Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2018-4063 KEV |
|
[KEV] Unrestricted File Upload in Sierra wireless sierra-wireless (CVE-2018-4063)
vulnerability in Sierra wireless sierra-wireless (CVE-2018-4063). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-14174 KEV |
|
[KEV] Vulnerability in Google chromium (CVE-2025-14174)
vulnerability in Google chromium (CVE-2025-14174). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66585 |
|
Use-After-Free in azeotech (CVE-2025-66585)
vulnerability in azeotech (CVE-2025-66585). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66586 |
|
Vulnerability in azeotech (CVE-2025-66586)
vulnerability in azeotech (CVE-2025-66586). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66588 |
|
Vulnerability in azeotech (CVE-2025-66588)
vulnerability in azeotech (CVE-2025-66588). Successful exploitation can lead to full system takeover.
|
| CVE-2025-66590 |
|
Out-of-Bounds Write in azeotech (CVE-2025-66590)
out-of-bounds write in azeotech (CVE-2025-66590). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13003 |
|
Vulnerability in CVE-2025-13003 (CVE-2025-13003)
vulnerability in CVE-2025-13003 (CVE-2025-13003). Data can be tampered with by attackers.
|
| CVE-2025-13124 |
|
Vulnerability in CVE-2025-13124 (CVE-2025-13124)
vulnerability in CVE-2025-13124 (CVE-2025-13124). Data can be tampered with by attackers.
|
| CVE-2025-14523 |
|
Vulnerability in CVE-2025-14523 (CVE-2025-14523)
vulnerability in CVE-2025-14523 (CVE-2025-14523). Data can be tampered with by attackers. Exploitable via `Host header`.
|
| CVE-2025-58360 KEV |
|
[KEV] XXE (XML External Entity) in Osgeo geoserver (CVE-2025-58360)
vulnerability in Osgeo geoserver (CVE-2025-58360). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-63895 |
|
Vulnerability in dos (CVE-2025-63895)
vulnerability in dos (CVE-2025-63895). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-65807 |
|
Vulnerability in chmln (CVE-2025-65807)
vulnerability in chmln (CVE-2025-65807). Successful exploitation can lead to full system takeover.
|
| CVE-2025-7073 |
|
Vulnerability in c (CVE-2025-7073)
vulnerability in c (CVE-2025-7073). Successful exploitation can lead to full system takeover.
|
| CVE-2025-1161 |
|
Vulnerability in privilege-escalation (CVE-2025-1161)
vulnerability in privilege-escalation (CVE-2025-1161). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61813 |
|
XXE (XML External Entity) in adobe (CVE-2025-61813)
vulnerability in adobe (CVE-2025-61813). Confidential information can be exposed externally.
|
| CVE-2025-65594 |
|
Vulnerability in os4ed (CVE-2025-65594)
vulnerability in os4ed (CVE-2025-65594). Confidential information can be exposed externally.
|
| CVE-2025-64666 |
|
Vulnerability in microsoft (CVE-2025-64666)
vulnerability in microsoft (CVE-2025-64666). Successful exploitation can lead to full system takeover.
|
| CVE-2025-62557 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-62554 |
|
Vulnerability in microsoft (CVE-2025-62554)
vulnerability in microsoft (CVE-2025-62554). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53679 |
|
OS Command Injection in fortinet (CVE-2025-53679)
OS command injection in fortinet (CVE-2025-53679). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56704 |
|
Unrestricted File Upload in lepton-cms (CVE-2025-56704)
vulnerability in lepton-cms (CVE-2025-56704). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6218 KEV |
|
[KEV] Path Traversal in Rarlab winrar (CVE-2025-6218)
path traversal in Rarlab winrar (CVE-2025-6218). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-62221 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-62221)
vulnerability in Microsoft windows (CVE-2025-62221). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-65795 |
|
Vulnerability in usememos (CVE-2025-65795)
vulnerability in usememos (CVE-2025-65795). Data can be tampered with by attackers.
|
| CVE-2025-65363 |
|
Command Injection in ruijie (CVE-2025-65363)
command injection in ruijie (CVE-2025-65363). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48615 |
|
Vulnerability in google (CVE-2025-48615)
vulnerability in google (CVE-2025-48615). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48612 |
|
Vulnerability in google (CVE-2025-48612)
vulnerability in google (CVE-2025-48612). Successful exploitation can lead to full system takeover.
|
| CVE-2022-37055 KEV |
|
[KEV] Vulnerability in D-link routers (CVE-2022-37055)
vulnerability in D-link routers (CVE-2022-37055). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66644 KEV |
|
[KEV] OS Command Injection in Array networks array-networks (CVE-2025-66644)
OS command injection in Array networks array-networks (CVE-2025-66644). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34291 KEV |
|
[KEV] Vulnerability in langflow (CVE-2025-34291)
vulnerability in langflow (CVE-2025-34291). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2025-64053 |
|
Vulnerability in dos (CVE-2025-64053)
vulnerability in dos (CVE-2025-64053). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-64057 |
|
Path Traversal in path-traversal (CVE-2025-64057)
path traversal in path-traversal (CVE-2025-64057). Data can be tampered with by attackers.
|
| CVE-2025-55182 KEV |
|
[KEV] Vulnerability in Meta react-server-components (CVE-2025-55182)
vulnerability in Meta react-server-components (CVE-2025-55182). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-63896 |
|
Vulnerability in jxlindia (CVE-2025-63896)
vulnerability in jxlindia (CVE-2025-63896). Data can be tampered with by attackers.
|
| CVE-2025-66287 |
|
Vulnerability in CVE-2025-66287 (CVE-2025-66287)
vulnerability in CVE-2025-66287 (CVE-2025-66287). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57201 |
|
Command Injection in avtech (CVE-2025-57201)
command injection in avtech (CVE-2025-57201). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57198 |
|
Command Injection in avtech (CVE-2025-57198)
command injection in avtech (CVE-2025-57198). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57199 |
|
Command Injection in avtech (CVE-2025-57199)
command injection in avtech (CVE-2025-57199). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13947 |
|
Vulnerability in CVE-2025-13947 (CVE-2025-13947)
vulnerability in CVE-2025-13947 (CVE-2025-13947). Confidential information can be exposed externally.
|
| CVE-2021-26828 KEV |
|
[KEV] Unrestricted File Upload in Openplc scadabr (CVE-2021-26828)
vulnerability in Openplc scadabr (CVE-2021-26828). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-13295 |
|
Vulnerability in argusteknoloji (CVE-2025-13295)
vulnerability in argusteknoloji (CVE-2025-13295). Confidential information can be exposed externally.
|
| CVE-2025-48633 KEV |
|
[KEV] Vulnerability in Android framework (CVE-2025-48633)
vulnerability in Android framework (CVE-2025-48633). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48572 KEV |
|
[KEV] Vulnerability in Android platform/frameworks/base (CVE-2025-48572)
vulnerability in Android platform/frameworks/base (CVE-2025-48572). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `14:2025-12-01` or later.
|
| CVE-2025-63365 |
|
Path Traversal in path-traversal (CVE-2025-63365)
path traversal in path-traversal (CVE-2025-63365). Confidential information can be exposed externally.
|
| CVE-2025-10101 |
|
Out-of-Bounds Read in CVE-2025-10101 (CVE-2025-10101)
vulnerability in CVE-2025-10101 (CVE-2025-10101). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8351 |
|
Vulnerability in CVE-2025-8351 (CVE-2025-8351)
vulnerability in CVE-2025-8351 (CVE-2025-8351). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61228 |
|
Vulnerability in shirt-pocket (CVE-2025-61228)
vulnerability in shirt-pocket (CVE-2025-61228). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61229 |
|
Vulnerability in shirt-pocket (CVE-2025-61229)
vulnerability in shirt-pocket (CVE-2025-61229). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57489 |
|
Vulnerability in shirt-pocket (CVE-2025-57489)
vulnerability in shirt-pocket (CVE-2025-57489). Successful exploitation can lead to full system takeover.
|
| CVE-2021-26829 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Openplc scadabr (CVE-2021-26829)
cross-site scripting in Openplc scadabr (CVE-2021-26829). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|