write in autodesk (CVE-2026-0537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0538 |
|
Out-of-Bounds Write in autodesk (CVE-2026-0538)
out-of-bounds write in autodesk (CVE-2026-0538). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0661 |
|
Out-of-Bounds Write in autodesk (CVE-2026-0661)
out-of-bounds write in autodesk (CVE-2026-0661). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0660 |
|
Vulnerability in autodesk (CVE-2026-0660)
vulnerability in autodesk (CVE-2026-0660). Successful exploitation can lead to full system takeover.
|
| CVE-2025-70545 |
|
Cross-Site Scripting (XSS) in belden (CVE-2025-70545)
cross-site scripting in belden (CVE-2025-70545). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23060 |
|
Vulnerability in dos (CVE-2026-23060)
vulnerability in dos (CVE-2026-23060). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-5329 |
|
SQL Injection in sqli (CVE-2025-5329)
SQL injection in sqli (CVE-2025-5329). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69618 |
|
Path Traversal in cotoworld (CVE-2025-69618)
path traversal in cotoworld (CVE-2025-69618). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1819 |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
|
| CVE-2025-69621 |
|
Path Traversal in CVE-2025-69621 (CVE-2025-69621)
path traversal in CVE-2025-69621 (CVE-2025-69621). Confidential information can be exposed externally.
|
| CVE-2025-69620 |
|
Path Traversal in path-traversal (CVE-2025-69620)
path traversal in path-traversal (CVE-2025-69620). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37094 |
|
Vulnerability in espocrm (CVE-2020-37094)
vulnerability in espocrm (CVE-2020-37094). Confidential information can be exposed externally. Exploitable via `Authorization header`.
|