Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-23231 |
|
Use-After-Free in linux (CVE-2026-23231)
vulnerability in linux (CVE-2026-23231). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27622 |
|
Out-of-Bounds Write in openexr (CVE-2026-27622)
out-of-bounds write in openexr (CVE-2026-27622). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.2.6` or later.
|
| CVE-2026-3437 |
|
Buffer Overflow in portwell (CVE-2026-3437)
vulnerability in portwell (CVE-2026-3437). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63912 |
|
Vulnerability in cohesity (CVE-2025-63912)
vulnerability in cohesity (CVE-2025-63912). Confidential information can be exposed externally.
|
| CVE-2026-25673 |
|
Vulnerability in django (CVE-2026-25673)
vulnerability in django (CVE-2026-25673). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22719 KEV |
|
[KEV] Command Injection in Broadcom vmware-aria-operations (CVE-2026-22719)
command injection in Broadcom vmware-aria-operations (CVE-2026-22719). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21385 KEV |
|
[KEV] Vulnerability in Qualcomm multiple-chipsets (CVE-2026-21385)
vulnerability in Qualcomm multiple-chipsets (CVE-2026-21385). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-3338 |
|
Vulnerability in amazon (CVE-2026-3338)
vulnerability in amazon (CVE-2026-3338). Data can be tampered with by attackers.
|
| CVE-2026-28406 |
|
Path Traversal in chainguard (CVE-2026-28406)
path traversal in chainguard (CVE-2026-28406). Data can be tampered with by attackers. Exploitable via ``dest``.
|
| CVE-2026-3304 |
|
Vulnerability in dos (CVE-2026-3304)
vulnerability in dos (CVE-2026-3304). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2359 |
|
Vulnerability in dos (CVE-2026-2359)
vulnerability in dos (CVE-2026-2359). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-10990 |
|
Vulnerability in dos (CVE-2025-10990)
vulnerability in dos (CVE-2025-10990). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-28364 |
|
Vulnerability in c (CVE-2026-28364)
vulnerability in c (CVE-2026-28364). Confidential information can be exposed externally.
|
| CVE-2026-25109 |
|
OS Command Injection in copeland (CVE-2026-25109)
OS command injection in copeland (CVE-2026-25109). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20910 |
|
OS Command Injection in copeland (CVE-2026-20910)
OS command injection in copeland (CVE-2026-20910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27509 |
|
Vulnerability in unitree (CVE-2026-27509)
vulnerability in unitree (CVE-2026-27509). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71057 |
|
Authentication Bypass in CVE-2025-71057 (CVE-2025-71057)
authentication bypass in CVE-2025-71057 (CVE-2025-71057). Data can be tampered with by attackers.
|
| CVE-2026-56351 |
|
SQL Injection in n8n (CVE-2026-56351)
SQL injection in n8n (CVE-2026-56351). Confidential information can be exposed externally. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.4.0` or later.
|
| CVE-2025-14343 |
|
Cross-Site Scripting (XSS) in CVE-2025-14343 (CVE-2025-14343)
cross-site scripting in CVE-2025-14343 (CVE-2025-14343). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1693 |
|
Vulnerability in arcinfo (CVE-2026-1693)
vulnerability in arcinfo (CVE-2026-1693). Confidential information can be exposed externally.
|
| CVE-2026-27959 |
|
Vulnerability in koajs (CVE-2026-27959)
vulnerability in koajs (CVE-2026-27959). Data can be tampered with by attackers. Exploitable via `Host header`.
|
| CVE-2026-27896 |
|
Vulnerability in lfprojects (CVE-2026-27896)
vulnerability in lfprojects (CVE-2026-27896). Data can be tampered with by attackers.
|
| CVE-2026-27830 |
|
Code Injection in deserialization (CVE-2026-27830)
code injection in deserialization (CVE-2026-27830). Successful exploitation can lead to full system takeover. Exploitable via ``javax.naming.Reference``.
|
| CVE-2026-26965 |
|
Out-of-Bounds Write in freerdp (CVE-2026-26965)
out-of-bounds write in freerdp (CVE-2026-26965). Successful exploitation can lead to full system takeover. Exploitable via ``pDstData``.
|
| CVE-2026-26955 |
|
Out-of-Bounds Write in c (CVE-2026-26955)
out-of-bounds write in c (CVE-2026-26955). Successful exploitation can lead to full system takeover. Exploitable via ``xfreerdp``.
|
| CVE-2026-26103 |
|
Vulnerability in redhat (CVE-2026-26103)
vulnerability in redhat (CVE-2026-26103). Data can be tampered with by attackers.
|
| CVE-2026-27608 |
|
Vulnerability in parseplatform (CVE-2026-27608)
vulnerability in parseplatform (CVE-2026-27608). Confidential information can be exposed externally. Exploitable via `POST /apps/`.
|
| CVE-2026-27595 |
|
Vulnerability in csrf (CVE-2026-27595)
vulnerability in csrf (CVE-2026-27595). Data can be tampered with by attackers. Exploitable via ``readOnlyMasterKey``.
|
| CVE-2022-20775 KEV |
|
[KEV] Vulnerability in Cisco sd-wan (CVE-2022-20775)
vulnerability in Cisco sd-wan (CVE-2022-20775). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-63409 |
|
Vulnerability in privilege-escalation (CVE-2025-63409)
vulnerability in privilege-escalation (CVE-2025-63409). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2798 |
|
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148.
|
| CVE-2026-2794 |
|
Vulnerability in mozilla (CVE-2026-2794)
vulnerability in mozilla (CVE-2026-2794). Confidential information can be exposed externally.
|
| CVE-2026-2769 |
|
Use-After-Free in mozilla (CVE-2026-2769)
vulnerability in mozilla (CVE-2026-2769). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67445 |
|
Vulnerability in totolink (CVE-2025-67445)
vulnerability in totolink (CVE-2025-67445). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1773 |
|
Vulnerability in dos (CVE-2026-1773)
vulnerability in dos (CVE-2026-1773). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25985 |
|
Vulnerability in imagemagick (CVE-2026-25985)
vulnerability in imagemagick (CVE-2026-25985). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-25965 |
|
Path Traversal in path-traversal (CVE-2026-25965)
path traversal in path-traversal (CVE-2026-25965). Confidential information can be exposed externally.
|
| CVE-2026-25968 |
|
Vulnerability in c (CVE-2026-25968)
vulnerability in c (CVE-2026-25968). Confidential information can be exposed externally.
|
| CVE-2026-25794 |
|
Vulnerability in c (CVE-2026-25794)
vulnerability in c (CVE-2026-25794). Risk of unauthorized operations or information disclosure. Exploitable via ``WriteUHDRImage``.
|
| CVE-2026-25108 KEV |
|
[KEV] OS Command Injection in Soliton systems k.k soliton-systems-kk (CVE-2026-25108)
OS command injection in Soliton systems k.k soliton-systems-kk (CVE-2026-25108). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-71056 |
|
Vulnerability in CVE-2025-71056 (CVE-2025-71056)
vulnerability in CVE-2025-71056 (CVE-2025-71056). Confidential information can be exposed externally.
|
| CVE-2026-27623 |
|
Vulnerability in lfprojects (CVE-2026-27623)
vulnerability in lfprojects (CVE-2026-27623). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-21863 |
|
Out-of-Bounds Read in lfprojects (CVE-2026-21863)
vulnerability in lfprojects (CVE-2026-21863). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-67733 |
|
Vulnerability in lfprojects (CVE-2025-67733)
vulnerability in lfprojects (CVE-2025-67733). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-14905 |
|
Vulnerability in c (CVE-2025-14905)
vulnerability in c (CVE-2025-14905). Successful exploitation can lead to full system takeover. Exploitable via ``schema_attr_enum_callback``.
|
| CVE-2026-25747 |
|
Unsafe Deserialization in apache (CVE-2026-25747)
vulnerability in apache (CVE-2026-25747). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2045 |
|
Out-of-Bounds Write in gimp (CVE-2026-2045)
out-of-bounds write in gimp (CVE-2026-2045). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2047 |
|
Vulnerability in gimp (CVE-2026-2047)
vulnerability in gimp (CVE-2026-2047). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2492 |
|
Vulnerability in privilege-escalation (CVE-2026-2492)
vulnerability in privilege-escalation (CVE-2026-2492). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2048 |
|
Out-of-Bounds Write in gimp (CVE-2026-2048)
out-of-bounds write in gimp (CVE-2026-2048). Successful exploitation can lead to full system takeover.
|