Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-25640 |
|
Path Traversal in path-traversal (CVE-2026-25640)
path traversal in path-traversal (CVE-2026-25640). Confidential information can be exposed externally. Mitigation: upgrade to `1.51.0` or later.
|
| CVE-2019-25293 |
|
Vulnerability in c (CVE-2019-25293)
vulnerability in c (CVE-2019-25293). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61732 |
|
Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
|
| CVE-2025-11953 KEV |
|
[KEV] OS Command Injection in React native community react-native-community (CVE-2025-11953)
OS command injection in React native community react-native-community (CVE-2025-11953). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24423 KEV |
|
[KEV] Vulnerability in Smartertools smartermail (CVE-2026-24423)
vulnerability in Smartertools smartermail (CVE-2026-24423). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-25521 |
|
Vulnerability in locutus (CVE-2026-25521)
vulnerability in locutus (CVE-2026-25521). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25536 |
|
Vulnerability in lfprojects (CVE-2026-25536)
vulnerability in lfprojects (CVE-2026-25536). Confidential information can be exposed externally.
|
| CVE-2026-23074 |
|
Use-After-Free in linux (CVE-2026-23074)
vulnerability in linux (CVE-2026-23074). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23099 |
|
Out-of-Bounds Read in c (CVE-2026-23099)
vulnerability in c (CVE-2026-23099). Confidential information can be exposed externally.
|
| CVE-2026-23066 |
|
Vulnerability in linux (CVE-2026-23066)
vulnerability in linux (CVE-2026-23066). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0537 |
|
Out-of-Bounds Write in autodesk (CVE-2026-0537)
out-of-bounds write in autodesk (CVE-2026-0537). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0661 |
|
Out-of-Bounds Write in autodesk (CVE-2026-0661)
out-of-bounds write in autodesk (CVE-2026-0661). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0660 |
|
Vulnerability in autodesk (CVE-2026-0660)
vulnerability in autodesk (CVE-2026-0660). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0538 |
|
Out-of-Bounds Write in autodesk (CVE-2026-0538)
out-of-bounds write in autodesk (CVE-2026-0538). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1819 |
|
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
|
| CVE-2025-69621 |
|
Path Traversal in CVE-2025-69621 (CVE-2025-69621)
path traversal in CVE-2025-69621 (CVE-2025-69621). Confidential information can be exposed externally.
|
| CVE-2020-37094 |
|
Vulnerability in espocrm (CVE-2020-37094)
vulnerability in espocrm (CVE-2020-37094). Confidential information can be exposed externally. Exploitable via `Authorization header`.
|
| CVE-2026-25223 |
|
Vulnerability in fastify (CVE-2026-25223)
vulnerability in fastify (CVE-2026-25223). Data can be tampered with by attackers.
|
| CVE-2025-6397 |
|
Cross-Site Scripting (XSS) in CVE-2025-6397 (CVE-2025-6397)
cross-site scripting in CVE-2025-6397 (CVE-2025-6397). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7760 |
|
Cross-Site Scripting (XSS) in CVE-2025-7760 (CVE-2025-7760)
cross-site scripting in CVE-2025-7760 (CVE-2025-7760). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8456 |
|
Cross-Site Scripting (XSS) in CVE-2025-8456 (CVE-2025-8456)
cross-site scripting in CVE-2025-8456 (CVE-2025-8456). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8461 |
|
Cross-Site Scripting (XSS) in CVE-2025-8461 (CVE-2025-8461)
cross-site scripting in CVE-2025-8461 (CVE-2025-8461). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-8590 |
|
Information Disclosure in CVE-2025-8590 (CVE-2025-8590)
vulnerability in CVE-2025-8590 (CVE-2025-8590). Confidential information can be exposed externally.
|
| CVE-2025-8589 |
|
Cross-Site Scripting (XSS) in CVE-2025-8589 (CVE-2025-8589)
cross-site scripting in CVE-2025-8589 (CVE-2025-8589). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22550 |
|
OS Command Injection in elecom (CVE-2026-22550)
OS command injection in elecom (CVE-2026-22550). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64328 KEV |
|
[KEV] OS Command Injection in Sangoma freepbx (CVE-2025-64328)
OS command injection in Sangoma freepbx (CVE-2025-64328). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2021-39935 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Gitlab community-and-enterprise-editions (CVE-2021-39935)
SSRF in Gitlab community-and-enterprise-editions (CVE-2021-39935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-40551 KEV |
|
[KEV] Unsafe Deserialization in Solarwinds web-help-desk (CVE-2025-40551)
vulnerability in Solarwinds web-help-desk (CVE-2025-40551). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24737 |
|
Vulnerability in parall (CVE-2026-24737)
vulnerability in parall (CVE-2026-24737). Confidential information can be exposed externally.
|
| CVE-2026-24051 |
|
Vulnerability in opentelemetry (CVE-2026-24051)
vulnerability in opentelemetry (CVE-2026-24051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22226 |
|
OS Command Injection in tp-link (CVE-2026-22226)
OS command injection in tp-link (CVE-2026-22226). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1761 |
|
Vulnerability in CVE-2026-1761 (CVE-2026-1761)
vulnerability in CVE-2026-1761 (CVE-2026-1761). Data can be tampered with by attackers.
|
| CVE-2025-8587 |
|
SQL Injection in sqli (CVE-2025-8587)
SQL injection in sqli (CVE-2025-8587). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-1530 |
|
Vulnerability in CVE-2026-1530 (CVE-2026-1530)
vulnerability in CVE-2026-1530 (CVE-2026-1530). Confidential information can be exposed externally.
|
| CVE-2026-1531 |
|
Vulnerability in CVE-2026-1531 (CVE-2026-1531)
vulnerability in CVE-2026-1531 (CVE-2026-1531). Confidential information can be exposed externally.
|
| CVE-2026-23025 |
|
Vulnerability in c (CVE-2026-23025)
vulnerability in c (CVE-2026-23025). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25153 |
|
Code Injection in linuxfoundation (CVE-2026-25153)
code injection in linuxfoundation (CVE-2026-25153). Confidential information can be exposed externally. Exploitable via ``hooks``.
|
| CVE-2025-24293 |
|
Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
|
| CVE-2025-4686 |
|
SQL Injection in sqli (CVE-2025-4686)
SQL injection in sqli (CVE-2025-4686). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-4027 |
|
Vulnerability in dos (CVE-2024-4027)
vulnerability in dos (CVE-2024-4027). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-1395 |
|
Vulnerability in CVE-2025-1395 (CVE-2025-1395)
vulnerability in CVE-2025-1395 (CVE-2025-1395). Confidential information can be exposed externally.
|
| CVE-2025-69604 |
|
Vulnerability in shirt-pocket (CVE-2025-69604)
vulnerability in shirt-pocket (CVE-2025-69604). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7713 |
|
Cross-Site Scripting (XSS) in globalmedya (CVE-2025-7713)
cross-site scripting in globalmedya (CVE-2025-7713). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7714 |
|
SQL Injection in sqli (CVE-2025-7714)
SQL injection in sqli (CVE-2025-7714). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37011 |
|
Out-of-Bounds Write in CVE-2020-37011 (CVE-2020-37011)
out-of-bounds write in CVE-2020-37011 (CVE-2020-37011). Risk of unauthorized operations or information disclosure.
|
| CVE-2020-37015 |
|
Path Traversal in path-traversal (CVE-2020-37015)
path traversal in path-traversal (CVE-2020-37015). Confidential information can be exposed externally.
|
| CVE-2020-37004 |
|
SQL Injection in sqli (CVE-2020-37004)
SQL injection in sqli (CVE-2020-37004). Confidential information can be exposed externally.
|
| CVE-2025-7016 |
|
Vulnerability in akinsoft (CVE-2025-7016)
vulnerability in akinsoft (CVE-2025-7016). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1281 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61726 |
|
Vulnerability in stdlib (CVE-2025-61726)
vulnerability in stdlib (CVE-2025-61726). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|