Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2022-37055 KEV |
|
[KEV] Vulnerability in D-link routers (CVE-2022-37055)
vulnerability in D-link routers (CVE-2022-37055). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66644 KEV |
|
[KEV] OS Command Injection in Array networks array-networks (CVE-2025-66644)
OS command injection in Array networks array-networks (CVE-2025-66644). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-14104 |
|
Out-of-Bounds Read in CVE-2025-14104 (CVE-2025-14104)
vulnerability in CVE-2025-14104 (CVE-2025-14104). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64052 |
|
Command Injection in fanvil (CVE-2025-64052)
command injection in fanvil (CVE-2025-64052). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64054 |
|
Cross-Site Scripting (XSS) in dos (CVE-2025-64054)
cross-site scripting in dos (CVE-2025-64054). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64056 |
|
Vulnerability in fanvil (CVE-2025-64056)
vulnerability in fanvil (CVE-2025-64056). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64053 |
|
Vulnerability in dos (CVE-2025-64053)
vulnerability in dos (CVE-2025-64053). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64057 |
|
Path Traversal in path-traversal (CVE-2025-64057)
path traversal in path-traversal (CVE-2025-64057). Data can be tampered with by attackers.
|
| CVE-2025-66572 |
|
OS Command Injection in CVE-2025-66572 (CVE-2025-66572)
OS command injection in CVE-2025-66572 (CVE-2025-66572). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63896 |
|
Vulnerability in jxlindia (CVE-2025-63896)
vulnerability in jxlindia (CVE-2025-63896). Data can be tampered with by attackers.
|
| CVE-2025-29268 |
|
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.
|
| CVE-2025-29269 |
|
OS Command Injection in allnet (CVE-2025-29269)
OS command injection in allnet (CVE-2025-29269). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66287 |
|
Vulnerability in CVE-2025-66287 (CVE-2025-66287)
vulnerability in CVE-2025-66287 (CVE-2025-66287). Successful exploitation can lead to full system takeover.
|
| CVE-2025-40251 |
|
Vulnerability in c (CVE-2025-40251)
vulnerability in c (CVE-2025-40251). Risk of unauthorized operations or information disclosure. Exploitable via ``rate_leaf_parent_set``.
|
| CVE-2025-14010 |
|
Vulnerability in redhat (CVE-2025-14010)
vulnerability in redhat (CVE-2025-14010). Confidential information can be exposed externally.
|
| CVE-2025-64055 |
|
Authentication Bypass in fanvil (CVE-2025-64055)
authentication bypass in fanvil (CVE-2025-64055). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63402 |
|
Vulnerability in hcltech (CVE-2025-63402)
vulnerability in hcltech (CVE-2025-63402). Data can be tampered with by attackers.
|
| CVE-2025-63401 |
|
Cross-Site Scripting (XSS) in hcltech (CVE-2025-63401)
cross-site scripting in hcltech (CVE-2025-63401). Data can be tampered with by attackers.
|
| CVE-2025-65841 |
|
Vulnerability in acustica-audio (CVE-2025-65841)
vulnerability in acustica-audio (CVE-2025-65841). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-57201 |
|
Command Injection in avtech (CVE-2025-57201)
command injection in avtech (CVE-2025-57201). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57202 |
|
Cross-Site Scripting (XSS) in avtech (CVE-2025-57202)
cross-site scripting in avtech (CVE-2025-57202). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-57198 |
|
Command Injection in avtech (CVE-2025-57198)
command injection in avtech (CVE-2025-57198). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57199 |
|
Command Injection in avtech (CVE-2025-57199)
command injection in avtech (CVE-2025-57199). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57200 |
|
Command Injection in avtech (CVE-2025-57200)
command injection in avtech (CVE-2025-57200). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-26828 KEV |
|
[KEV] Unrestricted File Upload in Openplc scadabr (CVE-2021-26828)
vulnerability in Openplc scadabr (CVE-2021-26828). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-65955 |
|
Vulnerability in imagemagick (CVE-2025-65955)
vulnerability in imagemagick (CVE-2025-65955). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.1.2-9` or later.
|
| CVE-2025-13505 |
|
Cross-Site Scripting (XSS) in datateam (CVE-2025-13505)
cross-site scripting in datateam (CVE-2025-13505). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66412 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2025-66412)
cross-site scripting in @angular/compiler (CVE-2025-66412). Risk of unauthorized operations or information disclosure. Exploitable via ``attributeName``.
|
| CVE-2025-65622 |
|
Cross-Site Scripting (XSS) in snipeitapp (CVE-2025-65622)
cross-site scripting in snipeitapp (CVE-2025-65622). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65621 |
|
Cross-Site Scripting (XSS) in privilege-escalation (CVE-2025-65621)
cross-site scripting in privilege-escalation (CVE-2025-65621). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-51683 |
|
SQL Injection in sqli (CVE-2025-51683)
SQL injection in sqli (CVE-2025-51683). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63365 |
|
Path Traversal in path-traversal (CVE-2025-63365)
path traversal in path-traversal (CVE-2025-63365). Confidential information can be exposed externally.
|
| CVE-2025-10101 |
|
Out-of-Bounds Read in CVE-2025-10101 (CVE-2025-10101)
vulnerability in CVE-2025-10101 (CVE-2025-10101). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8351 |
|
Vulnerability in CVE-2025-8351 (CVE-2025-8351)
vulnerability in CVE-2025-8351 (CVE-2025-8351). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61229 |
|
Vulnerability in shirt-pocket (CVE-2025-61229)
vulnerability in shirt-pocket (CVE-2025-61229). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61228 |
|
Vulnerability in shirt-pocket (CVE-2025-61228)
vulnerability in shirt-pocket (CVE-2025-61228). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57489 |
|
Vulnerability in shirt-pocket (CVE-2025-57489)
vulnerability in shirt-pocket (CVE-2025-57489). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13296 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-13296)
vulnerability in csrf (CVE-2025-13296). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-26829 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Openplc scadabr (CVE-2021-26829)
cross-site scripting in Openplc scadabr (CVE-2021-26829). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-65675 |
|
Cross-Site Scripting (XSS) in classroomio (CVE-2025-65675)
cross-site scripting in classroomio (CVE-2025-65675). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65676 |
|
Cross-Site Scripting (XSS) in classroomio (CVE-2025-65676)
cross-site scripting in classroomio (CVE-2025-65676). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65669 |
|
Vulnerability in classroomio (CVE-2025-65669)
vulnerability in classroomio (CVE-2025-65669). Data can be tampered with by attackers.
|
| CVE-2025-13601 |
|
Vulnerability in redhat (CVE-2025-13601)
vulnerability in redhat (CVE-2025-13601). Data can be tampered with by attackers.
|
| CVE-2025-51741 |
|
Vulnerability in dos (CVE-2025-51741)
vulnerability in dos (CVE-2025-51741). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61168 |
|
Unsafe Deserialization in sigb (CVE-2025-61168)
vulnerability in sigb (CVE-2025-61168). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61167 |
|
SQL Injection in sqli (CVE-2025-61167)
SQL injection in sqli (CVE-2025-61167). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65085 |
|
Vulnerability in ashlar (CVE-2025-65085)
vulnerability in ashlar (CVE-2025-65085). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65084 |
|
Out-of-Bounds Write in ashlar (CVE-2025-65084)
out-of-bounds write in ashlar (CVE-2025-65084). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13502 |
|
Out-of-Bounds Read in dos (CVE-2025-13502)
vulnerability in dos (CVE-2025-13502). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63674 |
|
Command Injection in blurams (CVE-2025-63674)
command injection in blurams (CVE-2025-63674). Successful exploitation can lead to full system takeover.
|