Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2026-25640 Path Traversal in path-traversal (CVE-2026-25640)
path traversal in path-traversal (CVE-2026-25640). Confidential information can be exposed externally. Mitigation: upgrade to `1.51.0` or later.
CVE-2019-25293 Vulnerability in c (CVE-2019-25293)
vulnerability in c (CVE-2019-25293). Successful exploitation can lead to full system takeover.
CVE-2025-61732 Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
CVE-2025-11953 KEV [KEV] OS Command Injection in React native community react-native-community (CVE-2025-11953)
OS command injection in React native community react-native-community (CVE-2025-11953). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-24423 KEV [KEV] Vulnerability in Smartertools smartermail (CVE-2026-24423)
vulnerability in Smartertools smartermail (CVE-2026-24423). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-25521 Vulnerability in locutus (CVE-2026-25521)
vulnerability in locutus (CVE-2026-25521). Successful exploitation can lead to full system takeover.
CVE-2026-25536 Vulnerability in lfprojects (CVE-2026-25536)
vulnerability in lfprojects (CVE-2026-25536). Confidential information can be exposed externally.
CVE-2026-23074 Use-After-Free in linux (CVE-2026-23074)
vulnerability in linux (CVE-2026-23074). Successful exploitation can lead to full system takeover.
CVE-2026-23099 Out-of-Bounds Read in c (CVE-2026-23099)
vulnerability in c (CVE-2026-23099). Confidential information can be exposed externally.
CVE-2026-23066 Vulnerability in linux (CVE-2026-23066)
vulnerability in linux (CVE-2026-23066). Successful exploitation can lead to full system takeover.
CVE-2026-0537 Out-of-Bounds Write in autodesk (CVE-2026-0537)
out-of-bounds write in autodesk (CVE-2026-0537). Successful exploitation can lead to full system takeover.
CVE-2026-0661 Out-of-Bounds Write in autodesk (CVE-2026-0661)
out-of-bounds write in autodesk (CVE-2026-0661). Successful exploitation can lead to full system takeover.
CVE-2026-0660 Vulnerability in autodesk (CVE-2026-0660)
vulnerability in autodesk (CVE-2026-0660). Successful exploitation can lead to full system takeover.
CVE-2026-0538 Out-of-Bounds Write in autodesk (CVE-2026-0538)
out-of-bounds write in autodesk (CVE-2026-0538). Successful exploitation can lead to full system takeover.
CVE-2026-1819 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
CVE-2025-69621 Path Traversal in CVE-2025-69621 (CVE-2025-69621)
path traversal in CVE-2025-69621 (CVE-2025-69621). Confidential information can be exposed externally.
CVE-2020-37094 Vulnerability in espocrm (CVE-2020-37094)
vulnerability in espocrm (CVE-2020-37094). Confidential information can be exposed externally. Exploitable via `Authorization header`.
CVE-2026-25223 Vulnerability in fastify (CVE-2026-25223)
vulnerability in fastify (CVE-2026-25223). Data can be tampered with by attackers.
CVE-2025-6397 Cross-Site Scripting (XSS) in CVE-2025-6397 (CVE-2025-6397)
cross-site scripting in CVE-2025-6397 (CVE-2025-6397). Risk of unauthorized operations or information disclosure.
CVE-2025-7760 Cross-Site Scripting (XSS) in CVE-2025-7760 (CVE-2025-7760)
cross-site scripting in CVE-2025-7760 (CVE-2025-7760). Risk of unauthorized operations or information disclosure.
CVE-2025-8456 Cross-Site Scripting (XSS) in CVE-2025-8456 (CVE-2025-8456)
cross-site scripting in CVE-2025-8456 (CVE-2025-8456). Risk of unauthorized operations or information disclosure.
CVE-2025-8461 Cross-Site Scripting (XSS) in CVE-2025-8461 (CVE-2025-8461)
cross-site scripting in CVE-2025-8461 (CVE-2025-8461). Risk of unauthorized operations or information disclosure.
CVE-2025-8590 Information Disclosure in CVE-2025-8590 (CVE-2025-8590)
vulnerability in CVE-2025-8590 (CVE-2025-8590). Confidential information can be exposed externally.
CVE-2025-8589 Cross-Site Scripting (XSS) in CVE-2025-8589 (CVE-2025-8589)
cross-site scripting in CVE-2025-8589 (CVE-2025-8589). Risk of unauthorized operations or information disclosure.
CVE-2026-22550 OS Command Injection in elecom (CVE-2026-22550)
OS command injection in elecom (CVE-2026-22550). Successful exploitation can lead to full system takeover.
CVE-2025-64328 KEV [KEV] OS Command Injection in Sangoma freepbx (CVE-2025-64328)
OS command injection in Sangoma freepbx (CVE-2025-64328). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2021-39935 KEV [KEV] SSRF (Server-Side Request Forgery) in Gitlab community-and-enterprise-editions (CVE-2021-39935)
SSRF in Gitlab community-and-enterprise-editions (CVE-2021-39935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-40551 KEV [KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-40551)
vulnerability in Solarwinds web-help-desk (CVE-2025-40551). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-24737 Vulnerability in parall (CVE-2026-24737)
vulnerability in parall (CVE-2026-24737). Confidential information can be exposed externally.
CVE-2026-24051 Vulnerability in opentelemetry (CVE-2026-24051)
vulnerability in opentelemetry (CVE-2026-24051). Successful exploitation can lead to full system takeover.
CVE-2026-22226 OS Command Injection in tp-link (CVE-2026-22226)
OS command injection in tp-link (CVE-2026-22226). Successful exploitation can lead to full system takeover.
CVE-2026-1761 Vulnerability in CVE-2026-1761 (CVE-2026-1761)
vulnerability in CVE-2026-1761 (CVE-2026-1761). Data can be tampered with by attackers.
CVE-2025-8587 SQL Injection in sqli (CVE-2025-8587)
SQL injection in sqli (CVE-2025-8587). Risk of unauthorized operations or information disclosure.
CVE-2026-1530 Vulnerability in CVE-2026-1530 (CVE-2026-1530)
vulnerability in CVE-2026-1530 (CVE-2026-1530). Confidential information can be exposed externally.
CVE-2026-1531 Vulnerability in CVE-2026-1531 (CVE-2026-1531)
vulnerability in CVE-2026-1531 (CVE-2026-1531). Confidential information can be exposed externally.
CVE-2026-23025 Vulnerability in c (CVE-2026-23025)
vulnerability in c (CVE-2026-23025). Successful exploitation can lead to full system takeover.
CVE-2026-25153 Code Injection in linuxfoundation (CVE-2026-25153)
code injection in linuxfoundation (CVE-2026-25153). Confidential information can be exposed externally. Exploitable via ``hooks``.
CVE-2025-24293 Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
CVE-2025-4686 SQL Injection in sqli (CVE-2025-4686)
SQL injection in sqli (CVE-2025-4686). Risk of unauthorized operations or information disclosure.
CVE-2024-4027 Vulnerability in dos (CVE-2024-4027)
vulnerability in dos (CVE-2024-4027). Risk of unauthorized operations or information disclosure.
CVE-2025-1395 Vulnerability in CVE-2025-1395 (CVE-2025-1395)
vulnerability in CVE-2025-1395 (CVE-2025-1395). Confidential information can be exposed externally.
CVE-2025-69604 Vulnerability in shirt-pocket (CVE-2025-69604)
vulnerability in shirt-pocket (CVE-2025-69604). Successful exploitation can lead to full system takeover.
CVE-2025-7713 Cross-Site Scripting (XSS) in globalmedya (CVE-2025-7713)
cross-site scripting in globalmedya (CVE-2025-7713). Risk of unauthorized operations or information disclosure.
CVE-2025-7714 SQL Injection in sqli (CVE-2025-7714)
SQL injection in sqli (CVE-2025-7714). Risk of unauthorized operations or information disclosure.
CVE-2020-37011 Out-of-Bounds Write in CVE-2020-37011 (CVE-2020-37011)
out-of-bounds write in CVE-2020-37011 (CVE-2020-37011). Risk of unauthorized operations or information disclosure.
CVE-2020-37015 Path Traversal in path-traversal (CVE-2020-37015)
path traversal in path-traversal (CVE-2020-37015). Confidential information can be exposed externally.
CVE-2020-37004 SQL Injection in sqli (CVE-2020-37004)
SQL injection in sqli (CVE-2020-37004). Confidential information can be exposed externally.
CVE-2025-7016 Vulnerability in akinsoft (CVE-2025-7016)
vulnerability in akinsoft (CVE-2025-7016). Successful exploitation can lead to full system takeover.
CVE-2026-1281 KEV [KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-61726 Vulnerability in stdlib (CVE-2025-61726)
vulnerability in stdlib (CVE-2025-61726). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.12, 1.25.6` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →