Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-36942 |
|
SQL Injection in sqli (CVE-2026-36942)
SQL injection in sqli (CVE-2026-36942). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36946 |
|
SQL Injection in sqli (CVE-2026-36946)
SQL injection in sqli (CVE-2026-36946). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36874 |
|
SQL Injection in sqli (CVE-2026-36874)
SQL injection in sqli (CVE-2026-36874). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0232 |
|
Vulnerability in paloaltonetworks (CVE-2026-0232)
vulnerability in paloaltonetworks (CVE-2026-0232). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0233 |
|
Vulnerability in paloaltonetworks (CVE-2026-0233)
vulnerability in paloaltonetworks (CVE-2026-0233). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60710 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-60710)
vulnerability in Microsoft windows (CVE-2025-60710). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-36424 KEV |
|
[KEV] Out-of-Bounds Read in Microsoft windows (CVE-2023-36424)
vulnerability in Microsoft windows (CVE-2023-36424). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2012-1854 KEV |
|
[KEV] Vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854)
vulnerability in Microsoft visual-basic-for-applications-vba (CVE-2012-1854). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-21529 KEV |
|
[KEV] Unsafe Deserialization in Microsoft exchange-server (CVE-2023-21529)
vulnerability in Microsoft exchange-server (CVE-2023-21529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-9715 KEV |
|
[KEV] Use-After-Free in Adobe acrobat (CVE-2020-9715)
vulnerability in Adobe acrobat (CVE-2020-9715). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21643 KEV |
|
[KEV] SQL Injection in Fortinet forticlient-ems (CVE-2026-21643)
SQL injection in Fortinet forticlient-ems (CVE-2026-21643). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34621 KEV |
|
[KEV] Vulnerability in Adobe acrobat-and-reader (CVE-2026-34621)
vulnerability in Adobe acrobat-and-reader (CVE-2026-34621). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-31845 |
|
Cross-Site Scripting (XSS) in CVE-2026-31845 (CVE-2026-31845)
cross-site scripting in CVE-2026-31845 (CVE-2026-31845). Confidential information can be exposed externally.
|
| CVE-2026-40194 |
|
Vulnerability in phpseclib/phpseclib (CVE-2026-40194)
vulnerability in phpseclib/phpseclib (CVE-2026-40194). Risk of unauthorized operations or information disclosure. Exploitable via ``e819a163c``. Mitigation: upgrade to `1.0.28` or later.
|
| CVE-2026-39304 |
|
Vulnerability in apache (CVE-2026-39304)
vulnerability in apache (CVE-2026-39304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5525 |
|
Vulnerability in notepad-plus-plus (CVE-2026-5525)
vulnerability in notepad-plus-plus (CVE-2026-5525). Confidential information can be exposed externally.
|
| CVE-2026-22750 |
|
Vulnerability in vmware (CVE-2026-22750)
vulnerability in vmware (CVE-2026-22750). Data can be tampered with by attackers.
|
| CVE-2026-4482 |
|
Vulnerability in rapid7 (CVE-2026-4482)
vulnerability in rapid7 (CVE-2026-4482). Confidential information can be exposed externally.
|
| CVE-2026-39848 |
|
Vulnerability in csrf (CVE-2026-39848)
vulnerability in csrf (CVE-2026-39848). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.1.0` or later.
|
| CVE-2026-34486 |
|
Vulnerability in tomcat (CVE-2026-34486)
vulnerability in tomcat (CVE-2026-34486). Confidential information can be exposed externally. Mitigation: upgrade to `9.0.117, 10.1.54, 11.0.21` or later.
|
| CVE-2026-29146 |
|
Vulnerability in apache (CVE-2026-29146)
vulnerability in apache (CVE-2026-29146). Confidential information can be exposed externally.
|
| CVE-2026-39962 |
|
Vulnerability in misp-project (CVE-2026-39962)
vulnerability in misp-project (CVE-2026-39962). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.36` or later.
|
| CVE-2025-70364 |
|
Code Injection in CVE-2025-70364 (CVE-2025-70364)
code injection in CVE-2025-70364 (CVE-2025-70364). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5863 |
|
Vulnerability in google (CVE-2026-5863)
vulnerability in google (CVE-2026-5863). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5911 |
|
Vulnerability in google (CVE-2026-5911)
vulnerability in google (CVE-2026-5911). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5890 |
|
Vulnerability in google (CVE-2026-5890)
vulnerability in google (CVE-2026-5890). Confidential information can be exposed externally.
|
| CVE-2026-5883 |
|
Use-After-Free in google (CVE-2026-5883)
vulnerability in google (CVE-2026-5883). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5879 |
|
Vulnerability in google (CVE-2026-5879)
vulnerability in google (CVE-2026-5879). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5865 |
|
Vulnerability in google (CVE-2026-5865)
vulnerability in google (CVE-2026-5865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5867 |
|
Vulnerability in google (CVE-2026-5867)
vulnerability in google (CVE-2026-5867). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-5860 |
|
Use-After-Free in google (CVE-2026-5860)
vulnerability in google (CVE-2026-5860). Successful exploitation can lead to full system takeover.
|
| CVE-2026-35023 |
|
Vulnerability in wimi-teamwork (CVE-2026-35023)
vulnerability in wimi-teamwork (CVE-2026-35023). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-28389 |
|
Vulnerability in dos (CVE-2026-28389)
vulnerability in dos (CVE-2026-28389). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28390 |
|
Vulnerability in dos (CVE-2026-28390)
vulnerability in dos (CVE-2026-28390). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-31790 |
|
Vulnerability in openssl (CVE-2026-31790)
vulnerability in openssl (CVE-2026-31790). Confidential information can be exposed externally.
|
| CVE-2026-31789 |
|
Out-of-Bounds Write in openssl (CVE-2026-31789)
out-of-bounds write in openssl (CVE-2026-31789). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28388 |
|
Vulnerability in dos (CVE-2026-28388)
vulnerability in dos (CVE-2026-28388). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28387 |
|
Use-After-Free in openssl (CVE-2026-28387)
vulnerability in openssl (CVE-2026-28387). Successful exploitation can lead to full system takeover.
|
| CVE-2026-39364 |
|
Vulnerability in vitejs (CVE-2026-39364)
vulnerability in vitejs (CVE-2026-39364). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.2` or later.
|
| CVE-2026-39363 |
|
Information Disclosure in vitejs (CVE-2026-39363)
vulnerability in vitejs (CVE-2026-39363). Confidential information can be exposed externally. Mitigation: upgrade to `6.4.2` or later.
|
| CVE-2026-30460 |
|
Code Injection in thedaylightstudio (CVE-2026-30460)
code injection in thedaylightstudio (CVE-2026-30460). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5732 |
|
Vulnerability in mozilla (CVE-2026-5732)
vulnerability in mozilla (CVE-2026-5732). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5734 |
|
Out-of-Bounds Write in mozilla (CVE-2026-5734)
out-of-bounds write in mozilla (CVE-2026-5734). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5731 |
|
Buffer Overflow in mozilla (CVE-2026-5731)
vulnerability in mozilla (CVE-2026-5731). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5735 |
|
Out-of-Bounds Write in mozilla (CVE-2026-5735)
out-of-bounds write in mozilla (CVE-2026-5735). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5733 |
|
Buffer Overflow in mozilla (CVE-2026-5733)
vulnerability in mozilla (CVE-2026-5733). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28808 |
|
Authorization Flaw in erlang (CVE-2026-28808)
vulnerability in erlang (CVE-2026-28808). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32144 |
|
Vulnerability in erlang (CVE-2026-32144)
vulnerability in erlang (CVE-2026-32144). Confidential information can be exposed externally.
|
| CVE-2026-35029 |
|
Authorization Flaw in litellm (CVE-2026-35029)
vulnerability in litellm (CVE-2026-35029). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.0` or later.
|