Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-69262 |
|
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
|
| CVE-2026-21441 |
|
Vulnerability in urllib3 (CVE-2026-21441)
vulnerability in urllib3 (CVE-2026-21441). Risk of unauthorized operations or information disclosure. Exploitable via ``gzip``.
|
| CVE-2025-69263 |
|
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
|
| CVE-2025-69264 |
|
Vulnerability in pnpm (CVE-2025-69264)
vulnerability in pnpm (CVE-2025-69264). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22184 |
|
Out-of-Bounds Write in zlib (CVE-2026-22184)
out-of-bounds write in zlib (CVE-2026-22184). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22190 |
|
Vulnerability in cmu (CVE-2026-22190)
vulnerability in cmu (CVE-2026-22190). Confidential information can be exposed externally.
|
| CVE-2009-0556 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-37164 KEV |
|
[KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-69223 |
|
Vulnerability in dos (CVE-2025-69223)
vulnerability in dos (CVE-2025-69223). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-68428 |
|
Vulnerability in path-traversal (CVE-2025-68428)
vulnerability in path-traversal (CVE-2025-68428). Confidential information can be exposed externally. Exploitable via ``addImage``.
|
| CVE-2025-67269 |
|
Vulnerability in c (CVE-2025-67269)
vulnerability in c (CVE-2025-67269). Risk of unauthorized operations or information disclosure. Exploitable via ``ffa1d6f40bca0b035fc7f5e563160ebb67199da7``.
|
| CVE-2025-67158 |
|
Authentication Bypass in revotech (CVE-2025-67158)
authentication bypass in revotech (CVE-2025-67158). Confidential information can be exposed externally.
|
| CVE-2025-67159 |
|
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
Vatilon v1.12.37-20240124 was discovered to transmit user credentials in plaintext.
|
| CVE-2025-67160 |
|
Path Traversal in path-traversal (CVE-2025-67160)
path traversal in path-traversal (CVE-2025-67160). Confidential information can be exposed externally.
|
| CVE-2025-11157 |
|
Unsafe Deserialization in CVE-2025-11157 (CVE-2025-11157)
vulnerability in CVE-2025-11157 (CVE-2025-11157). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66835 |
|
Vulnerability in trueconf (CVE-2025-66835)
vulnerability in trueconf (CVE-2025-66835). Confidential information can be exposed externally.
|
| CVE-2025-71339 |
|
Unsafe Deserialization in picklescan (CVE-2025-71339)
vulnerability in picklescan (CVE-2025-71339). Confidential information can be exposed externally. Exploitable via ``numpy.f2py.crackfortran._eval_length``. Mitigation: upgrade to `0.0.33` or later.
|
| CVE-2025-14847 KEV |
|
[KEV] Vulnerability in mongodb (CVE-2025-14847)
vulnerability in mongodb (CVE-2025-14847). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66738 |
|
Command Injection in yealink (CVE-2025-66738)
command injection in yealink (CVE-2025-66738). Successful exploitation can lead to full system takeover.
|
| CVE-2025-2406 |
|
Cross-Site Scripting (XSS) in CVE-2025-2406 (CVE-2025-2406)
cross-site scripting in CVE-2025-2406 (CVE-2025-2406). Data can be tampered with by attackers.
|
| CVE-2025-2405 |
|
Cross-Site Scripting (XSS) in CVE-2025-2405 (CVE-2025-2405)
cross-site scripting in CVE-2025-2405 (CVE-2025-2405). Data can be tampered with by attackers.
|
| CVE-2025-2307 |
|
Cross-Site Scripting (XSS) in CVE-2025-2307 (CVE-2025-2307)
cross-site scripting in CVE-2025-2307 (CVE-2025-2307). Data can be tampered with by attackers.
|
| CVE-2025-2515 |
|
Authorization Flaw in privilege-escalation (CVE-2025-2515)
vulnerability in privilege-escalation (CVE-2025-2515). Successful exploitation can lead to full system takeover.
|
| CVE-2025-2155 |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade...
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade...
|
| CVE-2025-65865 |
|
Vulnerability in dos (CVE-2025-65865)
vulnerability in dos (CVE-2025-65865). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-13183 |
|
Cross-Site Scripting (XSS) in CVE-2025-13183 (CVE-2025-13183)
cross-site scripting in CVE-2025-13183 (CVE-2025-13183). Confidential information can be exposed externally.
|
| CVE-2025-65857 |
|
Vulnerability in xiongmaitech (CVE-2025-65857)
vulnerability in xiongmaitech (CVE-2025-65857). Confidential information can be exposed externally.
|
| CVE-2025-14018 |
|
Vulnerability in CVE-2025-14018 (CVE-2025-14018)
vulnerability in CVE-2025-14018 (CVE-2025-14018). Confidential information can be exposed externally.
|
| CVE-2023-52163 KEV |
|
[KEV] Vulnerability in Digiever ds-2105-pro (CVE-2023-52163)
vulnerability in Digiever ds-2105-pro (CVE-2023-52163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-1927 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2025-1927)
vulnerability in csrf (CVE-2025-1927). Data can be tampered with by attackers.
|
| CVE-2025-14733 KEV |
|
[KEV] Out-of-Bounds Write in Watchguard firebox (CVE-2025-14733)
out-of-bounds write in Watchguard firebox (CVE-2025-14733). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-65568 |
|
Out-of-Bounds Read in opennetworking (CVE-2025-65568)
vulnerability in opennetworking (CVE-2025-65568). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-7358 |
|
Vulnerability in utarit (CVE-2025-7358)
vulnerability in utarit (CVE-2025-7358). Confidential information can be exposed externally.
|
| CVE-2025-1031 |
|
Vulnerability in utarit (CVE-2025-1031)
vulnerability in utarit (CVE-2025-1031). Confidential information can be exposed externally.
|
| CVE-2025-1030 |
|
Vulnerability in utarit (CVE-2025-1030)
vulnerability in utarit (CVE-2025-1030). Confidential information can be exposed externally.
|
| CVE-2025-1029 |
|
Vulnerability in utarit (CVE-2025-1029)
vulnerability in utarit (CVE-2025-1029). Confidential information can be exposed externally.
|
| CVE-2025-14101 |
|
Vulnerability in CVE-2025-14101 (CVE-2025-14101)
vulnerability in CVE-2025-14101 (CVE-2025-14101). Confidential information can be exposed externally.
|
| CVE-2025-59374 KEV |
|
[KEV] Vulnerability in Asus live-update (CVE-2025-59374)
vulnerability in Asus live-update (CVE-2025-59374). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-40602 KEV |
|
[KEV] Vulnerability in Sonicwall sma1000-appliance (CVE-2025-40602)
vulnerability in Sonicwall sma1000-appliance (CVE-2025-40602). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-20393 KEV |
|
[KEV] Vulnerability in Cisco multiple-products (CVE-2025-20393)
vulnerability in Cisco multiple-products (CVE-2025-20393). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-13474 |
|
Vulnerability in CVE-2025-13474 (CVE-2025-13474)
vulnerability in CVE-2025-13474 (CVE-2025-13474). Confidential information can be exposed externally.
|
| CVE-2025-68065 |
|
Vulnerability in CVE-2025-68065 (CVE-2025-68065)
vulnerability in CVE-2025-68065 (CVE-2025-68065). Successful exploitation can lead to full system takeover.
|
| CVE-2023-53888 |
|
Code Injection in zomp (CVE-2023-53888)
code injection in zomp (CVE-2023-53888). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11393 |
|
Vulnerability in CVE-2025-11393 (CVE-2025-11393)
vulnerability in CVE-2025-11393 (CVE-2025-11393). Confidential information can be exposed externally.
|
| CVE-2024-44599 |
|
FNT Command 13.4.0 is vulnerable to Directory Traversal.
FNT Command 13.4.0 is vulnerable to Directory Traversal.
|
| CVE-2024-44598 |
|
FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.
FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module.
|
| CVE-2025-14611 KEV |
|
[KEV] Vulnerability in Gladinet centrestack-and-triofox (CVE-2025-14611)
vulnerability in Gladinet centrestack-and-triofox (CVE-2025-14611). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-43529 KEV |
|
[KEV] Use-After-Free in Apple multiple-products (CVE-2025-43529)
vulnerability in Apple multiple-products (CVE-2025-43529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-65530 |
|
Vulnerability in cloudlinux (CVE-2025-65530)
vulnerability in cloudlinux (CVE-2025-65530). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13506 |
|
Vulnerability in CVE-2025-13506 (CVE-2025-13506)
vulnerability in CVE-2025-13506 (CVE-2025-13506). Successful exploitation can lead to full system takeover.
|