Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2026-48282 KEV [KEV] Path Traversal in Adobe path-traversal (CVE-2026-48282)
path traversal in Adobe path-traversal (CVE-2026-48282). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-48908 KEV [KEV] Unrestricted File Upload in Joomshaper ollyo (CVE-2026-48908)
vulnerability in Joomshaper ollyo (CVE-2026-48908). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-55255 KEV [KEV] Vulnerability in langflow (CVE-2026-55255)
vulnerability in langflow (CVE-2026-55255). Confidential information can be exposed externally. Exploitable via ``get_flow_by_id_or_endpoint_name``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.9.1` or later.
CVE-2026-20262 KEV [KEV] Path Traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262)
path traversal in Cisco catalyst-sd-wan-manager (CVE-2026-20262). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
CVE-2026-48558 KEV [KEV] Vulnerability in Simplehelp simple-help (CVE-2026-48558)
vulnerability in Simplehelp simple-help (CVE-2026-48558). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-35273 KEV [KEV] Vulnerability in Oracle c (CVE-2026-35273)
vulnerability in Oracle c (CVE-2026-35273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-10520 KEV [KEV] OS Command Injection in Ivanti standalone-sentry (CVE-2026-10520)
OS command injection in Ivanti standalone-sentry (CVE-2026-10520). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-11645 KEV [KEV] Out-of-Bounds Read in Google chrome (CVE-2026-11645)
vulnerability in Google chrome (CVE-2026-11645). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-48907 KEV [KEV] Vulnerability in widget factory (CVE-2026-48907)
vulnerability in widget factory (CVE-2026-48907). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20245 KEV [KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20245). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-28318 KEV [KEV] Vulnerability in Solarwinds serv-u (CVE-2026-28318)
vulnerability in Solarwinds serv-u (CVE-2026-28318). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20230 KEV [KEV] SSRF (Server-Side Request Forgery) in Cisco ssrf (CVE-2026-20230)
SSRF in Cisco ssrf (CVE-2026-20230). Data can be tampered with by attackers. Listed in CISA KEV — actively exploited.
CVE-2010-0249 KEV [KEV] Use-After-Free in Microsoft internet-explorer (CVE-2010-0249)
vulnerability in Microsoft internet-explorer (CVE-2010-0249). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2022-0492 KEV [KEV] Authentication Bypass in Linux c (CVE-2022-0492)
authentication bypass in Linux c (CVE-2022-0492). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2025-48595 KEV [KEV] Vulnerability in Android google (CVE-2025-48595)
vulnerability in Android google (CVE-2025-48595). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2024-21182 KEV Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
CVE-2026-45247 KEV [KEV] Unsafe Deserialization in Mirasvit full-page-cache-warmer (CVE-2026-45247)
vulnerability in Mirasvit full-page-cache-warmer (CVE-2026-45247). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-45659 KEV [KEV] Unsafe Deserialization in Microsoft deserialization (CVE-2026-45659)
vulnerability in Microsoft deserialization (CVE-2026-45659). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-9082 KEV [KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
CVE-2026-45498 KEV Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
CVE-2026-41091 KEV [KEV] Vulnerability in Microsoft malware-protection-engine (CVE-2026-41091)
vulnerability in Microsoft malware-protection-engine (CVE-2026-41091). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2009-3459 KEV [KEV] Buffer Overflow in Adobe acrobat (CVE-2009-3459)
vulnerability in Adobe acrobat (CVE-2009-3459). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2008-4250 KEV [KEV] Code Injection in Microsoft windows-2000 (CVE-2008-4250)
code injection in Microsoft windows-2000 (CVE-2008-4250). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2009-1537 KEV [KEV] Vulnerability in Microsoft directx (CVE-2009-1537)
vulnerability in Microsoft directx (CVE-2009-1537). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2010-0806 KEV [KEV] Vulnerability in Microsoft internet-explorer (CVE-2010-0806)
vulnerability in Microsoft internet-explorer (CVE-2010-0806). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-8398 KEV [KEV] Vulnerability in Daemon disc-soft (CVE-2026-8398)
vulnerability in Daemon disc-soft (CVE-2026-8398). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-42897 KEV [KEV] Cross-Site Scripting (XSS) in Microsoft exchange-server (CVE-2026-42897)
cross-site scripting in Microsoft exchange-server (CVE-2026-42897). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-20182 KEV [KEV] Authentication Bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182)
authentication bypass in Cisco catalyst-sd-wan-manager (CVE-2026-20182). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-0257 KEV [KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-42208 KEV [KEV] SQL Injection in Berriai litellm (CVE-2026-42208)
SQL injection in Berriai litellm (CVE-2026-42208). Successful exploitation can lead to full system takeover. Exploitable via `POST /chat/completions`. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `>=1.83.7` or later.
CVE-2026-6973 KEV [KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-0300 KEV [KEV] Out-of-Bounds Write in Palo alto networks palo-alto-networks (CVE-2026-0300)
out-of-bounds write in Palo alto networks palo-alto-networks (CVE-2026-0300). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-31431 KEV [KEV] Vulnerability in Linux redhat (CVE-2026-31431)
vulnerability in Linux redhat (CVE-2026-31431). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2026-41940 KEV [KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-1708 KEV [KEV] Path Traversal in Connectwise screenconnect (CVE-2024-1708)
path traversal in Connectwise screenconnect (CVE-2024-1708). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-32202 KEV [KEV] Vulnerability in Microsoft windows (CVE-2026-32202)
vulnerability in Microsoft windows (CVE-2026-32202). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-57726 KEV [KEV] Vulnerability in Simplehelp auth (CVE-2024-57726)
vulnerability in Simplehelp auth (CVE-2024-57726). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-57728 KEV [KEV] Path Traversal in Simplehelp path-traversal (CVE-2024-57728)
path traversal in Simplehelp path-traversal (CVE-2024-57728). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-7399 KEV [KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2024-7399)
path traversal in Samsung magicinfo-9-server (CVE-2024-7399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-29635 KEV [KEV] Command Injection in D-link dir-823x (CVE-2025-29635)
command injection in D-link dir-823x (CVE-2025-29635). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-39987 KEV [KEV] Vulnerability in Marimo remote-attack (CVE-2026-39987)
vulnerability in Marimo remote-attack (CVE-2026-39987). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-33825 KEV [KEV] Vulnerability in Microsoft defender (CVE-2026-33825)
vulnerability in Microsoft defender (CVE-2026-33825). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-2749 KEV [KEV] Path Traversal in Kentico path-traversal (CVE-2025-2749)
path traversal in Kentico path-traversal (CVE-2025-2749). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20133 KEV [KEV] Information Disclosure in Cisco catalyst-sd-wan-manager (CVE-2026-20133)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20122 KEV [KEV] Vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122)
vulnerability in Cisco catalyst-sd-wan-manger (CVE-2026-20122). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2024-27199 KEV [KEV] Vulnerability in Jetbrains teamcity (CVE-2024-27199)
vulnerability in Jetbrains teamcity (CVE-2024-27199). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20128 KEV [KEV] Vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128)
vulnerability in Cisco catalyst-sd-wan-manager (CVE-2026-20128). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-32975 KEV [KEV] Authentication Bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975)
authentication bypass in Quest kace-systems-management-appliance-sma (CVE-2025-32975). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-48700 KEV [KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2025-48700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2023-27351 KEV [KEV] Authentication Bypass in Papercut ngmf (CVE-2023-27351)
authentication bypass in Papercut ngmf (CVE-2023-27351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →