Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-53827 |
|
Vulnerability in CVE-2025-53827 (CVE-2025-53827)
vulnerability in CVE-2025-53827 (CVE-2025-53827). Successful exploitation can lead to full system takeover.
|
| CVE-2026-14620 |
|
Cross-Site Request Forgery (CSRF) in webpackjs (CVE-2026-14620)
vulnerability in webpackjs (CVE-2026-14620). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-54753 |
|
Vulnerability in CVE-2026-54753 (CVE-2026-54753)
vulnerability in CVE-2026-54753 (CVE-2026-54753). Confidential information can be exposed externally. Mitigation: upgrade to `22.7.2` or later.
|
| CVE-2026-55454 |
|
Vulnerability in ssrf (CVE-2026-55454)
vulnerability in ssrf (CVE-2026-55454). Successful exploitation can lead to full system takeover. Exploitable via `POST /load`. Mitigation: upgrade to `2.1` or later.
|
| CVE-2026-48783 |
|
Vulnerability in CVE-2026-48783 (CVE-2026-48783)
vulnerability in CVE-2026-48783 (CVE-2026-48783). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49993 |
|
Vulnerability in @nuxt/webpack-builder (CVE-2026-49993)
vulnerability in @nuxt/webpack-builder (CVE-2026-49993). Confidential information can be exposed externally. Exploitable via ``Origin``. Mitigation: upgrade to `3.21.7` or later.
|
| CVE-2026-12060 |
|
Vulnerability in CVE-2026-12060 (CVE-2026-12060)
vulnerability in CVE-2026-12060 (CVE-2026-12060). Confidential information can be exposed externally.
|
| CVE-2026-7516 |
|
Vulnerability in CVE-2026-7516 (CVE-2026-7516)
vulnerability in CVE-2026-7516 (CVE-2026-7516). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-47899 |
|
Vulnerability in CVE-2026-47899 (CVE-2026-47899)
vulnerability in CVE-2026-47899 (CVE-2026-47899). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41283 |
|
Authorization Flaw in CVE-2026-41283 (CVE-2026-41283)
vulnerability in CVE-2026-41283 (CVE-2026-41283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44698 |
|
Code Injection in CVE-2026-44698 (CVE-2026-44698)
code injection in CVE-2026-44698 (CVE-2026-44698). Successful exploitation can lead to full system takeover. Exploitable via ``window.externalApp``. Mitigation: upgrade to `2026.4.1` or later.
|
| CVE-2025-14713 |
|
Vulnerability in synology (CVE-2025-14713)
vulnerability in synology (CVE-2025-14713). Confidential information can be exposed externally.
|
| CVE-2026-4051 |
|
Vulnerability in ibm (CVE-2026-4051)
vulnerability in ibm (CVE-2026-4051). Successful exploitation can lead to full system takeover.
|
| CVE-2026-45670 |
|
Vulnerability in @nuxt/rspack-builder (CVE-2026-45670)
vulnerability in @nuxt/rspack-builder (CVE-2026-45670). Risk of unauthorized operations or information disclosure. Exploitable via ``script.src``. Mitigation: upgrade to `4.4.6` or later.
|
| CVE-2026-33584 |
|
Vulnerability in CVE-2026-33584 (CVE-2026-33584)
vulnerability in CVE-2026-33584 (CVE-2026-33584). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33583 |
|
Vulnerability in CVE-2026-33583 (CVE-2026-33583)
vulnerability in CVE-2026-33583 (CVE-2026-33583). Confidential information can be exposed externally.
|
| CVE-2026-44798 |
|
Vulnerability in nautobot (CVE-2026-44798)
vulnerability in nautobot (CVE-2026-44798). Risk of unauthorized operations or information disclosure. Exploitable via ``current_head``. Mitigation: upgrade to `2.4.33` or later.
|
| CVE-2026-8108 |
|
Vulnerability in cisa (CVE-2026-8108)
vulnerability in cisa (CVE-2026-8108). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8109 |
|
Vulnerability in ivanti (CVE-2026-8109)
vulnerability in ivanti (CVE-2026-8109). Confidential information can be exposed externally.
|
| CVE-2026-6402 |
|
Vulnerability in webpack-dev-server (CVE-2026-6402)
vulnerability in webpack-dev-server (CVE-2026-6402). Confidential information can be exposed externally. Mitigation: upgrade to `5.2.4` or later.
|
| CVE-2026-44836 |
|
Vulnerability in view_component (CVE-2026-44836)
vulnerability in view_component (CVE-2026-44836). Confidential information can be exposed externally. Exploitable via `GET /rails/view_components/my_component/render_with_template`. Mitigation: upgrade to `4.9.0` or later.
|
| CVE-2026-24118 |
|
Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
|
| CVE-2026-22208 |
|
Vulnerability in CVE-2026-22208 (CVE-2026-22208)
vulnerability in CVE-2026-22208 (CVE-2026-22208). Successful exploitation can lead to full system takeover.
|
| CVE-2024-12651 |
|
Vulnerability in CVE-2024-12651 (CVE-2024-12651)
vulnerability in CVE-2024-12651 (CVE-2024-12651). Confidential information can be exposed externally.
|
| CVE-2024-25675 |
|
Vulnerability in misp-project (CVE-2024-25675)
vulnerability in misp-project (CVE-2024-25675). Successful exploitation can lead to full system takeover.
|
| CVE-2018-19322 KEV |
|
[KEV] Vulnerability in Gigabyte multiple-products (CVE-2018-19322)
vulnerability in Gigabyte multiple-products (CVE-2018-19322). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-36942 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2021-36942)
vulnerability in Microsoft windows (CVE-2021-36942). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-2735 |
|
Vulnerability in huawei (CVE-2017-2735)
vulnerability in huawei (CVE-2017-2735). Data can be tampered with by attackers.
|
| CVE-2016-9469 |
|
Vulnerability in gitlab (CVE-2016-9469)
vulnerability in gitlab (CVE-2016-9469). Data can be tampered with by attackers.
|