Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-69872 |
|
Code Injection in CVE-2025-69872 (CVE-2025-69872)
code injection in CVE-2025-69872 (CVE-2025-69872). Successful exploitation can lead to full system takeover.
|
| CVE-2025-12059 |
|
Vulnerability in c (CVE-2025-12059)
vulnerability in c (CVE-2025-12059). Successful exploitation can lead to full system takeover.
|
| CVE-2025-8668 |
|
Cross-Site Scripting (XSS) in CVE-2025-8668 (CVE-2025-8668)
cross-site scripting in CVE-2025-8668 (CVE-2025-8668). Data can be tampered with by attackers.
|
| CVE-2025-8025 |
|
Vulnerability in CVE-2025-8025 (CVE-2025-8025)
vulnerability in CVE-2025-8025 (CVE-2025-8025). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11242 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-11242)
SSRF in ssrf (CVE-2025-11242). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6830 |
|
SQL Injection in sqli (CVE-2025-6830)
SQL injection in sqli (CVE-2025-6830). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1615 |
|
Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1709 |
|
Vulnerability in keylime (CVE-2026-1709)
vulnerability in keylime (CVE-2026-1709). Data can be tampered with by attackers. Mitigation: upgrade to `7.12.0` or later.
|
| CVE-2025-5329 |
|
SQL Injection in sqli (CVE-2025-5329)
SQL injection in sqli (CVE-2025-5329). Successful exploitation can lead to full system takeover.
|
| CVE-2025-5319 |
|
SQL Injection in sqli (CVE-2025-5319)
SQL injection in sqli (CVE-2025-5319). Successful exploitation can lead to full system takeover.
|
| CVE-2019-19006 KEV |
|
[KEV] Authentication Bypass in Sangoma freepbx (CVE-2019-19006)
authentication bypass in Sangoma freepbx (CVE-2019-19006). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-22778 |
|
Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2025-69929 |
|
Vulnerability in n3uron (CVE-2025-69929)
vulnerability in n3uron (CVE-2025-69929). Successful exploitation can lead to full system takeover.
|
| CVE-2020-37002 |
|
OS Command Injection in CVE-2020-37002 (CVE-2020-37002)
OS command injection in CVE-2020-37002 (CVE-2020-37002). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61140 |
|
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
|
| CVE-2026-24858 KEV |
|
[KEV] Vulnerability in Fortinet multiple-products (CVE-2026-24858)
vulnerability in Fortinet multiple-products (CVE-2026-24858). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2026-22586 |
|
Vulnerability in salesforce (CVE-2026-22586)
vulnerability in salesforce (CVE-2026-22586). Successful exploitation can lead to full system takeover.
|
| CVE-2025-52024 |
|
Vulnerability in aptsys (CVE-2025-52024)
vulnerability in aptsys (CVE-2025-52024). Confidential information can be exposed externally.
|
| CVE-2025-52025 |
|
SQL Injection in sqli (CVE-2025-52025)
SQL injection in sqli (CVE-2025-52025). Confidential information can be exposed externally.
|
| CVE-2025-4320 |
|
Vulnerability in CVE-2025-4320 (CVE-2025-4320)
vulnerability in CVE-2025-4320 (CVE-2025-4320). Successful exploitation can lead to full system takeover.
|
| CVE-2025-4319 |
|
Vulnerability in CVE-2025-4319 (CVE-2025-4319)
vulnerability in CVE-2025-4319 (CVE-2025-4319). Confidential information can be exposed externally.
|
| CVE-2026-20912 |
|
Vulnerability in gitea (CVE-2026-20912)
vulnerability in gitea (CVE-2026-20912). Confidential information can be exposed externally.
|
| CVE-2026-20897 |
|
Vulnerability in gitea (CVE-2026-20897)
vulnerability in gitea (CVE-2026-20897). Confidential information can be exposed externally.
|
| CVE-2026-20750 |
|
Vulnerability in gitea (CVE-2026-20750)
vulnerability in gitea (CVE-2026-20750). Confidential information can be exposed externally.
|
| CVE-2025-56590 |
|
OS Command Injection in apryse (CVE-2025-56590)
OS command injection in apryse (CVE-2025-56590). Successful exploitation can lead to full system takeover.
|
| CVE-2025-55130 |
|
Vulnerability in nodejs (CVE-2025-55130)
vulnerability in nodejs (CVE-2025-55130). Confidential information can be exposed externally.
|
| CVE-2025-56005 |
|
Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
|
| CVE-2026-22797 |
|
Vulnerability in CVE-2026-22797 (CVE-2026-22797)
vulnerability in CVE-2026-22797 (CVE-2026-22797). Confidential information can be exposed externally.
|
| CVE-2026-23883 |
|
Use-After-Free in dos (CVE-2026-23883)
vulnerability in dos (CVE-2026-23883). Successful exploitation can lead to full system takeover. Exploitable via ``xf_Pointer_New``.
|
| CVE-2026-23884 |
|
Use-After-Free in dos (CVE-2026-23884)
vulnerability in dos (CVE-2026-23884). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23533 |
|
Vulnerability in dos (CVE-2026-23533)
vulnerability in dos (CVE-2026-23533). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23534 |
|
Vulnerability in dos (CVE-2026-23534)
vulnerability in dos (CVE-2026-23534). Successful exploitation can lead to full system takeover.
|
| CVE-2026-23532 |
|
Vulnerability in dos (CVE-2026-23532)
vulnerability in dos (CVE-2026-23532). Successful exploitation can lead to full system takeover. Exploitable via ``gdi_SurfaceToSurface``.
|
| CVE-2026-23530 |
|
Vulnerability in dos (CVE-2026-23530)
vulnerability in dos (CVE-2026-23530). Successful exploitation can lead to full system takeover. Exploitable via ``freerdp_bitmap_decompress_planar``.
|
| CVE-2026-23531 |
|
Vulnerability in dos (CVE-2026-23531)
vulnerability in dos (CVE-2026-23531). Successful exploitation can lead to full system takeover. Exploitable via ``glyphData``.
|
| CVE-2025-62581 |
|
Delta Electronics DIAView has multiple vulnerabilities.
Delta Electronics DIAView has multiple vulnerabilities.
|
| CVE-2025-62582 |
|
Delta Electronics DIAView has multiple vulnerabilities.
Delta Electronics DIAView has multiple vulnerabilities.
|
| CVE-2026-22859 |
|
Out-of-Bounds Read in freerdp (CVE-2026-22859)
vulnerability in freerdp (CVE-2026-22859). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2026-22855 |
|
Out-of-Bounds Read in freerdp (CVE-2026-22855)
vulnerability in freerdp (CVE-2026-22855). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2026-22858 |
|
Out-of-Bounds Read in c (CVE-2026-22858)
vulnerability in c (CVE-2026-22858). Confidential information can be exposed externally. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2026-22853 |
|
Out-of-Bounds Write in freerdp (CVE-2026-22853)
out-of-bounds write in freerdp (CVE-2026-22853). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.20.1` or later.
|
| CVE-2025-65783 |
|
Unrestricted File Upload in hubert (CVE-2025-65783)
vulnerability in hubert (CVE-2025-65783). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0881 |
|
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
|
| CVE-2026-0879 |
|
Buffer Overflow in mozilla (CVE-2026-0879)
vulnerability in mozilla (CVE-2026-0879). Successful exploitation can lead to full system takeover.
|
| CVE-2025-29329 |
|
Vulnerability in sagemcom (CVE-2025-29329)
vulnerability in sagemcom (CVE-2025-29329). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63314 |
|
Vulnerability in ddsn (CVE-2025-63314)
vulnerability in ddsn (CVE-2025-63314). Confidential information can be exposed externally.
|
| CVE-2025-65552 |
|
Vulnerability in d3dsecurity (CVE-2025-65552)
vulnerability in d3dsecurity (CVE-2025-65552). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61686 |
|
Path Traversal in react (CVE-2025-61686)
path traversal in react (CVE-2025-61686). Data can be tampered with by attackers.
|
| CVE-2025-70974 |
|
Vulnerability in CVE-2025-70974 (CVE-2025-70974)
vulnerability in CVE-2025-70974 (CVE-2025-70974). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22189 |
|
Vulnerability in cmu (CVE-2026-22189)
vulnerability in cmu (CVE-2026-22189). Successful exploitation can lead to full system takeover.
|