Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-5419 KEV |
|
[KEV] Out-of-Bounds Read in Google chromium-v8 (CVE-2025-5419)
vulnerability in Google chromium-v8 (CVE-2025-5419). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-27038 KEV |
|
[KEV] Use-After-Free in Qualcomm multiple-chipsets (CVE-2025-27038)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-27038). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-21480 KEV |
|
[KEV] Authorization Flaw in Qualcomm multiple-chipsets (CVE-2025-21480)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-21480). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-21479 KEV |
|
[KEV] Authorization Flaw in Qualcomm multiple-chipsets (CVE-2025-21479)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-21479). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-32030 KEV |
|
[KEV] Authentication Bypass in Asus routers (CVE-2021-32030)
authentication bypass in Asus routers (CVE-2021-32030). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-3935 KEV |
|
[KEV] Authentication Bypass in Connectwise screenconnect (CVE-2025-3935)
authentication bypass in Connectwise screenconnect (CVE-2025-3935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-35939 KEV |
|
[KEV] Vulnerability in Craft cms craft-cms (CVE-2025-35939)
vulnerability in Craft cms craft-cms (CVE-2025-35939). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-39780 KEV |
|
[KEV] OS Command Injection in Asus rt-ax55-routers (CVE-2023-39780)
OS command injection in Asus rt-ax55-routers (CVE-2023-39780). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-56145 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4632 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2025-4632)
path traversal in Samsung magicinfo-9-server (CVE-2025-4632). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-38950 KEV |
|
[KEV] Path Traversal in Zkteco biotime (CVE-2023-38950)
path traversal in Zkteco biotime (CVE-2023-38950). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4427 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4427)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4427). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-27920 KEV |
|
[KEV] Path Traversal in Srimax output-messenger (CVE-2025-27920)
path traversal in Srimax output-messenger (CVE-2025-27920). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-27443 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2024-27443)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2024-27443). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4428 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-11182 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Mdaemon email-server (CVE-2024-11182)
cross-site scripting in Mdaemon email-server (CVE-2024-11182). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-42999 KEV |
|
[KEV] Unsafe Deserialization in Sap netweaver (CVE-2025-42999)
vulnerability in Sap netweaver (CVE-2025-42999). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-12987 KEV |
|
[KEV] OS Command Injection in Draytek vigor-routers (CVE-2024-12987)
OS command injection in Draytek vigor-routers (CVE-2024-12987). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32756 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2025-32756)
vulnerability in Fortinet multiple-products (CVE-2025-32756). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32706 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-32706)
vulnerability in Microsoft windows (CVE-2025-32706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-30397 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-30397)
vulnerability in Microsoft windows (CVE-2025-30397). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32709 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-32709)
vulnerability in Microsoft windows (CVE-2025-32709). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-30400 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-30400)
vulnerability in Microsoft windows (CVE-2025-30400). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32701 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-32701)
vulnerability in Microsoft windows (CVE-2025-32701). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-47729 KEV |
|
[KEV] Vulnerability in Telemessage tm-sgnl (CVE-2025-47729)
vulnerability in Telemessage tm-sgnl (CVE-2025-47729). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-11120 KEV |
|
[KEV] OS Command Injection in Geovision multiple-devices (CVE-2024-11120)
OS command injection in Geovision multiple-devices (CVE-2024-11120). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-6047 KEV |
|
[KEV] OS Command Injection in Geovision multiple-devices (CVE-2024-6047)
OS command injection in Geovision multiple-devices (CVE-2024-6047). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-27363 KEV |
|
[KEV] Out-of-Bounds Write in freetype (CVE-2025-27363)
out-of-bounds write in freetype (CVE-2025-27363). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-3248 KEV |
|
[KEV] Vulnerability in langflow (CVE-2025-3248)
vulnerability in langflow (CVE-2025-3248). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34028 KEV |
|
[KEV] Path Traversal in Commvault command-center (CVE-2025-34028)
path traversal in Commvault command-center (CVE-2025-34028). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-58136 KEV |
|
[KEV] Vulnerability in Yiiframework yii (CVE-2024-58136)
vulnerability in Yiiframework yii (CVE-2024-58136). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-38475 KEV |
|
[KEV] Vulnerability in Apache http-server (CVE-2024-38475)
vulnerability in Apache http-server (CVE-2024-38475). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-44221 KEV |
|
[KEV] OS Command Injection in Sonicwall sma100-appliances (CVE-2023-44221)
OS command injection in Sonicwall sma100-appliances (CVE-2023-44221). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-31324 KEV |
|
[KEV] Unrestricted File Upload in Sap netweaver (CVE-2025-31324)
vulnerability in Sap netweaver (CVE-2025-31324). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-1976 KEV |
|
[KEV] Code Injection in Broadcom brocade-fabric-os (CVE-2025-1976)
code injection in Broadcom brocade-fabric-os (CVE-2025-1976). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-42599 KEV |
|
[KEV] Vulnerability in Qualitia active-mail (CVE-2025-42599)
vulnerability in Qualitia active-mail (CVE-2025-42599). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-3928 KEV |
|
[KEV] Vulnerability in Commvault web-server (CVE-2025-3928)
vulnerability in Commvault web-server (CVE-2025-3928). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-31201 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2025-31201)
vulnerability in Apple multiple-products (CVE-2025-31201). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-31200 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2025-31200)
vulnerability in Apple multiple-products (CVE-2025-31200). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24054 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-24054)
vulnerability in Microsoft windows (CVE-2025-24054). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-20035 KEV |
|
[KEV] OS Command Injection in Sonicwall sma100-appliances (CVE-2021-20035)
OS command injection in Sonicwall sma100-appliances (CVE-2021-20035). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-53150 KEV |
|
[KEV] Out-of-Bounds Read in Linux kernel (CVE-2024-53150)
vulnerability in Linux kernel (CVE-2024-53150). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-53197 KEV |
|
[KEV] Out-of-Bounds Write in Linux kernel (CVE-2024-53197)
out-of-bounds write in Linux kernel (CVE-2024-53197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-29824 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-29824)
vulnerability in Microsoft windows (CVE-2025-29824). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-30406 KEV |
|
[KEV] Vulnerability in Gladinet centrestack (CVE-2025-30406)
vulnerability in Gladinet centrestack (CVE-2025-30406). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-31161 KEV |
|
[KEV] Vulnerability in crushftp (CVE-2025-31161)
vulnerability in crushftp (CVE-2025-31161). Risk of unauthorized operations or information disclosure. Exploitable via `Authorization header`. Listed in CISA KEV — actively exploited.
|
| CVE-2025-22457 KEV |
|
[KEV] Vulnerability in Ivanti connect-secure (CVE-2025-22457)
vulnerability in Ivanti connect-secure (CVE-2025-22457). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24813 KEV |
|
[KEV] Vulnerability in Apache tomcat (CVE-2025-24813)
vulnerability in Apache tomcat (CVE-2025-24813). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20439 KEV |
|
[KEV] Vulnerability in Cisco smart-licensing-utility (CVE-2024-20439)
vulnerability in Cisco smart-licensing-utility (CVE-2024-20439). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2783 KEV |
|
[KEV] Vulnerability in Google chromium-mojo (CVE-2025-2783)
vulnerability in Google chromium-mojo (CVE-2025-2783). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|