Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-33195 |
|
Path Traversal in activestorage (CVE-2026-33195)
path traversal in activestorage (CVE-2026-33195). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.2.3.1` or later.
|
| CVE-2025-54068 KEV |
|
[KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-4342 |
|
Vulnerability in nginx (CVE-2026-4342)
vulnerability in nginx (CVE-2026-4342). Successful exploitation can lead to full system takeover.
|
| CVE-2016-20026 |
|
Vulnerability in apache (CVE-2016-20026)
vulnerability in apache (CVE-2016-20026). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23941 |
|
Vulnerability in nginx (CVE-2026-23941)
vulnerability in nginx (CVE-2026-23941). Confidential information can be exposed externally.
|
| CVE-2026-20117 |
|
Cross-Site Scripting (XSS) in express (CVE-2026-20117)
cross-site scripting in express (CVE-2026-20117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25604 |
|
Vulnerability in apache (CVE-2026-25604)
vulnerability in apache (CVE-2026-25604). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24281 |
|
Vulnerability in apache (CVE-2026-24281)
vulnerability in apache (CVE-2026-24281). Confidential information can be exposed externally.
|
| CVE-2026-24308 |
|
Vulnerability in apache (CVE-2026-24308)
vulnerability in apache (CVE-2026-24308). Confidential information can be exposed externally.
|
| CVE-2026-27446 |
|
Vulnerability in org.apache.activemq:artemis-server (CVE-2026-27446)
vulnerability in org.apache.activemq:artemis-server (CVE-2026-27446). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.52.0` or later.
|
| CVE-2026-25673 |
|
Vulnerability in django (CVE-2026-25673)
vulnerability in django (CVE-2026-25673). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2293 |
|
Authorization Flaw in nestjs (CVE-2026-2293)
vulnerability in nestjs (CVE-2026-2293). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27970 |
|
Cross-Site Scripting (XSS) in angular (CVE-2026-27970)
cross-site scripting in angular (CVE-2026-27970). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25747 |
|
Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27134 |
|
Authentication Bypass in apache (CVE-2026-27134)
authentication bypass in apache (CVE-2026-27134). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0974 |
|
Vulnerability in wordpress (CVE-2026-0974)
vulnerability in wordpress (CVE-2026-0974). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24734 |
|
Vulnerability in apache (CVE-2026-24734)
vulnerability in apache (CVE-2026-24734). Data can be tampered with by attackers.
|
| CVE-2026-1312 |
|
SQL Injection in django (CVE-2026-1312)
SQL injection in django (CVE-2026-1312). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-1287 |
|
SQL Injection in django (CVE-2026-1287)
SQL injection in django (CVE-2026-1287). Risk of unauthorized operations or information disclosure. Exploitable via ``FilteredRelation``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-1207 |
|
SQL Injection in django (CVE-2026-1207)
SQL injection in django (CVE-2026-1207). Risk of unauthorized operations or information disclosure. Exploitable via ``RasterField``. Mitigation: upgrade to `4.2.28, 5.2.11, 6.0.2` or later.
|
| CVE-2026-23864 |
|
Vulnerability in react (CVE-2026-23864)
vulnerability in react (CVE-2026-23864). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22774 |
|
Vulnerability in dos (CVE-2026-22774)
vulnerability in dos (CVE-2026-22774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2026-22775 |
|
Vulnerability in dos (CVE-2026-22775)
vulnerability in dos (CVE-2026-22775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2025-68493 |
|
XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
|
| CVE-2026-22610 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-22610)
cross-site scripting in @angular/compiler (CVE-2026-22610). Risk of unauthorized operations or information disclosure. Exploitable via ``href``.
|
| CVE-2026-22029 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-22029)
cross-site scripting in react (CVE-2026-22029). Confidential information can be exposed externally.
|
| CVE-2025-61686 |
|
Path Traversal in react (CVE-2025-61686)
path traversal in react (CVE-2025-61686). Data can be tampered with by attackers.
|
| CVE-2025-59057 |
|
Cross-Site Scripting (XSS) in react (CVE-2025-59057)
cross-site scripting in react (CVE-2025-59057). Confidential information can be exposed externally.
|
| CVE-2026-21884 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-21884)
cross-site scripting in react (CVE-2026-21884). Confidential information can be exposed externally.
|
| CVE-2026-0674 |
|
Vulnerability in wordpress (CVE-2026-0674)
vulnerability in wordpress (CVE-2026-0674). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66412 |
|
Cross-Site Scripting (XSS) in @angular/compiler (CVE-2025-66412)
cross-site scripting in @angular/compiler (CVE-2025-66412). Risk of unauthorized operations or information disclosure. Exploitable via ``attributeName``.
|
| CVE-2025-66035 |
|
Vulnerability in @angular/common (CVE-2025-66035)
vulnerability in @angular/common (CVE-2025-66035). Risk of unauthorized operations or information disclosure. Exploitable via ``POST``. Mitigation: upgrade to `19.2.16` or later.
|
| CVE-2025-51741 |
|
Vulnerability in dos (CVE-2025-51741)
vulnerability in dos (CVE-2025-51741). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56399 |
|
Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61795 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.110, 10.1.47, 11.0.12` or later.
|
| CVE-2025-55752 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|
| CVE-2025-55754 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|
| CVE-2025-11570 |
|
Cross-Site Scripting (XSS) in drupal (CVE-2025-11570)
cross-site scripting in drupal (CVE-2025-11570). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-11226 |
|
Vulnerability in spring (CVE-2025-11226)
vulnerability in spring (CVE-2025-11226). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-48989 |
|
Vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989)
vulnerability in org.apache.tomcat:tomcat-coyote (CVE-2025-48989). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.108` or later.
|
| CVE-2025-52078 |
|
Unrestricted File Upload in react (CVE-2025-52078)
vulnerability in react (CVE-2025-52078). Risk of unauthorized operations or information disclosure.
|
| CVE-2012-10027 |
|
Unrestricted File Upload in wordpress (CVE-2012-10027)
vulnerability in wordpress (CVE-2012-10027). Risk of unauthorized operations or information disclosure. Exploitable via ``uploadify.php``.
|
| CVE-2019-5418 KEV |
|
[KEV] Path Traversal in rails (CVE-2019-5418)
path traversal in rails (CVE-2019-5418). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-38475 KEV |
|
[KEV] Vulnerability in Apache http-server (CVE-2024-38475)
vulnerability in Apache http-server (CVE-2024-38475). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-3891 |
|
Vulnerability in apache (CVE-2025-3891)
vulnerability in apache (CVE-2025-3891). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-27391 |
|
Vulnerability in apache (CVE-2025-27391)
vulnerability in apache (CVE-2025-27391). Confidential information can be exposed externally.
|
| CVE-2025-27427 |
|
Authorization Flaw in apache (CVE-2025-27427)
vulnerability in apache (CVE-2025-27427). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-24813 KEV |
|
[KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
vulnerability in Apache tomcat (CVE-2025-24813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-45195 KEV |
|
[KEV] Vulnerability in Apache ofbiz (CVE-2024-45195)
vulnerability in Apache ofbiz (CVE-2024-45195). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-11404 |
|
Vulnerability in django-filer (CVE-2024-11404)
vulnerability in django-filer (CVE-2024-11404). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.3.0` or later.
|