Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42301 |
|
Vulnerability in CVE-2026-42301 (CVE-2026-42301)
vulnerability in CVE-2026-42301 (CVE-2026-42301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42298 |
|
Code Injection in docker (CVE-2026-42298)
code injection in docker (CVE-2026-42298). Successful exploitation can lead to full system takeover. Exploitable via ``GITHUB_TOKEN``. Mitigation: upgrade to `>= 0` or later.
|
| CVE-2026-41486 |
|
Code Injection in CVE-2026-41486 (CVE-2026-41486)
code injection in CVE-2026-41486 (CVE-2026-41486). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44336 |
|
Vulnerability in praison (CVE-2026-44336)
vulnerability in praison (CVE-2026-44336). Successful exploitation can lead to full system takeover. Exploitable via ``praisonai.rules.create``.
|
| CVE-2026-44334 |
|
Code Injection in praison (CVE-2026-44334)
code injection in praison (CVE-2026-44334). Successful exploitation can lead to full system takeover. Exploitable via `POST /v1/recipes/run`.
|
| CVE-2026-41512 |
|
Code Injection in gem (CVE-2026-41512)
code injection in gem (CVE-2026-41512). Successful exploitation can lead to full system takeover. Exploitable via `POST /targets/auto_detect_selectors`.
|
| CVE-2026-41507 |
|
Code Injection in remote (CVE-2026-41507)
code injection in remote (CVE-2026-41507). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25077 |
|
Code Injection in apache (CVE-2026-25077)
code injection in apache (CVE-2026-25077). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-46507 |
|
Code Injection in yeti-platform (CVE-2024-46507)
code injection in yeti-platform (CVE-2024-46507). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8136 |
|
Cross-Site Scripting (XSS) in CVE-2026-8136 (CVE-2026-8136)
cross-site scripting in CVE-2026-8136 (CVE-2026-8136). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-43944 |
|
Vulnerability in electerm (CVE-2026-43944)
vulnerability in electerm (CVE-2026-43944). Successful exploitation can lead to full system takeover. Exploitable via ``opts``. Mitigation: upgrade to `> 3.8.8` or later.
|
| CVE-2026-41900 |
|
OS Command Injection in CVE-2026-41900 (CVE-2026-41900)
OS command injection in CVE-2026-41900 (CVE-2026-41900). Successful exploitation can lead to full system takeover.
|
| CVE-2026-41645 |
|
Code Injection in projectdiscovery (CVE-2026-41645)
code injection in projectdiscovery (CVE-2026-41645). Confidential information can be exposed externally.
|
| CVE-2026-8117 |
|
Cross-Site Scripting (XSS) in CVE-2026-8117 (CVE-2026-8117)
cross-site scripting in CVE-2026-8117 (CVE-2026-8117). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41692 |
|
Cross-Site Scripting (XSS) in CVE-2026-41692 (CVE-2026-41692)
cross-site scripting in CVE-2026-41692 (CVE-2026-41692). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-36458 |
|
Code Injection in sqli (CVE-2026-36458)
code injection in sqli (CVE-2026-36458). Successful exploitation can lead to full system takeover.
|
| CVE-2025-63706 |
|
Code Injection in npm (CVE-2025-63706)
code injection in npm (CVE-2025-63706). Successful exploitation can lead to full system takeover.
|
| CVE-2026-8094 |
|
Code Injection in firefox (CVE-2026-8094)
code injection in firefox (CVE-2026-8094). Successful exploitation can lead to full system takeover.
|
| CVE-2026-38431 |
|
Code Injection in frappe (CVE-2026-38431)
code injection in frappe (CVE-2026-38431). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24120 |
|
Code Injection in vm2-project (CVE-2026-24120)
code injection in vm2-project (CVE-2026-24120). Successful exploitation can lead to full system takeover. Exploitable via ``resetPromiseSpecies``.
|
| CVE-2026-24118 |
|
Code Injection in vm2-project (CVE-2026-24118)
code injection in vm2-project (CVE-2026-24118). Successful exploitation can lead to full system takeover. Exploitable via ``__lookupGetter__``.
|
| CVE-2026-24781 |
|
Code Injection in vm2-project (CVE-2026-24781)
code injection in vm2-project (CVE-2026-24781). Successful exploitation can lead to full system takeover. Exploitable via ``inspect``.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2009-0238 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0238)
code injection in Microsoft office (CVE-2009-0238). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33017 KEV |
|
[KEV] Code Injection in langflow (CVE-2026-33017)
code injection in langflow (CVE-2026-33017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32432 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2025-32432)
code injection in Craft cms craft-cms (CVE-2025-32432). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-54068 KEV |
|
[KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1281 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20045 KEV |
|
[KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)
code injection in Cisco unified-communications-manager (CVE-2026-20045). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2009-0556 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-37164 KEV |
|
[KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-6204 KEV |
|
[KEV] Code Injection in Dassault systèmes dassault-systemes (CVE-2025-6204)
code injection in Dassault systèmes dassault-systemes (CVE-2025-6204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-49704 KEV |
|
[KEV] Code Injection in Microsoft sharepoint (CVE-2025-49704)
code injection in Microsoft sharepoint (CVE-2025-49704). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-56145 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4428 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-1976 KEV |
|
[KEV] Code Injection in Broadcom brocade-fabric-os (CVE-2025-1976)
code injection in Broadcom brocade-fabric-os (CVE-2025-1976). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-23209 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2025-23209)
code injection in Craft cms craft-cms (CVE-2025-23209). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24816 KEV |
|
[KEV] Code Injection in Osgeo jai-ext (CVE-2022-24816)
code injection in Osgeo jai-ext (CVE-2022-24816). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20359 KEV |
|
[KEV] Code Injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359)
code injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-24955 KEV |
|
[KEV] Code Injection in Microsoft sharepoint-server (CVE-2023-24955)
code injection in Microsoft sharepoint-server (CVE-2023-24955). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44529 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529)
code injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21351 KEV |
|
[KEV] Code Injection in Microsoft windows (CVE-2024-21351)
code injection in Microsoft windows (CVE-2024-21351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6548 KEV |
|
[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548)
code injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-14667 KEV |
|
[KEV] Code Injection in Red hat red-hat (CVE-2018-14667)
code injection in Red hat red-hat (CVE-2018-14667). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-33246 KEV |
|
[KEV] Code Injection in Apache rocketmq (CVE-2023-33246)
code injection in Apache rocketmq (CVE-2023-33246). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-3519 KEV |
|
[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-3519)
code injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-3519). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-25717 KEV |
|
[KEV] Code Injection in Ruckus wireless ruckus-wireless (CVE-2023-25717)
code injection in Ruckus wireless ruckus-wireless (CVE-2023-25717). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-29492 KEV |
|
[KEV] Code Injection in Novi survey novi-survey (CVE-2023-29492)
code injection in Novi survey novi-survey (CVE-2023-29492). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-3163 KEV |
|
[KEV] Code Injection in Microsoft internet-explorer (CVE-2013-3163)
code injection in Microsoft internet-explorer (CVE-2013-3163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|