Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-1341 |
|
Vulnerability in CVE-2026-1341 (CVE-2026-1341)
vulnerability in CVE-2026-1341 (CVE-2026-1341). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25223 |
|
Vulnerability in fastify (CVE-2026-25223)
vulnerability in fastify (CVE-2026-25223). Data can be tampered with by attackers.
|
| CVE-2025-5319 |
|
SQL Injection in sqli (CVE-2025-5319)
SQL injection in sqli (CVE-2025-5319). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6397 |
|
Cross-Site Scripting (XSS) in CVE-2025-6397 (CVE-2025-6397)
cross-site scripting in CVE-2025-6397 (CVE-2025-6397). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7760 |
|
Cross-Site Scripting (XSS) in CVE-2025-7760 (CVE-2025-7760)
cross-site scripting in CVE-2025-7760 (CVE-2025-7760). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8456 |
|
Cross-Site Scripting (XSS) in CVE-2025-8456 (CVE-2025-8456)
cross-site scripting in CVE-2025-8456 (CVE-2025-8456). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8461 |
|
Cross-Site Scripting (XSS) in CVE-2025-8461 (CVE-2025-8461)
cross-site scripting in CVE-2025-8461 (CVE-2025-8461). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8589 |
|
Cross-Site Scripting (XSS) in CVE-2025-8589 (CVE-2025-8589)
cross-site scripting in CVE-2025-8589 (CVE-2025-8589). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8590 |
|
Information Disclosure in CVE-2025-8590 (CVE-2025-8590)
vulnerability in CVE-2025-8590 (CVE-2025-8590). Confidential information can be exposed externally.
|
| CVE-2026-22550 |
|
OS Command Injection in elecom (CVE-2026-22550)
OS command injection in elecom (CVE-2026-22550). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64328 KEV |
|
[KEV] OS Command Injection in Sangoma freepbx (CVE-2025-64328)
OS command injection in Sangoma freepbx (CVE-2025-64328). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-40551 KEV |
|
[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-40551)
vulnerability in Solarwinds web-help-desk (CVE-2025-40551). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-39935 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Gitlab community-and-enterprise-editions (CVE-2021-39935)
SSRF in Gitlab community-and-enterprise-editions (CVE-2021-39935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-19006 KEV |
|
[KEV] Authentication Bypass in Sangoma freepbx (CVE-2019-19006)
authentication bypass in Sangoma freepbx (CVE-2019-19006). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24737 |
|
Vulnerability in parall (CVE-2026-24737)
vulnerability in parall (CVE-2026-24737). Confidential information can be exposed externally.
|
| CVE-2026-22778 |
|
Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2026-24051 |
|
Vulnerability in opentelemetry (CVE-2026-24051)
vulnerability in opentelemetry (CVE-2026-24051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22226 |
|
OS Command Injection in tp-link (CVE-2026-22226)
OS command injection in tp-link (CVE-2026-22226). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1761 |
|
Vulnerability in CVE-2026-1761 (CVE-2026-1761)
vulnerability in CVE-2026-1761 (CVE-2026-1761). Data can be tampered with by attackers.
|
| CVE-2025-8587 |
|
SQL Injection in sqli (CVE-2025-8587)
SQL injection in sqli (CVE-2025-8587). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1530 |
|
Vulnerability in CVE-2026-1530 (CVE-2026-1530)
vulnerability in CVE-2026-1530 (CVE-2026-1530). Confidential information can be exposed externally.
|
| CVE-2026-1531 |
|
Vulnerability in CVE-2026-1531 (CVE-2026-1531)
vulnerability in CVE-2026-1531 (CVE-2026-1531). Confidential information can be exposed externally.
|
| CVE-2026-25069 |
|
Path Traversal in path-traversal (CVE-2026-25069)
path traversal in path-traversal (CVE-2026-25069). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23019 |
|
Vulnerability in linux (CVE-2026-23019)
vulnerability in linux (CVE-2026-23019). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23026 |
|
Vulnerability in linux (CVE-2026-23026)
vulnerability in linux (CVE-2026-23026). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71188 |
|
Vulnerability in linux (CVE-2025-71188)
vulnerability in linux (CVE-2025-71188). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71189 |
|
Vulnerability in linux (CVE-2025-71189)
vulnerability in linux (CVE-2025-71189). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71185 |
|
Vulnerability in linux (CVE-2025-71185)
vulnerability in linux (CVE-2025-71185). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71186 |
|
Vulnerability in linux (CVE-2025-71186)
vulnerability in linux (CVE-2025-71186). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25153 |
|
Code Injection in linuxfoundation (CVE-2026-25153)
code injection in linuxfoundation (CVE-2026-25153). Confidential information can be exposed externally. Exploitable via ``hooks``.
|
| CVE-2025-24293 |
|
Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
|
| CVE-2025-4686 |
|
SQL Injection in sqli (CVE-2025-4686)
SQL injection in sqli (CVE-2025-4686). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-4027 |
|
Vulnerability in dos (CVE-2024-4027)
vulnerability in dos (CVE-2024-4027). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-1395 |
|
Vulnerability in CVE-2025-1395 (CVE-2025-1395)
vulnerability in CVE-2025-1395 (CVE-2025-1395). Confidential information can be exposed externally.
|
| CVE-2026-25210 |
|
Vulnerability in libexpat-project (CVE-2026-25210)
vulnerability in libexpat-project (CVE-2026-25210). Confidential information can be exposed externally.
|
| CVE-2025-69604 |
|
Vulnerability in shirt-pocket (CVE-2025-69604)
vulnerability in shirt-pocket (CVE-2025-69604). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15549 |
|
Cross-Site Scripting (XSS) in fluentcms (CVE-2025-15549)
cross-site scripting in fluentcms (CVE-2025-15549). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7714 |
|
SQL Injection in sqli (CVE-2025-7714)
SQL injection in sqli (CVE-2025-7714). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7713 |
|
Cross-Site Scripting (XSS) in globalmedya (CVE-2025-7713)
cross-site scripting in globalmedya (CVE-2025-7713). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37011 |
|
Out-of-Bounds Write in CVE-2020-37011 (CVE-2020-37011)
out-of-bounds write in CVE-2020-37011 (CVE-2020-37011). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37015 |
|
Path Traversal in path-traversal (CVE-2020-37015)
path traversal in path-traversal (CVE-2020-37015). Confidential information can be exposed externally.
|
| CVE-2020-37004 |
|
SQL Injection in sqli (CVE-2020-37004)
SQL injection in sqli (CVE-2020-37004). Confidential information can be exposed externally.
|
| CVE-2020-37002 |
|
OS Command Injection in CVE-2020-37002 (CVE-2020-37002)
OS command injection in CVE-2020-37002 (CVE-2020-37002). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7016 |
|
Vulnerability in akinsoft (CVE-2025-7016)
vulnerability in akinsoft (CVE-2025-7016). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1281 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-71001 |
|
Out-of-Bounds Read in dos (CVE-2025-71001)
vulnerability in dos (CVE-2025-71001). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61726 |
|
Vulnerability in stdlib (CVE-2025-61726)
vulnerability in stdlib (CVE-2025-61726). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-61731 |
|
Vulnerability in toolchain (CVE-2025-61731)
vulnerability in toolchain (CVE-2025-61731). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-70999 |
|
Vulnerability in dos (CVE-2025-70999)
vulnerability in dos (CVE-2025-70999). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71000 |
|
Vulnerability in dos (CVE-2025-71000)
vulnerability in dos (CVE-2025-71000). Risk of unauthorized operations or information disclosure.
|