Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-0879 |
|
Buffer Overflow in mozilla (CVE-2026-0879)
vulnerability in mozilla (CVE-2026-0879). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66176 |
|
Vulnerability in hikvision (CVE-2025-66176)
vulnerability in hikvision (CVE-2025-66176). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20805 KEV |
|
[KEV] Information Disclosure in Microsoft windows (CVE-2026-20805)
vulnerability in Microsoft windows (CVE-2026-20805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-8110 KEV |
|
[KEV] Path Traversal in gogs (CVE-2025-8110)
path traversal in gogs (CVE-2025-8110). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68493 |
|
XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
|
| CVE-2025-9222 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2025-9222)
cross-site scripting in gitlab (CVE-2025-9222). Confidential information can be exposed externally.
|
| CVE-2025-13761 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-13761)
cross-site scripting in c (CVE-2025-13761). Confidential information can be exposed externally.
|
| CVE-2025-13772 |
|
Vulnerability in gitlab (CVE-2025-13772)
vulnerability in gitlab (CVE-2025-13772). Confidential information can be exposed externally.
|
| CVE-2025-70974 |
|
Vulnerability in CVE-2025-70974 (CVE-2025-70974)
vulnerability in CVE-2025-70974 (CVE-2025-70974). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65518 |
|
Vulnerability in dos (CVE-2025-65518)
vulnerability in dos (CVE-2025-65518). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0674 |
|
Vulnerability in wordpress (CVE-2026-0674)
vulnerability in wordpress (CVE-2026-0674). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-12543 |
|
Vulnerability in redhat (CVE-2025-12543)
vulnerability in redhat (CVE-2025-12543). Confidential information can be exposed externally. Exploitable via `Host header`.
|
| CVE-2009-0556 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-37164 KEV |
|
[KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-59381 |
|
Path Traversal in path-traversal (CVE-2025-59381)
path traversal in path-traversal (CVE-2025-59381). Confidential information can be exposed externally.
|
| CVE-2025-66835 |
|
Vulnerability in trueconf (CVE-2025-66835)
vulnerability in trueconf (CVE-2025-66835). Confidential information can be exposed externally.
|
| CVE-2025-14847 KEV |
|
[KEV] Vulnerability in mongodb (CVE-2025-14847)
vulnerability in mongodb (CVE-2025-14847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66737 |
|
Vulnerability in path-traversal (CVE-2025-66737)
vulnerability in path-traversal (CVE-2025-66737). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66738 |
|
Command Injection in yealink (CVE-2025-66738)
command injection in yealink (CVE-2025-66738). Successful exploitation can lead to full system takeover.
|
| CVE-2025-68340 |
|
Vulnerability in linux (CVE-2025-68340)
vulnerability in linux (CVE-2025-68340). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-52163 KEV |
|
[KEV] Vulnerability in Digiever ds-2105-pro (CVE-2023-52163)
vulnerability in Digiever ds-2105-pro (CVE-2023-52163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-14733 KEV |
|
[KEV] Out-of-Bounds Write in Watchguard firebox (CVE-2025-14733)
out-of-bounds write in Watchguard firebox (CVE-2025-14733). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-20393 KEV |
|
[KEV] Vulnerability in Cisco multiple-products (CVE-2025-20393)
vulnerability in Cisco multiple-products (CVE-2025-20393). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-59374 KEV |
|
[KEV] Vulnerability in Asus live-update (CVE-2025-59374)
vulnerability in Asus live-update (CVE-2025-59374). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-40602 KEV |
|
[KEV] Vulnerability in Sonicwall sma1000-appliance (CVE-2025-40602)
vulnerability in Sonicwall sma1000-appliance (CVE-2025-40602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68065 |
|
Vulnerability in CVE-2025-68065 (CVE-2025-68065)
vulnerability in CVE-2025-68065 (CVE-2025-68065). Successful exploitation can lead to full system takeover.
|
| CVE-2025-59718 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2025-59718)
vulnerability in Fortinet multiple-products (CVE-2025-59718). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2023-53888 |
|
Code Injection in zomp (CVE-2023-53888)
code injection in zomp (CVE-2023-53888). Successful exploitation can lead to full system takeover.
|
| CVE-2025-43529 KEV |
|
[KEV] Use-After-Free in Apple multiple-products (CVE-2025-43529)
vulnerability in Apple multiple-products (CVE-2025-43529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-14611 KEV |
|
[KEV] Vulnerability in Gladinet centrestack-and-triofox (CVE-2025-14611)
vulnerability in Gladinet centrestack-and-triofox (CVE-2025-14611). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-43511 |
|
Use-After-Free in apple (CVE-2025-43511)
vulnerability in apple (CVE-2025-43511). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14174 KEV |
|
[KEV] Vulnerability in Google chromium (CVE-2025-14174)
vulnerability in Google chromium (CVE-2025-14174). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-4063 KEV |
|
[KEV] Unrestricted File Upload in Sierra wireless sierra-wireless (CVE-2018-4063)
vulnerability in Sierra wireless sierra-wireless (CVE-2018-4063). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-58360 KEV |
|
[KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-64898 |
|
Vulnerability in adobe (CVE-2025-64898)
vulnerability in adobe (CVE-2025-64898). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61821 |
|
XXE (XML External Entity) in adobe (CVE-2025-61821)
vulnerability in adobe (CVE-2025-61821). Confidential information can be exposed externally.
|
| CVE-2025-61813 |
|
XXE (XML External Entity) in adobe (CVE-2025-61813)
vulnerability in adobe (CVE-2025-61813). Confidential information can be exposed externally.
|
| CVE-2025-65594 |
|
Vulnerability in os4ed (CVE-2025-65594)
vulnerability in os4ed (CVE-2025-65594). Confidential information can be exposed externally.
|
| CVE-2025-64667 |
|
Vulnerability in microsoft (CVE-2025-64667)
vulnerability in microsoft (CVE-2025-64667). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64666 |
|
Vulnerability in microsoft (CVE-2025-64666)
vulnerability in microsoft (CVE-2025-64666). Successful exploitation can lead to full system takeover.
|
| CVE-2025-62557 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-62554 |
|
Vulnerability in microsoft (CVE-2025-62554)
vulnerability in microsoft (CVE-2025-62554). Successful exploitation can lead to full system takeover.
|
| CVE-2025-59719 |
|
Vulnerability in fortinet (CVE-2025-59719)
vulnerability in fortinet (CVE-2025-59719). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61078 |
|
Cross-Site Scripting (XSS) in phpipam (CVE-2025-61078)
cross-site scripting in phpipam (CVE-2025-61078). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-53679 |
|
OS Command Injection in fortinet (CVE-2025-53679)
OS command injection in fortinet (CVE-2025-53679). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56704 |
|
Unrestricted File Upload in lepton-cms (CVE-2025-56704)
vulnerability in lepton-cms (CVE-2025-56704). Successful exploitation can lead to full system takeover.
|
| CVE-2025-62221 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-62221)
vulnerability in Microsoft windows (CVE-2025-62221). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-6218 KEV |
|
[KEV] Path Traversal in Rarlab winrar (CVE-2025-6218)
path traversal in Rarlab winrar (CVE-2025-6218). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48615 |
|
Vulnerability in google (CVE-2025-48615)
vulnerability in google (CVE-2025-48615). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48612 |
|
Vulnerability in google (CVE-2025-48612)
vulnerability in google (CVE-2025-48612). Successful exploitation can lead to full system takeover.
|