Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2023-0386 KEV |
|
[KEV] Vulnerability in Linux kernel (CVE-2023-0386)
vulnerability in Linux kernel (CVE-2023-0386). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-49795 |
|
Vulnerability in dos (CVE-2025-49795)
vulnerability in dos (CVE-2025-49795). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-33538 KEV |
|
[KEV] Command Injection in Tp-link multiple-routers (CVE-2023-33538)
command injection in Tp-link multiple-routers (CVE-2023-33538). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-43200 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2025-43200)
vulnerability in Apple multiple-products (CVE-2025-43200). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-46035 |
|
Vulnerability in dos (CVE-2025-46035)
vulnerability in dos (CVE-2025-46035). Confidential information can be exposed externally.
|
| CVE-2025-6021 |
|
Out-of-Bounds Write in java (CVE-2025-6021)
out-of-bounds write in java (CVE-2025-6021). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0, 8.0.481` or later.
|
| CVE-2025-47953 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-47167 |
|
Vulnerability in microsoft (CVE-2025-47167)
vulnerability in microsoft (CVE-2025-47167). Successful exploitation can lead to full system takeover.
|
| CVE-2025-47164 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-47162 |
|
Vulnerability in microsoft (CVE-2025-47162)
vulnerability in microsoft (CVE-2025-47162). Successful exploitation can lead to full system takeover.
|
| CVE-2025-33053 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-33053)
vulnerability in Microsoft windows (CVE-2025-33053). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24016 KEV |
|
[KEV] Unsafe Deserialization in wazuh (CVE-2025-24016)
vulnerability in wazuh (CVE-2025-24016). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-5914 |
|
Vulnerability in libarchive (CVE-2025-5914)
vulnerability in libarchive (CVE-2025-5914). Successful exploitation can lead to full system takeover.
|
| CVE-2024-42009 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Roundcube webmail (CVE-2024-42009)
cross-site scripting in Roundcube webmail (CVE-2024-42009). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32433 KEV |
|
[KEV] Vulnerability in erlang (CVE-2025-32433)
vulnerability in erlang (CVE-2025-32433). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-5419 KEV |
|
[KEV] Out-of-Bounds Read in Google chromium-v8 (CVE-2025-5419)
vulnerability in Google chromium-v8 (CVE-2025-5419). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-21479 KEV |
|
[KEV] Authorization Flaw in Qualcomm multiple-chipsets (CVE-2025-21479)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-21479). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-21480 KEV |
|
[KEV] Authorization Flaw in Qualcomm multiple-chipsets (CVE-2025-21480)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-21480). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-27038 KEV |
|
[KEV] Use-After-Free in Qualcomm multiple-chipsets (CVE-2025-27038)
vulnerability in Qualcomm multiple-chipsets (CVE-2025-27038). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-32030 KEV |
|
[KEV] Authentication Bypass in Asus routers (CVE-2021-32030)
authentication bypass in Asus routers (CVE-2021-32030). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-3935 KEV |
|
[KEV] Authentication Bypass in Connectwise screenconnect (CVE-2025-3935)
authentication bypass in Connectwise screenconnect (CVE-2025-3935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-35939 KEV |
|
[KEV] Vulnerability in Craft cms craft-cms (CVE-2025-35939)
vulnerability in Craft cms craft-cms (CVE-2025-35939). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-56145 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
|
| CVE-2023-39780 KEV |
|
[KEV] OS Command Injection in Asus rt-ax55-routers (CVE-2023-39780)
OS command injection in Asus rt-ax55-routers (CVE-2023-39780). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-5276 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-5276)
SSRF in ssrf (CVE-2025-5276). Confidential information can be exposed externally.
|
| CVE-2025-5222 |
|
Vulnerability in unicode (CVE-2025-5222)
vulnerability in unicode (CVE-2025-5222). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48798 |
|
Use-After-Free in CVE-2025-48798 (CVE-2025-48798)
vulnerability in CVE-2025-48798 (CVE-2025-48798). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48797 |
|
Vulnerability in CVE-2025-48797 (CVE-2025-48797)
vulnerability in CVE-2025-48797 (CVE-2025-48797). Successful exploitation can lead to full system takeover.
|
| CVE-2025-48796 |
|
Vulnerability in CVE-2025-48796 (CVE-2025-48796)
vulnerability in CVE-2025-48796 (CVE-2025-48796). Successful exploitation can lead to full system takeover.
|
| CVE-2025-5024 |
|
Vulnerability in CVE-2025-5024 (CVE-2025-5024)
vulnerability in CVE-2025-5024 (CVE-2025-5024). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-4632 KEV |
|
[KEV] Path Traversal in Samsung magicinfo-9-server (CVE-2025-4632)
path traversal in Samsung magicinfo-9-server (CVE-2025-4632). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4948 |
|
Vulnerability in dos (CVE-2025-4948)
vulnerability in dos (CVE-2025-4948). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-38950 KEV |
|
[KEV] Path Traversal in Zkteco biotime (CVE-2023-38950)
path traversal in Zkteco biotime (CVE-2023-38950). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2024-27443 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Synacor zimbra-collaboration-suite-zcs (CVE-2024-27443)
cross-site scripting in Synacor zimbra-collaboration-suite-zcs (CVE-2024-27443). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-27920 KEV |
|
[KEV] Path Traversal in Srimax output-messenger (CVE-2025-27920)
path traversal in Srimax output-messenger (CVE-2025-27920). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-11182 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Mdaemon email-server (CVE-2024-11182)
cross-site scripting in Mdaemon email-server (CVE-2024-11182). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4428 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4427 KEV |
|
[KEV] Vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4427)
vulnerability in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4427). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-42999 KEV |
|
[KEV] Unsafe Deserialization in Sap netweaver (CVE-2025-42999)
vulnerability in Sap netweaver (CVE-2025-42999). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-12987 KEV |
|
[KEV] OS Command Injection in Draytek vigor-routers (CVE-2024-12987)
OS command injection in Draytek vigor-routers (CVE-2024-12987). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-0130 |
|
Vulnerability in paloaltonetworks (CVE-2025-0130)
vulnerability in paloaltonetworks (CVE-2025-0130). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-32756 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2025-32756)
vulnerability in Fortinet multiple-products (CVE-2025-32756). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-30386 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-30388 |
|
Vulnerability in microsoft (CVE-2025-30388)
vulnerability in microsoft (CVE-2025-30388). Successful exploitation can lead to full system takeover.
|
| CVE-2025-31223 |
|
Buffer Overflow in apple (CVE-2025-31223)
vulnerability in apple (CVE-2025-31223). Successful exploitation can lead to full system takeover.
|
| CVE-2025-32709 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-32709)
vulnerability in Microsoft windows (CVE-2025-32709). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-30397 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-30397)
vulnerability in Microsoft windows (CVE-2025-30397). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32706 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-32706)
vulnerability in Microsoft windows (CVE-2025-32706). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32701 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-32701)
vulnerability in Microsoft windows (CVE-2025-32701). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-30400 KEV |
|
[KEV] Use-After-Free in Microsoft windows (CVE-2025-30400)
vulnerability in Microsoft windows (CVE-2025-30400). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|