Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-25153 |
|
Code Injection in linuxfoundation (CVE-2026-25153)
code injection in linuxfoundation (CVE-2026-25153). Confidential information can be exposed externally. Exploitable via ``hooks``.
|
| CVE-2025-24293 |
|
Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15549 |
|
Cross-Site Scripting (XSS) in fluentcms (CVE-2025-15549)
cross-site scripting in fluentcms (CVE-2025-15549). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61726 |
|
Vulnerability in stdlib (CVE-2025-61726)
vulnerability in stdlib (CVE-2025-61726). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-61731 |
|
Vulnerability in toolchain (CVE-2025-61731)
vulnerability in toolchain (CVE-2025-61731). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-61140 |
|
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
|
| CVE-2025-57283 |
|
Code Injection in browserstack (CVE-2025-57283)
code injection in browserstack (CVE-2025-57283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24842 |
|
Path Traversal in path-traversal (CVE-2026-24842)
path traversal in path-traversal (CVE-2026-24842). Confidential information can be exposed externally.
|
| CVE-2026-24779 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24779)
SSRF in ssrf (CVE-2026-24779). Confidential information can be exposed externally. Exploitable via ``MediaConnector``.
|
| CVE-2026-24747 |
|
Code Injection in linuxfoundation (CVE-2026-24747)
code injection in linuxfoundation (CVE-2026-24747). Successful exploitation can lead to full system takeover. Exploitable via ``weights_only``.
|
| CVE-2026-24486 |
|
Path Traversal in path-traversal (CVE-2026-24486)
path traversal in path-traversal (CVE-2026-24486). Data can be tampered with by attackers. Exploitable via ``UPLOAD_DIR``.
|
| CVE-2025-52023 |
|
Vulnerability in aptsys (CVE-2025-52023)
vulnerability in aptsys (CVE-2025-52023). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52022 |
|
Vulnerability in aptsys (CVE-2025-52022)
vulnerability in aptsys (CVE-2025-52022). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0994 |
|
Vulnerability in protobuf (CVE-2026-0994)
vulnerability in protobuf (CVE-2026-0994). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.29.6` or later.
|
| CVE-2026-24049 |
|
Path Traversal in privilege-escalation (CVE-2026-24049)
path traversal in privilege-escalation (CVE-2026-24049). Data can be tampered with by attackers.
|
| CVE-2026-24001 |
|
Vulnerability in kpdecker (CVE-2026-24001)
vulnerability in kpdecker (CVE-2026-24001). Risk of unauthorized operations or information disclosure. Exploitable via ``parsePatch``.
|
| CVE-2026-23960 |
|
Cross-Site Scripting (XSS) in argoproj (CVE-2026-23960)
cross-site scripting in argoproj (CVE-2026-23960). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22807 |
|
Code Injection in vllm (CVE-2026-22807)
code injection in vllm (CVE-2026-22807). Successful exploitation can lead to full system takeover. Exploitable via ``auto_map``.
|
| CVE-2021-47817 |
|
Cross-Site Scripting (XSS) in open-emr (CVE-2021-47817)
cross-site scripting in open-emr (CVE-2021-47817). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23956 |
|
Vulnerability in seroval (CVE-2026-23956)
vulnerability in seroval (CVE-2026-23956). Risk of unauthorized operations or information disclosure. Exploitable via ``Seroval``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2026-22977 |
|
Vulnerability in c (CVE-2026-22977)
vulnerability in c (CVE-2026-22977). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22976 |
|
Vulnerability in c (CVE-2026-22976)
vulnerability in c (CVE-2026-22976). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-55130 |
|
Vulnerability in nodejs (CVE-2025-55130)
vulnerability in nodejs (CVE-2025-55130). Confidential information can be exposed externally.
|
| CVE-2025-59465 |
|
Vulnerability in dos (CVE-2025-59465)
vulnerability in dos (CVE-2025-59465). Risk of unauthorized operations or information disclosure. Exploitable via ``HPACK``.
|
| CVE-2025-55131 |
|
Vulnerability in CVE-2025-55131 (CVE-2025-55131)
vulnerability in CVE-2025-55131 (CVE-2025-55131). Confidential information can be exposed externally. Exploitable via ``Buffer.alloc``.
|
| CVE-2025-56005 |
|
Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
|
| CVE-2026-23950 |
|
Vulnerability in isaacs (CVE-2026-23950)
vulnerability in isaacs (CVE-2026-23950). Data can be tampered with by attackers. Exploitable via ``PathReservations``.
|
| CVE-2026-23745 |
|
Path Traversal in isaacs (CVE-2026-23745)
path traversal in isaacs (CVE-2026-23745). Confidential information can be exposed externally. Mitigation: upgrade to `7.5.3` or later.
|
| CVE-2021-47839 |
|
Cross-Site Scripting (XSS) in CVE-2021-47839 (CVE-2021-47839)
cross-site scripting in CVE-2021-47839 (CVE-2021-47839). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-47836 |
|
Cross-Site Scripting (XSS) in CVE-2021-47836 (CVE-2021-47836)
cross-site scripting in CVE-2021-47836 (CVE-2021-47836). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23490 |
|
Vulnerability in pyasn1 (CVE-2026-23490)
vulnerability in pyasn1 (CVE-2026-23490). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.2` or later.
|
| CVE-2026-22775 |
|
Vulnerability in dos (CVE-2026-22775)
vulnerability in dos (CVE-2026-22775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2026-22774 |
|
Vulnerability in dos (CVE-2026-22774)
vulnerability in dos (CVE-2026-22774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2026-0897 |
|
Vulnerability in keras (CVE-2026-0897)
vulnerability in keras (CVE-2026-0897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.1` or later.
|
| CVE-2026-22858 |
|
Out-of-Bounds Read in c (CVE-2026-22858)
vulnerability in c (CVE-2026-22858). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2025-71066 |
|
Vulnerability in Kernel (CVE-2025-71066)
vulnerability in Kernel (CVE-2025-71066). Risk of unauthorized operations or information disclosure. Exploitable via ``ets_qdisc_dequeue``. Mitigation: upgrade to `5.10.248, 5.15.198, 6.1.160, 6.6.120, 6.12.64, 6.18.3` or later.
|
| CVE-2025-55462 |
|
Vulnerability in eramba (CVE-2025-55462)
vulnerability in eramba (CVE-2025-55462). Confidential information can be exposed externally.
|
| CVE-2026-22610 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
|
| CVE-2026-22029 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-22029)
cross-site scripting in react (CVE-2026-22029). Confidential information can be exposed externally.
|
| CVE-2026-21884 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-21884)
cross-site scripting in react (CVE-2026-21884). Confidential information can be exposed externally.
|
| CVE-2025-59057 |
|
Cross-Site Scripting (XSS) in react (CVE-2025-59057)
cross-site scripting in react (CVE-2025-59057). Confidential information can be exposed externally.
|
| CVE-2025-13761 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-13761)
cross-site scripting in c (CVE-2025-13761). Confidential information can be exposed externally.
|
| CVE-2025-70974 |
|
Vulnerability in CVE-2025-70974 (CVE-2025-70974)
vulnerability in CVE-2025-70974 (CVE-2025-70974). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65518 |
|
Vulnerability in dos (CVE-2025-65518)
vulnerability in dos (CVE-2025-65518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21441 |
|
Vulnerability in urllib3 (CVE-2026-21441)
vulnerability in urllib3 (CVE-2026-21441). Risk of unauthorized operations or information disclosure. Exploitable via ``gzip``.
|
| CVE-2026-22188 |
|
Vulnerability in dos (CVE-2026-22188)
vulnerability in dos (CVE-2026-22188). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-12543 |
|
Vulnerability in redhat (CVE-2025-12543)
vulnerability in redhat (CVE-2025-12543). Confidential information can be exposed externally. Exploitable via `Host header`.
|
| CVE-2025-69223 |
|
Vulnerability in dos (CVE-2025-69223)
vulnerability in dos (CVE-2025-69223). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68428 |
|
Vulnerability in path-traversal (CVE-2025-68428)
vulnerability in path-traversal (CVE-2025-68428). Confidential information can be exposed externally. Exploitable via ``addImage``.
|
| CVE-2025-63396 |
|
Vulnerability in pytorch (CVE-2025-63396)
vulnerability in pytorch (CVE-2025-63396). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.5.1, 2.8.0` or later.
|