Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-0880 |
|
Vulnerability in mozilla (CVE-2026-0880)
vulnerability in mozilla (CVE-2026-0880). Successful exploitation can lead to full system takeover.
|
| CVE-2025-40944 |
|
Vulnerability in CVE-2025-40944 (CVE-2025-40944)
vulnerability in CVE-2025-40944 (CVE-2025-40944). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66176 |
|
Vulnerability in hikvision (CVE-2025-66176)
vulnerability in hikvision (CVE-2025-66176). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66177 |
|
Vulnerability in CVE-2025-66177 (CVE-2025-66177)
vulnerability in CVE-2025-66177 (CVE-2025-66177). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20805 KEV |
|
[KEV] Information Disclosure in Microsoft windows (CVE-2026-20805)
vulnerability in Microsoft windows (CVE-2026-20805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-22212 |
|
Vulnerability in CVE-2026-22212 (CVE-2026-22212)
vulnerability in CVE-2026-22212 (CVE-2026-22212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22213 |
|
Vulnerability in riot-os (CVE-2026-22213)
vulnerability in riot-os (CVE-2026-22213). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22214 |
|
Vulnerability in riot-os (CVE-2026-22214)
vulnerability in riot-os (CVE-2026-22214). Successful exploitation can lead to full system takeover.
|
| CVE-2025-29329 |
|
Vulnerability in sagemcom (CVE-2025-29329)
vulnerability in sagemcom (CVE-2025-29329). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22771 |
|
Code Injection in envoyproxy (CVE-2026-22771)
code injection in envoyproxy (CVE-2026-22771). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.7` or later.
|
| CVE-2026-22200 |
|
Vulnerability in enhancesoft (CVE-2026-22200)
vulnerability in enhancesoft (CVE-2026-22200). Confidential information can be exposed externally.
|
| CVE-2025-65552 |
|
Vulnerability in d3dsecurity (CVE-2025-65552)
vulnerability in d3dsecurity (CVE-2025-65552). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65553 |
|
Vulnerability in d3dsecurity (CVE-2025-65553)
vulnerability in d3dsecurity (CVE-2025-65553). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8110 KEV |
|
[KEV] Path Traversal in gogs (CVE-2025-8110)
path traversal in gogs (CVE-2025-8110). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68493 |
|
XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
|
| CVE-2026-22610 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
|
| CVE-2026-22029 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-22029)
cross-site scripting in react (CVE-2026-22029). Confidential information can be exposed externally.
|
| CVE-2025-59057 |
|
Cross-Site Scripting (XSS) in react (CVE-2025-59057)
cross-site scripting in react (CVE-2025-59057). Confidential information can be exposed externally.
|
| CVE-2026-21884 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-21884)
cross-site scripting in react (CVE-2026-21884). Confidential information can be exposed externally.
|
| CVE-2025-61686 |
|
Path Traversal in react (CVE-2025-61686)
path traversal in react (CVE-2025-61686). Data can be tampered with by attackers.
|
| CVE-2025-9222 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2025-9222)
cross-site scripting in gitlab (CVE-2025-9222). Confidential information can be exposed externally.
|
| CVE-2025-13761 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-13761)
cross-site scripting in c (CVE-2025-13761). Confidential information can be exposed externally.
|
| CVE-2025-13772 |
|
Vulnerability in gitlab (CVE-2025-13772)
vulnerability in gitlab (CVE-2025-13772). Confidential information can be exposed externally.
|
| CVE-2025-70974 |
|
Vulnerability in CVE-2025-70974 (CVE-2025-70974)
vulnerability in CVE-2025-70974 (CVE-2025-70974). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65518 |
|
Vulnerability in dos (CVE-2025-65518)
vulnerability in dos (CVE-2025-65518). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-50334 |
|
Vulnerability in dos (CVE-2025-50334)
vulnerability in dos (CVE-2025-50334). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0719 |
|
Vulnerability in CVE-2026-0719 (CVE-2026-0719)
vulnerability in CVE-2026-0719 (CVE-2026-0719). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0674 |
|
Vulnerability in wordpress (CVE-2026-0674)
vulnerability in wordpress (CVE-2026-0674). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69262 |
|
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
|
| CVE-2025-69263 |
|
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
|
| CVE-2025-69264 |
|
Vulnerability in pnpm (CVE-2025-69264)
vulnerability in pnpm (CVE-2025-69264). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22184 |
|
Out-of-Bounds Write in zlib (CVE-2026-22184)
out-of-bounds write in zlib (CVE-2026-22184). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22189 |
|
Vulnerability in cmu (CVE-2026-22189)
vulnerability in cmu (CVE-2026-22189). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22190 |
|
Vulnerability in cmu (CVE-2026-22190)
vulnerability in cmu (CVE-2026-22190). Confidential information can be exposed externally.
|
| CVE-2026-22188 |
|
Vulnerability in dos (CVE-2026-22188)
vulnerability in dos (CVE-2026-22188). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-12543 |
|
Vulnerability in redhat (CVE-2025-12543)
vulnerability in redhat (CVE-2025-12543). Confidential information can be exposed externally. Exploitable via `Host header`.
|
| CVE-2026-0650 |
|
Vulnerability in CVE-2026-0650 (CVE-2026-0650)
vulnerability in CVE-2026-0650 (CVE-2026-0650). Risk of unauthorized operations or information disclosure.
|
| CVE-2009-0556 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-37164 KEV |
|
[KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-60534 |
|
Authentication Bypass in blueaccesstech (CVE-2025-60534)
authentication bypass in blueaccesstech (CVE-2025-60534). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0625 |
|
Vulnerability in CVE-2026-0625 (CVE-2026-0625)
vulnerability in CVE-2026-0625 (CVE-2026-0625). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69223 |
|
Vulnerability in dos (CVE-2025-69223)
vulnerability in dos (CVE-2025-69223). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68428 |
|
Vulnerability in path-traversal (CVE-2025-68428)
vulnerability in path-traversal (CVE-2025-68428). Confidential information can be exposed externally. Exploitable via ``addImage``.
|
| CVE-2025-67316 |
|
Cross-Site Scripting (XSS) in heytap (CVE-2025-67316)
cross-site scripting in heytap (CVE-2025-67316). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63396 |
|
Vulnerability in pytorch (CVE-2025-63396)
vulnerability in pytorch (CVE-2025-63396). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.1, 2.8.0` or later.
|
| CVE-2025-67268 |
|
Vulnerability in c (CVE-2025-67268)
vulnerability in c (CVE-2025-67268). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67269 |
|
Vulnerability in c (CVE-2025-67269)
vulnerability in c (CVE-2025-67269). Risk of unauthorized operations or information disclosure. Exploitable via ``ffa1d6f40bca0b035fc7f5e563160ebb67199da7``.
|
| CVE-2025-67160 |
|
Path Traversal in path-traversal (CVE-2025-67160)
path traversal in path-traversal (CVE-2025-67160). Confidential information can be exposed externally.
|
| CVE-2025-67158 |
|
Authentication Bypass in revotech (CVE-2025-67158)
authentication bypass in revotech (CVE-2025-67158). Confidential information can be exposed externally.
|
| CVE-2025-59381 |
|
Path Traversal in path-traversal (CVE-2025-59381)
path traversal in path-traversal (CVE-2025-59381). Confidential information can be exposed externally.
|