Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9082 KEV |
|
[KEV] SQL Injection in drupal/core (CVE-2026-9082)
SQL injection in drupal/core (CVE-2026-9082). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `10.4.10, 10.5.10, 10.6.9, 11.1.10, 11.2.12, 11.3.10` or later.
|
| CVE-2026-6973 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2026-6973). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-41940 KEV |
|
[KEV] Vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940)
vulnerability in Webpros cpanel-whm-and-wp2-wordpress-squared (CVE-2026-41940). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-54068 KEV |
|
[KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-5418 KEV |
|
[KEV] Path Traversal in rails (CVE-2019-5418)
path traversal in rails (CVE-2019-5418). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-38475 KEV |
|
[KEV] Vulnerability in Apache http-server (CVE-2024-38475)
vulnerability in Apache http-server (CVE-2024-38475). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24813 KEV |
|
[KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
vulnerability in Apache tomcat (CVE-2025-24813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-45195 KEV |
|
[KEV] Vulnerability in Apache ofbiz (CVE-2024-45195)
vulnerability in Apache ofbiz (CVE-2024-45195). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-27348 KEV |
|
[KEV] Vulnerability in Apache hugegraph-server (CVE-2024-27348)
vulnerability in Apache hugegraph-server (CVE-2024-27348). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-38856 KEV |
|
[KEV] Authorization Flaw in Apache ofbiz (CVE-2024-38856)
vulnerability in Apache ofbiz (CVE-2024-38856). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-32113 KEV |
|
[KEV] Path Traversal in Apache ofbiz (CVE-2024-32113)
path traversal in Apache ofbiz (CVE-2024-32113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-17519 KEV |
|
[KEV] Vulnerability in Apache flink (CVE-2020-17519)
vulnerability in Apache flink (CVE-2020-17519). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-15133 KEV |
|
[KEV] Unsafe Deserialization in laravel (CVE-2018-15133)
vulnerability in laravel (CVE-2018-15133). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-27524 KEV |
|
[KEV] Vulnerability in Apache superset (CVE-2023-27524)
vulnerability in Apache superset (CVE-2023-27524). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-23752 KEV |
|
[KEV] Vulnerability in Joomla! joomla (CVE-2023-23752)
vulnerability in Joomla! joomla (CVE-2023-23752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-46604 KEV |
|
[KEV] Unsafe Deserialization in Apache activemq (CVE-2023-46604)
vulnerability in Apache activemq (CVE-2023-46604). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-44487 KEV |
|
[KEV] Vulnerability in Ietf golang.org/x/net (CVE-2023-44487)
vulnerability in Ietf golang.org/x/net (CVE-2023-44487). Risk of unauthorized operations or information disclosure. Exploitable via ``Channel``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `0.17.0` or later.
|
| CVE-2021-3129 KEV |
|
[KEV] Vulnerability in Laravel ignition (CVE-2021-3129)
vulnerability in Laravel ignition (CVE-2021-3129). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-33246 KEV |
|
[KEV] Code Injection in Apache rocketmq (CVE-2023-33246)
code injection in Apache rocketmq (CVE-2023-33246). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-8735 KEV |
|
[KEV] Vulnerability in Apache tomcat (CVE-2016-8735)
vulnerability in Apache tomcat (CVE-2016-8735). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-45046 KEV |
|
[KEV] Vulnerability in Apache log4j2 (CVE-2021-45046)
vulnerability in Apache log4j2 (CVE-2021-45046). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-33891 KEV |
|
[KEV] OS Command Injection in Apache pyspark (CVE-2022-33891)
OS command injection in Apache pyspark (CVE-2022-33891). Successful exploitation can lead to full system takeover. Exploitable via ``spark.acls.enable``. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `3.2.2` or later.
|
| CVE-2022-24112 KEV |
|
[KEV] Vulnerability in Apache apisix (CVE-2022-24112)
vulnerability in Apache apisix (CVE-2022-24112). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24706 KEV |
|
[KEV] Vulnerability in Apache couchdb (CVE-2022-24706)
vulnerability in Apache couchdb (CVE-2022-24706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-7602 KEV |
|
[KEV] Vulnerability in Drupal core (CVE-2018-7602)
vulnerability in Drupal core (CVE-2018-7602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-1956 KEV |
|
[KEV] OS Command Injection in Apache kylin (CVE-2020-1956)
OS command injection in Apache kylin (CVE-2020-1956). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-1273 KEV |
|
[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
code injection in Vmware tanzu vmware-tanzu (CVE-2018-1273). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2017-12617 KEV |
|
[KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12617)
vulnerability in Apache tomcat (CVE-2017-12617). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-12615 KEV |
|
[KEV] Unrestricted File Upload in Apache tomcat (CVE-2017-12615)
vulnerability in Apache tomcat (CVE-2017-12615). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-0130 KEV |
|
[KEV] Path Traversal in rails (CVE-2014-0130)
path traversal in rails (CVE-2014-0130). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-6340 KEV |
|
[KEV] Unsafe Deserialization in Drupal core (CVE-2019-6340)
vulnerability in Drupal core (CVE-2019-6340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-2251 KEV |
|
[KEV] Vulnerability in Apache struts (CVE-2013-2251)
vulnerability in Apache struts (CVE-2013-2251). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-0752 KEV |
|
[KEV] Path Traversal in rails (CVE-2016-0752)
path traversal in rails (CVE-2016-0752). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-1938 KEV |
|
[KEV] Privilege Escalation in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938)
vulnerability in org.apache.tomcat.embed:tomcat-embed-core (CVE-2020-1938). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `7.0.100` or later.
|
| CVE-2016-3088 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2016-3088)
vulnerability in Apache activemq (CVE-2016-3088). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-9791 KEV |
|
[KEV] Vulnerability in Apache struts-1 (CVE-2017-9791)
vulnerability in Apache struts-1 (CVE-2017-9791). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2012-0391 KEV |
|
[KEV] Vulnerability in Apache struts-2 (CVE-2012-0391)
vulnerability in Apache struts-2 (CVE-2012-0391). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2006-1547 KEV |
|
[KEV] Vulnerability in Apache struts-1 (CVE-2006-1547)
vulnerability in Apache struts-1 (CVE-2006-1547). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-13927 KEV |
|
[KEV] Vulnerability in Apache airflows-experimental-api (CVE-2020-13927)
vulnerability in Apache airflows-experimental-api (CVE-2020-13927). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-11978 KEV |
|
[KEV] OS Command Injection in Apache airflow (CVE-2020-11978)
OS command injection in Apache airflow (CVE-2020-11978). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-13671 KEV |
|
[KEV] Unrestricted File Upload in drupal (CVE-2020-13671)
vulnerability in drupal (CVE-2020-13671). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-0193 KEV |
|
[KEV] Code Injection in Apache solr (CVE-2019-0193)
code injection in Apache solr (CVE-2019-0193). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44228 KEV |
|
[KEV] Vulnerability in Apache log4j2 (CVE-2021-44228)
vulnerability in Apache log4j2 (CVE-2021-44228). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-40438 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in apache (CVE-2021-40438)
SSRF in apache (CVE-2021-40438). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-42013 KEV |
|
[KEV] Path Traversal in Apache http-server (CVE-2021-42013)
path traversal in Apache http-server (CVE-2021-42013). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-41773 KEV |
|
[KEV] Path Traversal in Apache http-server (CVE-2021-41773)
path traversal in Apache http-server (CVE-2021-41773). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-0211 KEV |
|
[KEV] Use-After-Free in Apache http-server (CVE-2019-0211)
vulnerability in Apache http-server (CVE-2019-0211). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2016-4437 KEV |
|
[KEV] Vulnerability in Apache shiro (CVE-2016-4437)
vulnerability in Apache shiro (CVE-2016-4437). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-25213 KEV |
|
[KEV] Unrestricted File Upload in Wordpress file-manager-plugin (CVE-2020-25213)
vulnerability in Wordpress file-manager-plugin (CVE-2020-25213). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|