Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-494 Clear
ID Title
CVE-2026-55698 Vulnerability in pnpm (CVE-2026-55698)
vulnerability in pnpm (CVE-2026-55698). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2026-55697 OS Command Injection in pnpm (CVE-2026-55697)
OS command injection in pnpm (CVE-2026-55697). Successful exploitation can lead to full system takeover. Exploitable via ``a93449314f398cf4bdf2e28d033c02d37395ad22``. Mitigation: upgrade to `11.5.3` or later.
CVE-2021-47986 Vulnerability in CVE-2021-47986 (CVE-2021-47986)
vulnerability in CVE-2021-47986 (CVE-2021-47986). Successful exploitation can lead to full system takeover.
CVE-2021-47987 Vulnerability in CVE-2021-47987 (CVE-2021-47987)
vulnerability in CVE-2021-47987 (CVE-2021-47987). Successful exploitation can lead to full system takeover.
CVE-2026-49241 Cross-Site Scripting (XSS) in angular (CVE-2026-49241)
cross-site scripting in angular (CVE-2026-49241). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `21.2.4` or later.
CVE-2026-9037 Vulnerability in cisa (CVE-2026-9037)
vulnerability in cisa (CVE-2026-9037). Risk of unauthorized operations or information disclosure.
CVE-2026-9089 Vulnerability in CVE-2026-9089 (CVE-2026-9089)
vulnerability in CVE-2026-9089 (CVE-2026-9089). Successful exploitation can lead to full system takeover.
CVE-2026-45058 Vulnerability in electerm (CVE-2026-45058)
vulnerability in electerm (CVE-2026-45058). Risk of unauthorized operations or information disclosure.
CVE-2026-42575 Vulnerability in chainguard.dev/apko (CVE-2026-42575)
vulnerability in chainguard.dev/apko (CVE-2026-42575). Data can be tampered with by attackers. Exploitable via ``APKINDEX.tar.gz``. Mitigation: upgrade to `1.2.7` or later.
CVE-2026-42249 Path Traversal in path-traversal (CVE-2026-42249)
path traversal in path-traversal (CVE-2026-42249). Successful exploitation can lead to full system takeover.
CVE-2026-42248 Vulnerability in ollama (CVE-2026-42248)
vulnerability in ollama (CVE-2026-42248). Successful exploitation can lead to full system takeover.
CVE-2025-10539 Vulnerability in draugiemgroup (CVE-2025-10539)
vulnerability in draugiemgroup (CVE-2025-10539). Risk of unauthorized operations or information disclosure.
CVE-2026-30603 Vulnerability in CVE-2026-30603 (CVE-2026-30603)
vulnerability in CVE-2026-30603 (CVE-2026-30603). Successful exploitation can lead to full system takeover.
CVE-2026-3502 KEV [KEV] Vulnerability in Trueconf client (CVE-2026-3502)
vulnerability in Trueconf client (CVE-2026-3502). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2026-28500 Vulnerability in onnx (CVE-2026-28500)
vulnerability in onnx (CVE-2026-28500). Confidential information can be exposed externally. Mitigation: upgrade to `1.21.0rc1` or later.
CVE-2025-15556 KEV [KEV] Vulnerability in Notepad++ notepad (CVE-2025-15556)
vulnerability in Notepad++ notepad (CVE-2025-15556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2025-69263 pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe...
pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package w...
CVE-2025-61228 Vulnerability in shirt-pocket (CVE-2025-61228)
vulnerability in shirt-pocket (CVE-2025-61228). Successful exploitation can lead to full system takeover.
CVE-2025-56513 Vulnerability in nicehash (CVE-2025-56513)
vulnerability in nicehash (CVE-2025-56513). Successful exploitation can lead to full system takeover.
CVE-2022-40799 KEV [KEV] Vulnerability in D-link dnr-322l (CVE-2022-40799)
vulnerability in D-link dnr-322l (CVE-2022-40799). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2022-24140 Vulnerability in iobit (CVE-2022-24140)
vulnerability in iobit (CVE-2022-24140). Successful exploitation can lead to full system takeover.
CVE-2022-27438 Vulnerability in caphyon (CVE-2022-27438)
vulnerability in caphyon (CVE-2022-27438). Successful exploitation can lead to full system takeover.
CVE-2022-28944 Vulnerability in emcosoftware (CVE-2022-28944)
vulnerability in emcosoftware (CVE-2022-28944). Successful exploitation can lead to full system takeover.
CVE-2022-24644 Vulnerability in zzinc (CVE-2022-24644)
vulnerability in zzinc (CVE-2022-24644). Successful exploitation can lead to full system takeover.
CVE-2021-44168 KEV [KEV] Vulnerability in Fortinet fortios (CVE-2021-44168)
vulnerability in Fortinet fortios (CVE-2021-44168). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
CVE-2017-12740 Vulnerability in siemens (CVE-2017-12740)
vulnerability in siemens (CVE-2017-12740). Data can be tampered with by attackers.
CVE-2017-2739 Vulnerability in huawei (CVE-2017-2739)
vulnerability in huawei (CVE-2017-2739). Risk of unauthorized operations or information disclosure.
CVE-2017-2707 Vulnerability in privilege-escalation (CVE-2017-2707)
vulnerability in privilege-escalation (CVE-2017-2707). Data can be tampered with by attackers.
CVE-2017-12306 Vulnerability in cisco (CVE-2017-12306)
vulnerability in cisco (CVE-2017-12306). Data can be tampered with by attackers.
CVE-2017-13083 Vulnerability in akeo (CVE-2017-13083)
vulnerability in akeo (CVE-2017-13083). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →