Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-4320 |
|
Vulnerability in CVE-2025-4320 (CVE-2025-4320)
vulnerability in CVE-2025-4320 (CVE-2025-4320). Successful exploitation can lead to full system takeover.
|
| CVE-2025-2204 |
|
Cross-Site Scripting (XSS) in CVE-2025-2204 (CVE-2025-2204)
cross-site scripting in CVE-2025-2204 (CVE-2025-2204). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24515 |
|
Vulnerability in libexpat-project (CVE-2026-24515)
vulnerability in libexpat-project (CVE-2026-24515). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0603 |
|
SQL Injection in sqli (CVE-2026-0603)
SQL injection in sqli (CVE-2026-0603). Confidential information can be exposed externally.
|
| CVE-2025-15059 |
|
Vulnerability in gimp (CVE-2025-15059)
vulnerability in gimp (CVE-2025-15059). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0775 |
|
Vulnerability in privilege-escalation (CVE-2026-0775)
vulnerability in privilege-escalation (CVE-2026-0775). Successful exploitation can lead to full system takeover.
|
| CVE-2024-37079 KEV |
|
[KEV] Out-of-Bounds Write in Broadcom vmware-vcenter-server (CVE-2024-37079)
out-of-bounds write in Broadcom vmware-vcenter-server (CVE-2024-37079). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20912 |
|
Vulnerability in gitea (CVE-2026-20912)
vulnerability in gitea (CVE-2026-20912). Confidential information can be exposed externally.
|
| CVE-2026-20897 |
|
Vulnerability in gitea (CVE-2026-20897)
vulnerability in gitea (CVE-2026-20897). Confidential information can be exposed externally.
|
| CVE-2026-20750 |
|
Vulnerability in gitea (CVE-2026-20750)
vulnerability in gitea (CVE-2026-20750). Confidential information can be exposed externally.
|
| CVE-2026-20736 |
|
Vulnerability in gitea (CVE-2026-20736)
vulnerability in gitea (CVE-2026-20736). Data can be tampered with by attackers.
|
| CVE-2025-56590 |
|
OS Command Injection in apryse (CVE-2025-56590)
OS command injection in apryse (CVE-2025-56590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0535 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0535)
cross-site scripting in autodesk (CVE-2026-0535). Confidential information can be exposed externally.
|
| CVE-2026-1260 |
|
Buffer Overflow in google (CVE-2026-1260)
vulnerability in google (CVE-2026-1260). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0534 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0534)
cross-site scripting in autodesk (CVE-2026-0534). Confidential information can be exposed externally.
|
| CVE-2026-0533 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0533)
cross-site scripting in autodesk (CVE-2026-0533). Confidential information can be exposed externally.
|
| CVE-2025-68900 |
|
Cross-Site Scripting (XSS) in CVE-2025-68900 (CVE-2025-68900)
cross-site scripting in CVE-2025-68900 (CVE-2025-68900). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56589 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-56589)
SSRF in ssrf (CVE-2025-56589). Confidential information can be exposed externally.
|
| CVE-2025-69612 |
|
Path Traversal in path-traversal (CVE-2025-69612)
path traversal in path-traversal (CVE-2025-69612). Confidential information can be exposed externally.
|
| CVE-2025-10856 |
|
Unrestricted File Upload in CVE-2025-10856 (CVE-2025-10856)
vulnerability in CVE-2025-10856 (CVE-2025-10856). Confidential information can be exposed externally.
|
| CVE-2025-4764 |
|
SQL Injection in sqli (CVE-2025-4764)
SQL injection in sqli (CVE-2025-4764). Successful exploitation can lead to full system takeover.
|
| CVE-2025-4763 |
|
Cross-Site Scripting (XSS) in aida (CVE-2025-4763)
cross-site scripting in aida (CVE-2025-4763). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24049 |
|
Path Traversal in privilege-escalation (CVE-2026-24049)
path traversal in privilege-escalation (CVE-2026-24049). Data can be tampered with by attackers.
|
| CVE-2026-24001 |
|
Vulnerability in kpdecker (CVE-2026-24001)
vulnerability in kpdecker (CVE-2026-24001). Risk of unauthorized operations or information disclosure. Exploitable via ``parsePatch``.
|
| CVE-2025-31125 KEV |
|
[KEV] Information Disclosure in vite (CVE-2025-31125)
vulnerability in vite (CVE-2025-31125). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34026 KEV |
|
[KEV] Vulnerability in Versa concerto (CVE-2025-34026)
vulnerability in Versa concerto (CVE-2025-34026). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-54313 KEV |
|
[KEV] Vulnerability in prettier (CVE-2025-54313)
vulnerability in prettier (CVE-2025-54313). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68645 KEV |
|
[KEV] Vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24046 |
|
Path Traversal in path-traversal (CVE-2026-24046)
path traversal in path-traversal (CVE-2026-24046). Confidential information can be exposed externally.
|
| CVE-2026-23960 |
|
Cross-Site Scripting (XSS) in argoproj (CVE-2026-23960)
cross-site scripting in argoproj (CVE-2026-23960). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22807 |
|
Code Injection in vllm (CVE-2026-22807)
code injection in vllm (CVE-2026-22807). Successful exploitation can lead to full system takeover. Exploitable via ``auto_map``.
|
| CVE-2026-22822 |
|
Authorization Flaw in external-secrets (CVE-2026-22822)
vulnerability in external-secrets (CVE-2026-22822). Successful exploitation can lead to full system takeover. Exploitable via ``getSecretKey``.
|
| CVE-2025-13465 |
|
Vulnerability in lodash (CVE-2025-13465)
vulnerability in lodash (CVE-2025-13465). Risk of unauthorized operations or information disclosure. Exploitable via ``_.unset``. Mitigation: upgrade to `4.17.23` or later.
|
| CVE-2021-47870 |
|
Cross-Site Scripting (XSS) in get-simple (CVE-2021-47870)
cross-site scripting in get-simple (CVE-2021-47870). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47817 |
|
Cross-Site Scripting (XSS) in open-emr (CVE-2021-47817)
cross-site scripting in open-emr (CVE-2021-47817). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22977 |
|
Vulnerability in c (CVE-2026-22977)
vulnerability in c (CVE-2026-22977). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22976 |
|
Vulnerability in c (CVE-2026-22976)
vulnerability in c (CVE-2026-22976). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15366 |
|
Command Injection in CVE-2025-15366 (CVE-2025-15366)
command injection in CVE-2025-15366 (CVE-2025-15366). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20045 KEV |
|
[KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)
code injection in Cisco unified-communications-manager (CVE-2026-20045). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-59465 |
|
Vulnerability in dos (CVE-2025-59465)
vulnerability in dos (CVE-2025-59465). Risk of unauthorized operations or information disclosure. Exploitable via ``HPACK``.
|
| CVE-2025-55131 |
|
Vulnerability in CVE-2025-55131 (CVE-2025-55131)
vulnerability in CVE-2025-55131 (CVE-2025-55131). Confidential information can be exposed externally. Exploitable via ``Buffer.alloc``.
|
| CVE-2025-55130 |
|
Vulnerability in nodejs (CVE-2025-55130)
vulnerability in nodejs (CVE-2025-55130). Confidential information can be exposed externally.
|
| CVE-2025-56005 |
|
Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
|
| CVE-2026-23876 |
|
Vulnerability in imagemagick (CVE-2026-23876)
vulnerability in imagemagick (CVE-2026-23876). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23950 |
|
Vulnerability in isaacs (CVE-2026-23950)
vulnerability in isaacs (CVE-2026-23950). Data can be tampered with by attackers. Exploitable via ``PathReservations``.
|
| CVE-2026-22219 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-22219)
SSRF in ssrf (CVE-2026-22219). Confidential information can be exposed externally.
|
| CVE-2026-22218 |
|
Path Traversal in chainlit (CVE-2026-22218)
path traversal in chainlit (CVE-2026-22218). Confidential information can be exposed externally.
|
| CVE-2026-22797 |
|
Vulnerability in CVE-2026-22797 (CVE-2026-22797)
vulnerability in CVE-2026-22797 (CVE-2026-22797). Confidential information can be exposed externally.
|
| CVE-2026-23883 |
|
Use-After-Free in dos (CVE-2026-23883)
vulnerability in dos (CVE-2026-23883). Successful exploitation can lead to full system takeover. Exploitable via ``xf_Pointer_New``.
|
| CVE-2026-23884 |
|
Use-After-Free in dos (CVE-2026-23884)
vulnerability in dos (CVE-2026-23884). Successful exploitation can lead to full system takeover.
|