Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-2492 |
|
Vulnerability in privilege-escalation (CVE-2026-2492)
vulnerability in privilege-escalation (CVE-2026-2492). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0797 |
|
Vulnerability in gimp (CVE-2026-0797)
vulnerability in gimp (CVE-2026-0797). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27134 |
|
Authentication Bypass in apache (CVE-2026-27134)
authentication bypass in apache (CVE-2026-27134). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2635 |
|
Vulnerability in CVE-2026-2635 (CVE-2026-2635)
vulnerability in CVE-2026-2635 (CVE-2026-2635). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2033 |
|
Path Traversal in path-traversal (CVE-2026-2033)
path traversal in path-traversal (CVE-2026-2033). Risk of unauthorized operations or information disclosure.
|
| CVE-2019-25434 |
|
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can...
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to tr...
|
| CVE-2026-2472 |
|
Cross-Site Scripting (XSS) in CVE-2026-2472 (CVE-2026-2472)
cross-site scripting in CVE-2026-2472 (CVE-2026-2472). Confidential information can be exposed externally.
|
| CVE-2026-2818 |
|
Vulnerability in path-traversal (CVE-2026-2818)
vulnerability in path-traversal (CVE-2026-2818). Data can be tampered with by attackers.
|
| CVE-2025-49113 KEV |
|
[KEV] Unsafe Deserialization in Roundcube webmail (CVE-2025-49113)
vulnerability in Roundcube webmail (CVE-2025-49113). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68461 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Roundcube webmail (CVE-2025-68461)
cross-site scripting in Roundcube webmail (CVE-2025-68461). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-26318 |
|
OS Command Injection in systeminformation (CVE-2026-26318)
OS command injection in systeminformation (CVE-2026-26318). Successful exploitation can lead to full system takeover. Exploitable via ``locate``.
|
| CVE-2026-26280 |
|
OS Command Injection in systeminformation (CVE-2026-26280)
OS command injection in systeminformation (CVE-2026-26280). Successful exploitation can lead to full system takeover. Exploitable via ``iface``.
|
| CVE-2026-26278 |
|
Vulnerability in c (CVE-2026-26278)
vulnerability in c (CVE-2026-26278). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26200 |
|
Vulnerability in hdfgroup (CVE-2026-26200)
vulnerability in hdfgroup (CVE-2026-26200). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25940 |
|
Vulnerability in parall (CVE-2026-25940)
vulnerability in parall (CVE-2026-25940). Confidential information can be exposed externally.
|
| CVE-2026-25755 |
|
Code Injection in parall (CVE-2026-25755)
code injection in parall (CVE-2026-25755). Confidential information can be exposed externally. Exploitable via ``addJS``.
|
| CVE-2026-25535 |
|
Vulnerability in dos (CVE-2026-25535)
vulnerability in dos (CVE-2026-25535). Risk of unauthorized operations or information disclosure. Exploitable via ``addImage``.
|
| CVE-2025-9062 |
|
Vulnerability in CVE-2025-9062 (CVE-2025-9062)
vulnerability in CVE-2025-9062 (CVE-2025-9062). Confidential information can be exposed externally.
|
| CVE-2026-0974 |
|
Vulnerability in wordpress (CVE-2026-0974)
vulnerability in wordpress (CVE-2026-0974). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22860 |
|
Path Traversal in rack (CVE-2026-22860)
path traversal in rack (CVE-2026-22860). Confidential information can be exposed externally.
|
| CVE-2026-24708 |
|
Vulnerability in CVE-2026-24708 (CVE-2026-24708)
vulnerability in CVE-2026-24708 (CVE-2026-24708). Data can be tampered with by attackers.
|
| CVE-2025-14009 |
|
Code Injection in nltk (CVE-2025-14009)
code injection in nltk (CVE-2025-14009). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-23230 |
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: split...
In the Linux kernel, the following vulnerability has been resolved:
smb: client: split...
|
| CVE-2026-23222 |
|
Vulnerability in linux (CVE-2026-23222)
vulnerability in linux (CVE-2026-23222). Successful exploitation can lead to full system takeover.
|
| CVE-2025-33240 |
|
Code Injection in nvidia (CVE-2025-33240)
code injection in nvidia (CVE-2025-33240). Successful exploitation can lead to full system takeover.
|
| CVE-2025-33239 |
|
Code Injection in nvidia (CVE-2025-33239)
code injection in nvidia (CVE-2025-33239). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22769 KEV |
|
[KEV] Vulnerability in Dell recoverpoint-for-virtual-machines-rp4vms (CVE-2026-22769)
vulnerability in Dell recoverpoint-for-virtual-machines-rp4vms (CVE-2026-22769). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-22175 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in gitlab (CVE-2021-22175)
SSRF in gitlab (CVE-2021-22175). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24734 |
|
Vulnerability in apache (CVE-2026-24734)
vulnerability in apache (CVE-2026-24734). Data can be tampered with by attackers.
|
| CVE-2025-70397 |
|
SQL Injection in sqli (CVE-2025-70397)
SQL injection in sqli (CVE-2025-70397). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65753 |
|
Vulnerability in CVE-2025-65753 (CVE-2025-65753)
vulnerability in CVE-2025-65753 (CVE-2025-65753). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7631 |
|
SQL Injection in c (CVE-2025-7631)
SQL injection in c (CVE-2025-7631). Risk of unauthorized operations or information disclosure.
|
| CVE-2008-0015 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2008-0015)
vulnerability in Microsoft windows (CVE-2008-0015). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-7694 KEV |
|
[KEV] Unrestricted File Upload in Teamt5 threatsonar-anti-ransomware (CVE-2024-7694)
vulnerability in Teamt5 threatsonar-anti-ransomware (CVE-2024-7694). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-7796 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Synacor zimbra-collaboration-suite (CVE-2020-7796)
SSRF in Synacor zimbra-collaboration-suite (CVE-2020-7796). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-2441 KEV |
|
[KEV] Use-After-Free in Google chromium (CVE-2026-2441)
vulnerability in Google chromium (CVE-2026-2441). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-2447 |
|
Vulnerability in mozilla (CVE-2026-2447)
vulnerability in mozilla (CVE-2026-2447). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23185 |
|
Use-After-Free in linux (CVE-2026-23185)
vulnerability in linux (CVE-2026-23185). Successful exploitation can lead to full system takeover.
|
| CVE-2025-71221 |
|
Vulnerability in linux (CVE-2025-71221)
vulnerability in linux (CVE-2025-71221). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23204 |
|
Out-of-Bounds Read in c (CVE-2026-23204)
vulnerability in c (CVE-2026-23204). Confidential information can be exposed externally.
|
| CVE-2026-23171 |
|
Use-After-Free in c (CVE-2026-23171)
vulnerability in c (CVE-2026-23171). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23111 |
|
Use-After-Free in privilege-escalation (CVE-2026-23111)
vulnerability in privilege-escalation (CVE-2026-23111). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1619 |
|
Vulnerability in uni-yaz (CVE-2026-1619)
vulnerability in uni-yaz (CVE-2026-1619). Confidential information can be exposed externally.
|
| CVE-2025-14349 |
|
Vulnerability in privilege-escalation (CVE-2025-14349)
vulnerability in privilege-escalation (CVE-2025-14349). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1618 |
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc....
Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc....
|
| CVE-2026-1731 KEV |
|
[KEV] OS Command Injection in Beyondtrust remote-support-rs-and-privileged-remote-access-pra (CVE-2026-1731)
OS command injection in Beyondtrust remote-support-rs-and-privileged-remote-access-pra (CVE-2026-1731). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-25949 |
|
Vulnerability in github.com/traefik/traefik/v3 (CVE-2026-25949)
vulnerability in github.com/traefik/traefik/v3 (CVE-2026-25949). Risk of unauthorized operations or information disclosure. Exploitable via ``respondingTimeouts.readTimeout``. Mitigation: upgrade to `3.6.8` or later.
|
| CVE-2025-13002 |
|
Cross-Site Scripting (XSS) in farktor (CVE-2025-13002)
cross-site scripting in farktor (CVE-2025-13002). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2004 |
|
Vulnerability in postgresql (CVE-2026-2004)
vulnerability in postgresql (CVE-2026-2004). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2005 |
|
Vulnerability in postgresql (CVE-2026-2005)
vulnerability in postgresql (CVE-2026-2005). Successful exploitation can lead to full system takeover.
|