Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-21513 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2026-21513)
vulnerability in Microsoft windows (CVE-2026-21513). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24423 KEV |
|
[KEV] Vulnerability in Smartertools smartermail (CVE-2026-24423)
vulnerability in Smartertools smartermail (CVE-2026-24423). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-11953 KEV |
|
[KEV] OS Command Injection in React native community react-native-community (CVE-2025-11953)
OS command injection in React native community react-native-community (CVE-2025-11953). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-64328 KEV |
|
[KEV] OS Command Injection in Sangoma freepbx (CVE-2025-64328)
OS command injection in Sangoma freepbx (CVE-2025-64328). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-40551 KEV |
|
[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-40551)
vulnerability in Solarwinds web-help-desk (CVE-2025-40551). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-19006 KEV |
|
[KEV] Authentication Bypass in Sangoma freepbx (CVE-2019-19006)
authentication bypass in Sangoma freepbx (CVE-2019-19006). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2021-39935 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Gitlab community-and-enterprise-editions (CVE-2021-39935)
SSRF in Gitlab community-and-enterprise-editions (CVE-2021-39935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24293 |
|
Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
|
| CGA-7jqj-8457-jm46 |
|
Vulnerability in amazon-ecs-agent-fips (CGA-7jqj-8457-jm46)
vulnerability in amazon-ecs-agent-fips (CGA-7jqj-8457-jm46). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.100.1-r2` or later.
|
| CVE-2026-1281 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24869 |
|
Use-After-Free in mozilla (CVE-2026-24869)
vulnerability in mozilla (CVE-2026-24869). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22795 |
|
Vulnerability in dos (CVE-2026-22795)
vulnerability in dos (CVE-2026-22795). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69420 |
|
Vulnerability in dos (CVE-2025-69420)
vulnerability in dos (CVE-2025-69420). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69421 |
|
Vulnerability in dos (CVE-2025-69421)
vulnerability in dos (CVE-2025-69421). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69419 |
|
Out-of-Bounds Write in dos (CVE-2025-69419)
out-of-bounds write in dos (CVE-2025-69419). Confidential information can be exposed externally.
|
| CVE-2025-69418 |
|
Vulnerability in openssl (CVE-2025-69418)
vulnerability in openssl (CVE-2025-69418). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68160 |
|
Out-of-Bounds Write in dos (CVE-2025-68160)
out-of-bounds write in dos (CVE-2025-68160). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15467 |
|
Out-of-Bounds Write in cisa (CVE-2025-15467)
out-of-bounds write in cisa (CVE-2025-15467). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21721 |
|
Authorization Flaw in privilege-escalation (CVE-2026-21721)
vulnerability in privilege-escalation (CVE-2026-21721). Confidential information can be exposed externally.
|
| CVE-2026-21720 |
|
Vulnerability in grafana (CVE-2026-21720)
vulnerability in grafana (CVE-2026-21720). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24858 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2026-24858)
vulnerability in Fortinet multiple-products (CVE-2026-24858). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-23760 KEV |
|
[KEV] Vulnerability in Smartertools smartermail (CVE-2026-23760)
vulnerability in Smartertools smartermail (CVE-2026-23760). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-14634 KEV |
|
[KEV] Vulnerability in Linux kernel (CVE-2018-14634)
vulnerability in Linux kernel (CVE-2018-14634). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-52691 KEV |
|
[KEV] Unrestricted File Upload in Smartertools smartermail (CVE-2025-52691)
vulnerability in Smartertools smartermail (CVE-2025-52691). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24061 KEV |
|
[KEV] Vulnerability in Gnu inetutils (CVE-2026-24061)
vulnerability in Gnu inetutils (CVE-2026-24061). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21509 KEV |
|
[KEV] Vulnerability in Microsoft office (CVE-2026-21509)
vulnerability in Microsoft office (CVE-2026-21509). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-52023 |
|
Vulnerability in aptsys (CVE-2025-52023)
vulnerability in aptsys (CVE-2025-52023). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-52022 |
|
Vulnerability in aptsys (CVE-2025-52022)
vulnerability in aptsys (CVE-2025-52022). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-37079 KEV |
|
[KEV] Out-of-Bounds Write in Broadcom vmware-vcenter-server (CVE-2024-37079)
out-of-bounds write in Broadcom vmware-vcenter-server (CVE-2024-37079). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-54313 KEV |
|
[KEV] Vulnerability in prettier (CVE-2025-54313)
vulnerability in prettier (CVE-2025-54313). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34026 KEV |
|
[KEV] Vulnerability in Versa concerto (CVE-2025-34026)
vulnerability in Versa concerto (CVE-2025-34026). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-31125 KEV |
|
[KEV] Information Disclosure in vite (CVE-2025-31125)
vulnerability in vite (CVE-2025-31125). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68645 KEV |
|
[KEV] Vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20045 KEV |
|
[KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)
code injection in Cisco unified-communications-manager (CVE-2026-20045). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-23876 |
|
Vulnerability in imagemagick (CVE-2026-23876)
vulnerability in imagemagick (CVE-2026-23876). Successful exploitation can lead to full system takeover.
|
| CVE-2025-25249 |
|
Vulnerability in fortinet (CVE-2025-25249)
vulnerability in fortinet (CVE-2025-25249). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0878 |
|
Vulnerability in mozilla (CVE-2026-0878)
vulnerability in mozilla (CVE-2026-0878). Confidential information can be exposed externally.
|
| CVE-2026-0879 |
|
Buffer Overflow in mozilla (CVE-2026-0879)
vulnerability in mozilla (CVE-2026-0879). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0877 |
|
Vulnerability in mozilla (CVE-2026-0877)
vulnerability in mozilla (CVE-2026-0877). Confidential information can be exposed externally.
|
| CVE-2026-0891 |
|
Buffer Overflow in mozilla (CVE-2026-0891)
vulnerability in mozilla (CVE-2026-0891). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0882 |
|
Use-After-Free in mozilla (CVE-2026-0882)
vulnerability in mozilla (CVE-2026-0882). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0880 |
|
Vulnerability in mozilla (CVE-2026-0880)
vulnerability in mozilla (CVE-2026-0880). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0881 |
|
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
|
| CVE-2026-20805 KEV |
|
[KEV] Information Disclosure in Microsoft windows (CVE-2026-20805)
vulnerability in Microsoft windows (CVE-2026-20805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-22771 |
|
Code Injection in envoyproxy (CVE-2026-22771)
code injection in envoyproxy (CVE-2026-22771). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.7` or later.
|
| CVE-2025-8110 KEV |
|
[KEV] Path Traversal in gogs (CVE-2025-8110)
path traversal in gogs (CVE-2025-8110). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68493 |
|
XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
|
| CVE-2025-9222 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2025-9222)
cross-site scripting in gitlab (CVE-2025-9222). Confidential information can be exposed externally.
|
| CVE-2025-13772 |
|
Vulnerability in gitlab (CVE-2025-13772)
vulnerability in gitlab (CVE-2025-13772). Confidential information can be exposed externally.
|
| CVE-2025-13761 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-13761)
cross-site scripting in c (CVE-2025-13761). Confidential information can be exposed externally.
|