Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2025-61731 Vulnerability in toolchain (CVE-2025-61731)
vulnerability in toolchain (CVE-2025-61731). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.12, 1.25.6` or later.
CVE-2025-71000 Vulnerability in dos (CVE-2025-71000)
vulnerability in dos (CVE-2025-71000). Risk of unauthorized operations or information disclosure.
CVE-2025-70999 Vulnerability in dos (CVE-2025-70999)
vulnerability in dos (CVE-2025-70999). Risk of unauthorized operations or information disclosure.
CVE-2025-65891 Vulnerability in dos (CVE-2025-65891)
vulnerability in dos (CVE-2025-65891). Risk of unauthorized operations or information disclosure.
CVE-2025-65888 Vulnerability in dos (CVE-2025-65888)
vulnerability in dos (CVE-2025-65888). Risk of unauthorized operations or information disclosure.
CVE-2025-65889 Vulnerability in dos (CVE-2025-65889)
vulnerability in dos (CVE-2025-65889). Risk of unauthorized operations or information disclosure.
CVE-2025-65886 Vulnerability in dos (CVE-2025-65886)
vulnerability in dos (CVE-2025-65886). Risk of unauthorized operations or information disclosure.
CVE-2025-65890 Vulnerability in dos (CVE-2025-65890)
vulnerability in dos (CVE-2025-65890). Risk of unauthorized operations or information disclosure.
CVE-2025-57283 Code Injection in browserstack (CVE-2025-57283)
code injection in browserstack (CVE-2025-57283). Successful exploitation can lead to full system takeover.
CVE-2026-24842 Path Traversal in path-traversal (CVE-2026-24842)
path traversal in path-traversal (CVE-2026-24842). Confidential information can be exposed externally.
CVE-2026-24779 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-24779)
SSRF in ssrf (CVE-2026-24779). Confidential information can be exposed externally. Exploitable via ``MediaConnector``.
CVE-2026-24747 Code Injection in linuxfoundation (CVE-2026-24747)
code injection in linuxfoundation (CVE-2026-24747). Successful exploitation can lead to full system takeover. Exploitable via ``weights_only``.
CVE-2026-24882 Vulnerability in gnupg (CVE-2026-24882)
vulnerability in gnupg (CVE-2026-24882). Successful exploitation can lead to full system takeover.
CVE-2026-24881 Vulnerability in dos (CVE-2026-24881)
vulnerability in dos (CVE-2026-24881). Successful exploitation can lead to full system takeover.
CVE-2026-24869 Use-After-Free in mozilla (CVE-2026-24869)
vulnerability in mozilla (CVE-2026-24869). Successful exploitation can lead to full system takeover.
CVE-2025-69419 Out-of-Bounds Write in dos (CVE-2025-69419)
out-of-bounds write in dos (CVE-2025-69419). Confidential information can be exposed externally.
CVE-2025-69420 Vulnerability in dos (CVE-2025-69420)
vulnerability in dos (CVE-2025-69420). Risk of unauthorized operations or information disclosure.
CVE-2025-69421 Vulnerability in dos (CVE-2025-69421)
vulnerability in dos (CVE-2025-69421). Risk of unauthorized operations or information disclosure.
CVE-2025-15467 Out-of-Bounds Write in cisa (CVE-2025-15467)
out-of-bounds write in cisa (CVE-2025-15467). Successful exploitation can lead to full system takeover.
CVE-2026-21721 Authorization Flaw in privilege-escalation (CVE-2026-21721)
vulnerability in privilege-escalation (CVE-2026-21721). Confidential information can be exposed externally.
CVE-2026-21720 Vulnerability in grafana (CVE-2026-21720)
vulnerability in grafana (CVE-2026-21720). Risk of unauthorized operations or information disclosure.
CVE-2026-24486 Path Traversal in path-traversal (CVE-2026-24486)
path traversal in path-traversal (CVE-2026-24486). Data can be tampered with by attackers. Exploitable via ``UPLOAD_DIR``.
CVE-2025-14459 Vulnerability in CVE-2025-14459 (CVE-2025-14459)
vulnerability in CVE-2025-14459 (CVE-2025-14459). Confidential information can be exposed externally.
CVE-2026-23864 Vulnerability in react (CVE-2026-23864)
vulnerability in react (CVE-2026-23864). Risk of unauthorized operations or information disclosure.
CVE-2018-14634 KEV [KEV] Vulnerability in Linux kernel (CVE-2018-14634)
vulnerability in Linux kernel (CVE-2018-14634). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-52691 KEV [KEV] Unrestricted File Upload in Smartertools smartermail (CVE-2025-52691)
vulnerability in Smartertools smartermail (CVE-2025-52691). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-23760 KEV [KEV] Vulnerability in Smartertools smartermail (CVE-2026-23760)
vulnerability in Smartertools smartermail (CVE-2026-23760). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-24061 KEV [KEV] Vulnerability in Gnu inetutils (CVE-2026-24061)
vulnerability in Gnu inetutils (CVE-2026-24061). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-21509 KEV [KEV] Vulnerability in Microsoft office (CVE-2026-21509)
vulnerability in Microsoft office (CVE-2026-21509). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
CVE-2025-52026 Information Disclosure in aptsys (CVE-2025-52026)
vulnerability in aptsys (CVE-2025-52026). Confidential information can be exposed externally.
CVE-2025-67264 OS Command Injection in doogee (CVE-2025-67264)
OS command injection in doogee (CVE-2025-67264). Successful exploitation can lead to full system takeover.
CVE-2026-0994 Vulnerability in protobuf (CVE-2026-0994)
vulnerability in protobuf (CVE-2026-0994). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.29.6` or later.
CVE-2026-0603 SQL Injection in sqli (CVE-2026-0603)
SQL injection in sqli (CVE-2026-0603). Confidential information can be exposed externally.
CVE-2025-15059 Vulnerability in gimp (CVE-2025-15059)
vulnerability in gimp (CVE-2025-15059). Successful exploitation can lead to full system takeover.
CVE-2026-0775 Vulnerability in privilege-escalation (CVE-2026-0775)
vulnerability in privilege-escalation (CVE-2026-0775). Successful exploitation can lead to full system takeover.
CVE-2024-37079 KEV [KEV] Out-of-Bounds Write in Broadcom vmware-vcenter-server (CVE-2024-37079)
out-of-bounds write in Broadcom vmware-vcenter-server (CVE-2024-37079). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-20736 Vulnerability in gitea (CVE-2026-20736)
vulnerability in gitea (CVE-2026-20736). Data can be tampered with by attackers.
CVE-2026-1260 Buffer Overflow in google (CVE-2026-1260)
vulnerability in google (CVE-2026-1260). Successful exploitation can lead to full system takeover.
CVE-2026-0535 Cross-Site Scripting (XSS) in autodesk (CVE-2026-0535)
cross-site scripting in autodesk (CVE-2026-0535). Confidential information can be exposed externally.
CVE-2026-0534 Cross-Site Scripting (XSS) in autodesk (CVE-2026-0534)
cross-site scripting in autodesk (CVE-2026-0534). Confidential information can be exposed externally.
CVE-2026-0533 Cross-Site Scripting (XSS) in autodesk (CVE-2026-0533)
cross-site scripting in autodesk (CVE-2026-0533). Confidential information can be exposed externally.
CVE-2025-56589 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-56589)
SSRF in ssrf (CVE-2025-56589). Confidential information can be exposed externally.
CVE-2025-10855 Vulnerability in CVE-2025-10855 (CVE-2025-10855)
vulnerability in CVE-2025-10855 (CVE-2025-10855). Confidential information can be exposed externally.
CVE-2025-10856 Unrestricted File Upload in CVE-2025-10856 (CVE-2025-10856)
vulnerability in CVE-2025-10856 (CVE-2025-10856). Confidential information can be exposed externally.
CVE-2025-10024 Vulnerability in CVE-2025-10024 (CVE-2025-10024)
vulnerability in CVE-2025-10024 (CVE-2025-10024). Confidential information can be exposed externally.
CVE-2025-4764 SQL Injection in sqli (CVE-2025-4764)
SQL injection in sqli (CVE-2025-4764). Successful exploitation can lead to full system takeover.
CVE-2026-24049 Path Traversal in privilege-escalation (CVE-2026-24049)
path traversal in privilege-escalation (CVE-2026-24049). Data can be tampered with by attackers.
CVE-2026-24001 Vulnerability in kpdecker (CVE-2026-24001)
vulnerability in kpdecker (CVE-2026-24001). Risk of unauthorized operations or information disclosure. Exploitable via ``parsePatch``.
CVE-2025-68645 KEV [KEV] Vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645)
vulnerability in Synacor zimbra-collaboration-suite-zcs (CVE-2025-68645). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-34026 KEV [KEV] Vulnerability in Versa concerto (CVE-2025-34026)
vulnerability in Versa concerto (CVE-2025-34026). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →