Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-24285 |
|
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
|
| CVE-2026-23239 |
|
Vulnerability in Kernel (CVE-2026-23239)
vulnerability in Kernel (CVE-2026-23239). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.12.75, 6.18.16, 6.19.6` or later.
|
| CVE-2026-21262 |
|
Vulnerability in microsoft (CVE-2026-21262)
vulnerability in microsoft (CVE-2026-21262). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56421 |
|
SQL Injection in sqli (CVE-2025-56421)
SQL injection in sqli (CVE-2025-56421). Confidential information can be exposed externally.
|
| CVE-2026-28693 |
|
Out-of-Bounds Read in imagemagick (CVE-2026-28693)
vulnerability in imagemagick (CVE-2026-28693). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `7.1.2-16` or later.
|
| CVE-2026-28691 |
|
Vulnerability in imagemagick (CVE-2026-28691)
vulnerability in imagemagick (CVE-2026-28691). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.1.2-16` or later.
|
| CVE-2026-0846 |
|
Vulnerability in nltk (CVE-2026-0846)
vulnerability in nltk (CVE-2026-0846). Confidential information can be exposed externally. Exploitable via ``nltk.util``. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-25960 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25960)
SSRF in ssrf (CVE-2026-25960). Confidential information can be exposed externally.
|
| CVE-2025-70030 |
|
Vulnerability in sunbird (CVE-2025-70030)
vulnerability in sunbird (CVE-2025-70030). Risk of unauthorized operations or information disclosure.
|
| CVE-2021-22054 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Omnissa workspace-one-uem (CVE-2021-22054)
SSRF in Omnissa workspace-one-uem (CVE-2021-22054). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-26399 KEV |
|
[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-26399)
vulnerability in Solarwinds web-help-desk (CVE-2025-26399). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1603 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-epm (CVE-2026-1603)
vulnerability in Ivanti endpoint-manager-epm (CVE-2026-1603). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-29186 |
|
Vulnerability in linuxfoundation (CVE-2026-29186)
vulnerability in linuxfoundation (CVE-2026-29186). Confidential information can be exposed externally.
|
| CVE-2026-24308 |
|
Vulnerability in apache (CVE-2026-24308)
vulnerability in apache (CVE-2026-24308). Confidential information can be exposed externally.
|
| CVE-2026-24281 |
|
Vulnerability in apache (CVE-2026-24281)
vulnerability in apache (CVE-2026-24281). Confidential information can be exposed externally.
|
| CVE-2026-2219 |
|
Vulnerability in dos (CVE-2026-2219)
vulnerability in dos (CVE-2026-2219). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25679 |
|
Vulnerability in stdlib (CVE-2026-25679)
vulnerability in stdlib (CVE-2026-25679). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.25.8, 1.26.1` or later.
|
| CVE-2026-27137 |
|
Vulnerability in stdlib (CVE-2026-27137)
vulnerability in stdlib (CVE-2026-27137). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.26.1` or later.
|
| CVE-2025-69654 |
|
Vulnerability in dos (CVE-2025-69654)
vulnerability in dos (CVE-2025-69654). Risk of unauthorized operations or information disclosure. Exploitable via ``qjs``.
|
| CVE-2026-29091 |
|
Vulnerability in locutus (CVE-2026-29091)
vulnerability in locutus (CVE-2026-29091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29783 |
|
OS Command Injection in github (CVE-2026-29783)
OS command injection in github (CVE-2026-29783). Successful exploitation can lead to full system takeover.
|
| CVE-2025-70363 |
|
Vulnerability in ibexa (CVE-2025-70363)
vulnerability in ibexa (CVE-2025-70363). Confidential information can be exposed externally.
|
| CVE-2026-26017 |
|
Vulnerability in corednsio (CVE-2026-26017)
vulnerability in corednsio (CVE-2026-26017). Confidential information can be exposed externally.
|
| CVE-2026-26018 |
|
Vulnerability in dos (CVE-2026-26018)
vulnerability in dos (CVE-2026-26018). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2753 |
|
Vulnerability in path-traversal (CVE-2026-2753)
vulnerability in path-traversal (CVE-2026-2753). Confidential information can be exposed externally.
|
| CVE-2026-2754 |
|
Vulnerability in navtor (CVE-2026-2754)
vulnerability in navtor (CVE-2026-2754). Confidential information can be exposed externally.
|
| CVE-2026-23925 |
|
Authorization Flaw in zabbix (CVE-2026-23925)
vulnerability in zabbix (CVE-2026-23925). Confidential information can be exposed externally.
|
| CVE-2026-29062 |
|
Vulnerability in dos (CVE-2026-29062)
vulnerability in dos (CVE-2026-29062). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-29074 |
|
Vulnerability in svgo (CVE-2026-29074)
vulnerability in svgo (CVE-2026-29074). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3047 |
|
Vulnerability in redhat (CVE-2026-3047)
vulnerability in redhat (CVE-2026-3047). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3009 |
|
Authorization Flaw in redhat (CVE-2026-3009)
vulnerability in redhat (CVE-2026-3009). Confidential information can be exposed externally.
|
| CVE-2026-29054 |
|
Vulnerability in traefik (CVE-2026-29054)
vulnerability in traefik (CVE-2026-29054). Data can be tampered with by attackers.
|
| CVE-2026-26999 |
|
Vulnerability in traefik (CVE-2026-26999)
vulnerability in traefik (CVE-2026-26999). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-45691 |
|
Path Traversal in vibrantlabsai (CVE-2025-45691)
path traversal in vibrantlabsai (CVE-2025-45691). Confidential information can be exposed externally.
|
| CVE-2026-30796 |
|
Vulnerability in rustdesk (CVE-2026-30796)
vulnerability in rustdesk (CVE-2026-30796). Confidential information can be exposed externally.
|
| CVE-2026-30798 |
|
Vulnerability in rustdesk (CVE-2026-30798)
vulnerability in rustdesk (CVE-2026-30798). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30794 |
|
Vulnerability in rustdesk (CVE-2026-30794)
vulnerability in rustdesk (CVE-2026-30794). Successful exploitation can lead to full system takeover.
|
| CVE-2026-30792 |
|
Vulnerability in rustdesk (CVE-2026-30792)
vulnerability in rustdesk (CVE-2026-30792). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25048 |
|
Vulnerability in mlc-ai (CVE-2026-25048)
vulnerability in mlc-ai (CVE-2026-25048). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69534 |
|
Vulnerability in markdown (CVE-2025-69534)
vulnerability in markdown (CVE-2025-69534). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.8.1` or later.
|
| CVE-2026-1605 |
|
Vulnerability in eclipse (CVE-2026-1605)
vulnerability in eclipse (CVE-2026-1605). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7921 KEV |
|
[KEV] Authentication Bypass in Hikvision multiple-products (CVE-2017-7921)
authentication bypass in Hikvision multiple-products (CVE-2017-7921). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22681 KEV |
|
[KEV] Vulnerability in Rockwell multiple-products (CVE-2021-22681)
vulnerability in Rockwell multiple-products (CVE-2021-22681). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-43000 KEV |
|
[KEV] Use-After-Free in Apple multiple-products (CVE-2023-43000)
vulnerability in Apple multiple-products (CVE-2023-43000). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-30952 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2021-30952)
vulnerability in Apple multiple-products (CVE-2021-30952). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-41974 KEV |
|
[KEV] Use-After-Free in Apple ios-and-ipados (CVE-2023-41974)
vulnerability in Apple ios-and-ipados (CVE-2023-41974). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-0847 |
|
Path Traversal in nltk (CVE-2026-0847)
path traversal in nltk (CVE-2026-0847). Confidential information can be exposed externally. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-3520 |
|
Vulnerability in dos (CVE-2026-3520)
vulnerability in dos (CVE-2026-3520). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15558 |
|
Vulnerability in c (CVE-2025-15558)
vulnerability in c (CVE-2025-15558). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23236 |
|
Vulnerability in linux (CVE-2026-23236)
vulnerability in linux (CVE-2026-23236). Data can be tampered with by attackers.
|