Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-31125 KEV |
|
[KEV] Information Disclosure in vite (CVE-2025-31125)
vulnerability in vite (CVE-2025-31125). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-54313 KEV |
|
[KEV] Vulnerability in prettier (CVE-2025-54313)
vulnerability in prettier (CVE-2025-54313). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-24046 |
|
Path Traversal in path-traversal (CVE-2026-24046)
path traversal in path-traversal (CVE-2026-24046). Confidential information can be exposed externally.
|
| CVE-2026-22822 |
|
Authorization Flaw in external-secrets (CVE-2026-22822)
vulnerability in external-secrets (CVE-2026-22822). Successful exploitation can lead to full system takeover. Exploitable via ``getSecretKey``.
|
| CVE-2026-22807 |
|
Code Injection in vllm (CVE-2026-22807)
code injection in vllm (CVE-2026-22807). Successful exploitation can lead to full system takeover. Exploitable via ``auto_map``.
|
| CVE-2026-23956 |
|
Vulnerability in seroval (CVE-2026-23956)
vulnerability in seroval (CVE-2026-23956). Risk of unauthorized operations or information disclosure. Exploitable via ``Seroval``. Mitigation: upgrade to `1.4.1` or later.
|
| CVE-2025-13878 |
|
Vulnerability in CVE-2025-13878 (CVE-2025-13878)
vulnerability in CVE-2025-13878 (CVE-2025-13878). Risk of unauthorized operations or information disclosure. Exploitable via ``named``.
|
| CVE-2026-20045 KEV |
|
[KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)
code injection in Cisco unified-communications-manager (CVE-2026-20045). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-55131 |
|
Vulnerability in CVE-2025-55131 (CVE-2025-55131)
vulnerability in CVE-2025-55131 (CVE-2025-55131). Confidential information can be exposed externally. Exploitable via ``Buffer.alloc``.
|
| CVE-2025-59465 |
|
Vulnerability in dos (CVE-2025-59465)
vulnerability in dos (CVE-2025-59465). Risk of unauthorized operations or information disclosure. Exploitable via ``HPACK``.
|
| CVE-2026-23876 |
|
Vulnerability in imagemagick (CVE-2026-23876)
vulnerability in imagemagick (CVE-2026-23876). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23950 |
|
Vulnerability in isaacs (CVE-2026-23950)
vulnerability in isaacs (CVE-2026-23950). Data can be tampered with by attackers. Exploitable via ``PathReservations``.
|
| CVE-2026-22031 |
|
Vulnerability in fastify (CVE-2026-22031)
vulnerability in fastify (CVE-2026-22031). Confidential information can be exposed externally.
|
| CVE-2025-68616 |
|
Open Redirect in weasyprint (CVE-2025-68616)
vulnerability in weasyprint (CVE-2025-68616). Confidential information can be exposed externally. Exploitable via ``default_url_fetcher``. Mitigation: upgrade to `68.0` or later.
|
| CVE-2021-47839 |
|
Cross-Site Scripting (XSS) in CVE-2021-47839 (CVE-2021-47839)
cross-site scripting in CVE-2021-47839 (CVE-2021-47839). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-23490 |
|
Vulnerability in pyasn1 (CVE-2026-23490)
vulnerability in pyasn1 (CVE-2026-23490). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.6.2` or later.
|
| CVE-2021-47814 |
|
Vulnerability in dos (CVE-2021-47814)
vulnerability in dos (CVE-2021-47814). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22774 |
|
Vulnerability in dos (CVE-2026-22774)
vulnerability in dos (CVE-2026-22774). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2026-22775 |
|
Vulnerability in dos (CVE-2026-22775)
vulnerability in dos (CVE-2026-22775). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `5.6.2` or later.
|
| CVE-2025-67246 |
|
Privilege Escalation in privilege-escalation (CVE-2025-67246)
vulnerability in privilege-escalation (CVE-2025-67246). Confidential information can be exposed externally.
|
| CVE-2026-0897 |
|
Vulnerability in keras (CVE-2026-0897)
vulnerability in keras (CVE-2026-0897). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.13.1` or later.
|
| CVE-2026-0532 |
|
SSRF (Server-Side Request Forgery) in CVE-2026-0532 (CVE-2026-0532)
SSRF in CVE-2026-0532 (CVE-2026-0532). Confidential information can be exposed externally.
|
| CVE-2026-20931 |
|
Vulnerability in microsoft (CVE-2026-20931)
vulnerability in microsoft (CVE-2026-20931). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20864 |
|
Vulnerability in microsoft (CVE-2026-20864)
vulnerability in microsoft (CVE-2026-20864). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20921 |
|
Vulnerability in microsoft (CVE-2026-20921)
vulnerability in microsoft (CVE-2026-20921). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20817 |
|
Vulnerability in microsoft (CVE-2026-20817)
vulnerability in microsoft (CVE-2026-20817). Successful exploitation can lead to full system takeover.
|
| CVE-2025-25249 |
|
Vulnerability in fortinet (CVE-2025-25249)
vulnerability in fortinet (CVE-2025-25249). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66698 |
|
Authentication Bypass in semantic-machines (CVE-2025-66698)
authentication bypass in semantic-machines (CVE-2025-66698). Confidential information can be exposed externally.
|
| CVE-2026-0877 |
|
Vulnerability in mozilla (CVE-2026-0877)
vulnerability in mozilla (CVE-2026-0877). Confidential information can be exposed externally.
|
| CVE-2026-0891 |
|
Buffer Overflow in mozilla (CVE-2026-0891)
vulnerability in mozilla (CVE-2026-0891). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0882 |
|
Use-After-Free in mozilla (CVE-2026-0882)
vulnerability in mozilla (CVE-2026-0882). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0880 |
|
Vulnerability in mozilla (CVE-2026-0880)
vulnerability in mozilla (CVE-2026-0880). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0878 |
|
Vulnerability in mozilla (CVE-2026-0878)
vulnerability in mozilla (CVE-2026-0878). Confidential information can be exposed externally.
|
| CVE-2025-40944 |
|
Vulnerability in CVE-2025-40944 (CVE-2025-40944)
vulnerability in CVE-2025-40944 (CVE-2025-40944). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-66176 |
|
Vulnerability in hikvision (CVE-2025-66176)
vulnerability in hikvision (CVE-2025-66176). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66177 |
|
Vulnerability in CVE-2025-66177 (CVE-2025-66177)
vulnerability in CVE-2025-66177 (CVE-2025-66177). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15514 |
|
Vulnerability in dos (CVE-2025-15514)
vulnerability in dos (CVE-2025-15514). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-20805 KEV |
|
[KEV] Information Disclosure in Microsoft windows (CVE-2026-20805)
vulnerability in Microsoft windows (CVE-2026-20805). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-22771 |
|
Code Injection in envoyproxy (CVE-2026-22771)
code injection in envoyproxy (CVE-2026-22771). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.7` or later.
|
| CVE-2025-8110 KEV |
|
[KEV] Path Traversal in gogs (CVE-2025-8110)
path traversal in gogs (CVE-2025-8110). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-68493 |
|
XXE (XML External Entity) in apache (CVE-2025-68493)
vulnerability in apache (CVE-2025-68493). Confidential information can be exposed externally.
|
| CVE-2026-21884 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-21884)
cross-site scripting in react (CVE-2026-21884). Confidential information can be exposed externally.
|
| CVE-2025-59057 |
|
Cross-Site Scripting (XSS) in react (CVE-2025-59057)
cross-site scripting in react (CVE-2025-59057). Confidential information can be exposed externally.
|
| CVE-2026-22029 |
|
Cross-Site Scripting (XSS) in react (CVE-2026-22029)
cross-site scripting in react (CVE-2026-22029). Confidential information can be exposed externally.
|
| CVE-2025-9222 |
|
Cross-Site Scripting (XSS) in gitlab (CVE-2025-9222)
cross-site scripting in gitlab (CVE-2025-9222). Confidential information can be exposed externally.
|
| CVE-2025-13772 |
|
Vulnerability in gitlab (CVE-2025-13772)
vulnerability in gitlab (CVE-2025-13772). Confidential information can be exposed externally.
|
| CVE-2025-13761 |
|
Cross-Site Scripting (XSS) in c (CVE-2025-13761)
cross-site scripting in c (CVE-2025-13761). Confidential information can be exposed externally.
|
| CVE-2025-65518 |
|
Vulnerability in dos (CVE-2025-65518)
vulnerability in dos (CVE-2025-65518). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-50334 |
|
Vulnerability in dos (CVE-2025-50334)
vulnerability in dos (CVE-2025-50334). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-0719 |
|
Vulnerability in CVE-2026-0719 (CVE-2026-0719)
vulnerability in CVE-2026-0719 (CVE-2026-0719). Risk of unauthorized operations or information disclosure.
|