Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-61731 |
|
Vulnerability in toolchain (CVE-2025-61731)
vulnerability in toolchain (CVE-2025-61731). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
|
| CVE-2025-71000 |
|
Vulnerability in dos (CVE-2025-71000)
vulnerability in dos (CVE-2025-71000). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-70999 |
|
Vulnerability in dos (CVE-2025-70999)
vulnerability in dos (CVE-2025-70999). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65891 |
|
Vulnerability in dos (CVE-2025-65891)
vulnerability in dos (CVE-2025-65891). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65888 |
|
Vulnerability in dos (CVE-2025-65888)
vulnerability in dos (CVE-2025-65888). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65889 |
|
Vulnerability in dos (CVE-2025-65889)
vulnerability in dos (CVE-2025-65889). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65886 |
|
Vulnerability in dos (CVE-2025-65886)
vulnerability in dos (CVE-2025-65886). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65890 |
|
Vulnerability in dos (CVE-2025-65890)
vulnerability in dos (CVE-2025-65890). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-57283 |
|
Code Injection in browserstack (CVE-2025-57283)
code injection in browserstack (CVE-2025-57283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24842 |
|
Path Traversal in path-traversal (CVE-2026-24842)
path traversal in path-traversal (CVE-2026-24842). Confidential information can be exposed externally.
|
| CVE-2026-24779 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24779)
SSRF in ssrf (CVE-2026-24779). Confidential information can be exposed externally. Exploitable via ``MediaConnector``.
|
| CVE-2026-24747 |
|
Code Injection in linuxfoundation (CVE-2026-24747)
code injection in linuxfoundation (CVE-2026-24747). Successful exploitation can lead to full system takeover. Exploitable via ``weights_only``.
|
| CVE-2026-24882 |
|
Vulnerability in gnupg (CVE-2026-24882)
vulnerability in gnupg (CVE-2026-24882). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24881 |
|
Vulnerability in dos (CVE-2026-24881)
vulnerability in dos (CVE-2026-24881). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24869 |
|
Use-After-Free in mozilla (CVE-2026-24869)
vulnerability in mozilla (CVE-2026-24869). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69419 |
|
Out-of-Bounds Write in dos (CVE-2025-69419)
out-of-bounds write in dos (CVE-2025-69419). Confidential information can be exposed externally.
|
| CVE-2025-69420 |
|
Vulnerability in dos (CVE-2025-69420)
vulnerability in dos (CVE-2025-69420). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69421 |
|
Vulnerability in dos (CVE-2025-69421)
vulnerability in dos (CVE-2025-69421). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-15467 |
|
Out-of-Bounds Write in cisa (CVE-2025-15467)
out-of-bounds write in cisa (CVE-2025-15467). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21721 |
|
Authorization Flaw in privilege-escalation (CVE-2026-21721)
vulnerability in privilege-escalation (CVE-2026-21721). Confidential information can be exposed externally.
|
| CVE-2026-21720 |
|
Vulnerability in grafana (CVE-2026-21720)
vulnerability in grafana (CVE-2026-21720). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-24486 |
|
Path Traversal in path-traversal (CVE-2026-24486)
path traversal in path-traversal (CVE-2026-24486). Data can be tampered with by attackers. Exploitable via ``UPLOAD_DIR``.
|
| CVE-2025-14459 |
|
Vulnerability in CVE-2025-14459 (CVE-2025-14459)
vulnerability in CVE-2025-14459 (CVE-2025-14459). Confidential information can be exposed externally.
|
| CVE-2026-23864 |
|
Vulnerability in react (CVE-2026-23864)
vulnerability in react (CVE-2026-23864). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-14634 KEV |
|
[KEV] Vulnerability in Linux kernel (CVE-2018-14634)
vulnerability in Linux kernel (CVE-2018-14634). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-52691 KEV |
|
[KEV] Unrestricted File Upload in Smartertools smartermail (CVE-2025-52691)
vulnerability in Smartertools smartermail (CVE-2025-52691). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-23760 KEV |
|
[KEV] Vulnerability in Smartertools smartermail (CVE-2026-23760)
vulnerability in Smartertools smartermail (CVE-2026-23760). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24061 KEV |
|
[KEV] Vulnerability in Gnu inetutils (CVE-2026-24061)
vulnerability in Gnu inetutils (CVE-2026-24061). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-21509 KEV |
|
[KEV] Vulnerability in Microsoft office (CVE-2026-21509)
vulnerability in Microsoft office (CVE-2026-21509). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-52026 |
|
Information Disclosure in aptsys (CVE-2025-52026)
vulnerability in aptsys (CVE-2025-52026). Confidential information can be exposed externally.
|
| CVE-2025-67264 |
|
OS Command Injection in doogee (CVE-2025-67264)
OS command injection in doogee (CVE-2025-67264). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0994 |
|
Vulnerability in protobuf (CVE-2026-0994)
vulnerability in protobuf (CVE-2026-0994). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.29.6` or later.
|
| CVE-2026-0603 |
|
SQL Injection in sqli (CVE-2026-0603)
SQL injection in sqli (CVE-2026-0603). Confidential information can be exposed externally.
|
| CVE-2025-15059 |
|
Vulnerability in gimp (CVE-2025-15059)
vulnerability in gimp (CVE-2025-15059). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0775 |
|
Vulnerability in privilege-escalation (CVE-2026-0775)
vulnerability in privilege-escalation (CVE-2026-0775). Successful exploitation can lead to full system takeover.
|
| CVE-2024-37079 KEV |
|
[KEV] Out-of-Bounds Write in Broadcom vmware-vcenter-server (CVE-2024-37079)
out-of-bounds write in Broadcom vmware-vcenter-server (CVE-2024-37079). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20736 |
|
Vulnerability in gitea (CVE-2026-20736)
vulnerability in gitea (CVE-2026-20736). Data can be tampered with by attackers.
|
| CVE-2026-1260 |
|
Buffer Overflow in google (CVE-2026-1260)
vulnerability in google (CVE-2026-1260). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0535 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0535)
cross-site scripting in autodesk (CVE-2026-0535). Confidential information can be exposed externally.
|
| CVE-2026-0534 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0534)
cross-site scripting in autodesk (CVE-2026-0534). Confidential information can be exposed externally.
|
| CVE-2026-0533 |
|
Cross-Site Scripting (XSS) in autodesk (CVE-2026-0533)
cross-site scripting in autodesk (CVE-2026-0533). Confidential information can be exposed externally.
|
| CVE-2025-56589 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-56589)
SSRF in ssrf (CVE-2025-56589). Confidential information can be exposed externally.
|
| CVE-2025-10855 |
|
Vulnerability in CVE-2025-10855 (CVE-2025-10855)
vulnerability in CVE-2025-10855 (CVE-2025-10855). Confidential information can be exposed externally.
|
| CVE-2025-10856 |
|
Unrestricted File Upload in CVE-2025-10856 (CVE-2025-10856)
vulnerability in CVE-2025-10856 (CVE-2025-10856). Confidential information can be exposed externally.
|
| CVE-2025-10024 |
|
Vulnerability in CVE-2025-10024 (CVE-2025-10024)
vulnerability in CVE-2025-10024 (CVE-2025-10024). Confidential information can be exposed externally.
|
| CVE-2025-4764 |
|
SQL Injection in sqli (CVE-2025-4764)
SQL injection in sqli (CVE-2025-4764). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24049 |
|
Path Traversal in privilege-escalation (CVE-2026-24049)
path traversal in privilege-escalation (CVE-2026-24049). Data can be tampered with by attackers.
|
| CVE-2026-24001 |
|
Vulnerability in kpdecker (CVE-2026-24001)
vulnerability in kpdecker (CVE-2026-24001). Risk of unauthorized operations or information disclosure. Exploitable via ``parsePatch``.
|
| CVE-2025-68645 KEV |
|
[KEV] Vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34026 KEV |
|
[KEV] Vulnerability in Versa concerto (CVE-2025-34026)
vulnerability in Versa concerto (CVE-2025-34026). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|