Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-2005 |
|
Vulnerability in postgresql (CVE-2026-2005)
vulnerability in postgresql (CVE-2026-2005). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2007 |
|
Vulnerability in privilege-escalation (CVE-2026-2007)
vulnerability in privilege-escalation (CVE-2026-2007). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-40536 KEV |
|
[KEV] Vulnerability in Solarwinds web-help-desk (CVE-2025-40536)
vulnerability in Solarwinds web-help-desk (CVE-2025-40536). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-15556 KEV |
|
[KEV] Vulnerability in Notepad++ notepad (CVE-2025-15556)
vulnerability in Notepad++ notepad (CVE-2025-15556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-43468 KEV |
|
[KEV] SQL Injection in Microsoft configuration-manager (CVE-2024-43468)
SQL injection in Microsoft configuration-manager (CVE-2024-43468). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20700 KEV |
|
[KEV] Buffer Overflow in Apple multiple-products (CVE-2026-20700)
vulnerability in Apple multiple-products (CVE-2026-20700). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1669 |
|
Vulnerability in keras (CVE-2026-1669)
vulnerability in keras (CVE-2026-1669). Confidential information can be exposed externally.
|
| CVE-2026-26158 |
|
Vulnerability in privilege-escalation (CVE-2026-26158)
vulnerability in privilege-escalation (CVE-2026-26158). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26157 |
|
Vulnerability in CVE-2026-26157 (CVE-2026-26157)
vulnerability in CVE-2026-26157 (CVE-2026-26157). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25990 |
|
Out-of-Bounds Write in pillow (CVE-2026-25990)
out-of-bounds write in pillow (CVE-2026-25990). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `12.1.1` or later.
|
| CVE-2020-37208 |
|
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste i...
SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.
|
| CVE-2020-37212 |
|
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste...
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
|
| CVE-2020-37211 |
|
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character...
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
|
| CVE-2020-37210 |
|
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste i...
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
|
| CVE-2020-37209 |
|
Vulnerability in dos (CVE-2020-37209)
vulnerability in dos (CVE-2020-37209). Confidential information can be exposed externally.
|
| CVE-2020-37206 |
|
Vulnerability in dos (CVE-2020-37206)
vulnerability in dos (CVE-2020-37206). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37205 |
|
Vulnerability in dos (CVE-2020-37205)
vulnerability in dos (CVE-2020-37205). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37204 |
|
Vulnerability in dos (CVE-2020-37204)
vulnerability in dos (CVE-2020-37204). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37207 |
|
Vulnerability in dos (CVE-2020-37207)
vulnerability in dos (CVE-2020-37207). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37199 |
|
Vulnerability in dos (CVE-2020-37199)
vulnerability in dos (CVE-2020-37199). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37197 |
|
Vulnerability in dos (CVE-2020-37197)
vulnerability in dos (CVE-2020-37197). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37196 |
|
Vulnerability in dos (CVE-2020-37196)
vulnerability in dos (CVE-2020-37196). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37201 |
|
Vulnerability in nsasoft (CVE-2020-37201)
vulnerability in nsasoft (CVE-2020-37201). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37200 |
|
Vulnerability in nsasoft (CVE-2020-37200)
vulnerability in nsasoft (CVE-2020-37200). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1837 |
|
Vulnerability in libjxl-project (CVE-2026-1837)
vulnerability in libjxl-project (CVE-2026-1837). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65480 |
|
OS Command Injection in CVE-2025-65480 (CVE-2025-65480)
OS command injection in CVE-2025-65480 (CVE-2025-65480). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10174 |
|
Vulnerability in CVE-2025-10174 (CVE-2025-10174)
vulnerability in CVE-2025-10174 (CVE-2025-10174). Confidential information can be exposed externally.
|
| CVE-2025-9986 |
|
Vulnerability in CVE-2025-9986 (CVE-2025-9986)
vulnerability in CVE-2025-9986 (CVE-2025-9986). Confidential information can be exposed externally.
|
| CVE-2025-10913 |
|
Cross-Site Scripting (XSS) in CVE-2025-10913 (CVE-2025-10913)
cross-site scripting in CVE-2025-10913 (CVE-2025-10913). Data can be tampered with by attackers.
|
| CVE-2026-25506 |
|
Out-of-Bounds Write in opensuse (CVE-2026-25506)
out-of-bounds write in opensuse (CVE-2026-25506). Confidential information can be exposed externally. Mitigation: upgrade to `0.5.18` or later.
|
| CVE-2025-35998 |
|
Vulnerability in CVE-2025-35998 (CVE-2025-35998)
vulnerability in CVE-2025-35998 (CVE-2025-35998). Confidential information can be exposed externally.
|
| CVE-2026-25646 |
|
Vulnerability in libpng (CVE-2026-25646)
vulnerability in libpng (CVE-2026-25646). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.6.55` or later.
|
| CVE-2025-7347 |
|
Vulnerability in CVE-2025-7347 (CVE-2025-7347)
vulnerability in CVE-2025-7347 (CVE-2025-7347). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7636 |
|
SQL Injection in sqli (CVE-2025-7636)
SQL injection in sqli (CVE-2025-7636). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6967 |
|
Vulnerability in CVE-2025-6967 (CVE-2025-6967)
vulnerability in CVE-2025-6967 (CVE-2025-6967). Confidential information can be exposed externally.
|
| CVE-2026-23687 |
|
Vulnerability in sap (CVE-2026-23687)
vulnerability in sap (CVE-2026-23687). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21513 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2026-21513)
vulnerability in Microsoft windows (CVE-2026-21513). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21525 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2026-21525)
vulnerability in Microsoft windows (CVE-2026-21525). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21510 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2026-21510)
vulnerability in Microsoft windows (CVE-2026-21510). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21514 KEV |
|
[KEV] Vulnerability in Microsoft office (CVE-2026-21514)
vulnerability in Microsoft office (CVE-2026-21514). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21519 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2026-21519)
vulnerability in Microsoft windows (CVE-2026-21519). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21533 KEV |
|
[KEV] Privilege Escalation in Microsoft windows (CVE-2026-21533)
vulnerability in Microsoft windows (CVE-2026-21533). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1529 |
|
Vulnerability in CVE-2026-1529 (CVE-2026-1529)
vulnerability in CVE-2026-1529 (CVE-2026-1529). Confidential information can be exposed externally.
|
| CVE-2026-1486 |
|
Vulnerability in CVE-2026-1486 (CVE-2026-1486)
vulnerability in CVE-2026-1486 (CVE-2026-1486). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24678 |
|
Use-After-Free in freerdp (CVE-2026-24678)
vulnerability in freerdp (CVE-2026-24678). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.22.0` or later.
|
| CVE-2026-25639 |
|
Vulnerability in axios (CVE-2026-25639)
vulnerability in axios (CVE-2026-25639). Risk of unauthorized operations or information disclosure. Exploitable via ``mergeConfig``. Mitigation: upgrade to `0.30.3` or later.
|
| CVE-2025-10465 |
|
Unrestricted File Upload in CVE-2025-10465 (CVE-2025-10465)
vulnerability in CVE-2025-10465 (CVE-2025-10465). Successful exploitation can lead to full system takeover.
|
| CVE-2025-10463 |
|
Authentication Bypass in CVE-2025-10463 (CVE-2025-10463)
authentication bypass in CVE-2025-10463 (CVE-2025-10463). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7799 |
|
Cross-Site Scripting (XSS) in CVE-2025-7799 (CVE-2025-7799)
cross-site scripting in CVE-2025-7799 (CVE-2025-7799). Data can be tampered with by attackers.
|
| CVE-2026-25580 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-25580)
SSRF in ssrf (CVE-2026-25580). Confidential information can be exposed externally. Mitigation: upgrade to `1.56.0` or later.
|