Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

ID Title
CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
CVE-2026-21441 Vulnerability in urllib3 (CVE-2026-21441)
vulnerability in urllib3 (CVE-2026-21441). Risk of unauthorized operations or information disclosure. Exploitable via ``gzip``.
CVE-2025-69263 pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
CVE-2025-69264 Vulnerability in pnpm (CVE-2025-69264)
vulnerability in pnpm (CVE-2025-69264). Successful exploitation can lead to full system takeover.
CVE-2026-22184 Out-of-Bounds Write in zlib (CVE-2026-22184)
out-of-bounds write in zlib (CVE-2026-22184). Successful exploitation can lead to full system takeover.
CVE-2026-22190 Vulnerability in cmu (CVE-2026-22190)
vulnerability in cmu (CVE-2026-22190). Confidential information can be exposed externally.
CVE-2009-0556 KEV [KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-37164 KEV [KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-69223 Vulnerability in dos (CVE-2025-69223)
vulnerability in dos (CVE-2025-69223). Risk of unauthorized operations or information disclosure.
CVE-2025-68428 Vulnerability in path-traversal (CVE-2025-68428)
vulnerability in path-traversal (CVE-2025-68428). Confidential information can be exposed externally. Exploitable via ``addImage``.
CVE-2025-67269 Vulnerability in c (CVE-2025-67269)
vulnerability in c (CVE-2025-67269). Risk of unauthorized operations or information disclosure. Exploitable via ``ffa1d6f40bca0b035fc7f5e563160ebb67199da7``.
CVE-2025-67158 Authentication Bypass in revotech (CVE-2025-67158)
authentication bypass in revotech (CVE-2025-67158). Confidential information can be exposed externally.
CVE-2025-67159 Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
CVE-2025-67160 Path Traversal in path-traversal (CVE-2025-67160)
path traversal in path-traversal (CVE-2025-67160). Confidential information can be exposed externally.
CVE-2025-11157 Unsafe Deserialization in CVE-2025-11157 (CVE-2025-11157)
vulnerability in CVE-2025-11157 (CVE-2025-11157). Successful exploitation can lead to full system takeover.
CVE-2025-66835 Vulnerability in trueconf (CVE-2025-66835)
vulnerability in trueconf (CVE-2025-66835). Confidential information can be exposed externally.
CVE-2025-71339 Unsafe Deserialization in picklescan (CVE-2025-71339)
vulnerability in picklescan (CVE-2025-71339). Confidential information can be exposed externally. Exploitable via ``numpy.f2py.crackfortran._eval_length``. Mitigation: upgrade to `0.0.33` or later.
CVE-2025-14847 KEV [KEV] Vulnerability in mongodb (CVE-2025-14847)
vulnerability in mongodb (CVE-2025-14847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-66738 Command Injection in yealink (CVE-2025-66738)
command injection in yealink (CVE-2025-66738). Successful exploitation can lead to full system takeover.
CVE-2025-2406 Cross-Site Scripting (XSS) in CVE-2025-2406 (CVE-2025-2406)
cross-site scripting in CVE-2025-2406 (CVE-2025-2406). Data can be tampered with by attackers.
CVE-2025-2405 Cross-Site Scripting (XSS) in CVE-2025-2405 (CVE-2025-2405)
cross-site scripting in CVE-2025-2405 (CVE-2025-2405). Data can be tampered with by attackers.
CVE-2025-2307 Cross-Site Scripting (XSS) in CVE-2025-2307 (CVE-2025-2307)
cross-site scripting in CVE-2025-2307 (CVE-2025-2307). Data can be tampered with by attackers.
CVE-2025-2515 Authorization Flaw in privilege-escalation (CVE-2025-2515)
vulnerability in privilege-escalation (CVE-2025-2515). Successful exploitation can lead to full system takeover.
CVE-2025-2155 Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade...
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade...
CVE-2025-65865 Vulnerability in dos (CVE-2025-65865)
vulnerability in dos (CVE-2025-65865). Risk of unauthorized operations or information disclosure.
CVE-2025-13183 Cross-Site Scripting (XSS) in CVE-2025-13183 (CVE-2025-13183)
cross-site scripting in CVE-2025-13183 (CVE-2025-13183). Confidential information can be exposed externally.
CVE-2025-65857 Vulnerability in xiongmaitech (CVE-2025-65857)
vulnerability in xiongmaitech (CVE-2025-65857). Confidential information can be exposed externally.
CVE-2025-14018 Vulnerability in CVE-2025-14018 (CVE-2025-14018)
vulnerability in CVE-2025-14018 (CVE-2025-14018). Confidential information can be exposed externally.
CVE-2023-52163 KEV [KEV] Vulnerability in Digiever ds-2105-pro (CVE-2023-52163)
vulnerability in Digiever ds-2105-pro (CVE-2023-52163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-1927 Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-1927)
vulnerability in csrf (CVE-2025-1927). Data can be tampered with by attackers.
CVE-2025-14733 KEV [KEV] Out-of-Bounds Write in Watchguard firebox (CVE-2025-14733)
out-of-bounds write in Watchguard firebox (CVE-2025-14733). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-65568 Out-of-Bounds Read in opennetworking (CVE-2025-65568)
vulnerability in opennetworking (CVE-2025-65568). Risk of unauthorized operations or information disclosure.
CVE-2025-7358 Vulnerability in utarit (CVE-2025-7358)
vulnerability in utarit (CVE-2025-7358). Confidential information can be exposed externally.
CVE-2025-1031 Vulnerability in utarit (CVE-2025-1031)
vulnerability in utarit (CVE-2025-1031). Confidential information can be exposed externally.
CVE-2025-1030 Vulnerability in utarit (CVE-2025-1030)
vulnerability in utarit (CVE-2025-1030). Confidential information can be exposed externally.
CVE-2025-1029 Vulnerability in utarit (CVE-2025-1029)
vulnerability in utarit (CVE-2025-1029). Confidential information can be exposed externally.
CVE-2025-14101 Vulnerability in CVE-2025-14101 (CVE-2025-14101)
vulnerability in CVE-2025-14101 (CVE-2025-14101). Confidential information can be exposed externally.
CVE-2025-59374 KEV [KEV] Vulnerability in Asus live-update (CVE-2025-59374)
vulnerability in Asus live-update (CVE-2025-59374). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-40602 KEV [KEV] Vulnerability in Sonicwall sma1000-appliance (CVE-2025-40602)
vulnerability in Sonicwall sma1000-appliance (CVE-2025-40602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-20393 KEV [KEV] Vulnerability in Cisco multiple-products (CVE-2025-20393)
vulnerability in Cisco multiple-products (CVE-2025-20393). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-13474 Vulnerability in CVE-2025-13474 (CVE-2025-13474)
vulnerability in CVE-2025-13474 (CVE-2025-13474). Confidential information can be exposed externally.
CVE-2025-68065 Vulnerability in CVE-2025-68065 (CVE-2025-68065)
vulnerability in CVE-2025-68065 (CVE-2025-68065). Successful exploitation can lead to full system takeover.
CVE-2023-53888 Code Injection in zomp (CVE-2023-53888)
code injection in zomp (CVE-2023-53888). Successful exploitation can lead to full system takeover.
CVE-2025-11393 Vulnerability in CVE-2025-11393 (CVE-2025-11393)
vulnerability in CVE-2025-11393 (CVE-2025-11393). Confidential information can be exposed externally.
CVE-2024-44599 FNT Command 13.4.0 is vulnerable to Directory Traversal.
FNT Command 13.4.0 is vulnerable to Directory Traversal.
CVE-2024-44598 FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.
FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.
CVE-2025-14611 KEV [KEV] Vulnerability in Gladinet centrestack-and-triofox (CVE-2025-14611)
vulnerability in Gladinet centrestack-and-triofox (CVE-2025-14611). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-43529 KEV [KEV] Use-After-Free in Apple multiple-products (CVE-2025-43529)
vulnerability in Apple multiple-products (CVE-2025-43529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-65530 Vulnerability in cloudlinux (CVE-2025-65530)
vulnerability in cloudlinux (CVE-2025-65530). Successful exploitation can lead to full system takeover.
CVE-2025-13506 Vulnerability in CVE-2025-13506 (CVE-2025-13506)
vulnerability in CVE-2025-13506 (CVE-2025-13506). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →