Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-3082 |
|
Vulnerability in gstreamer (CVE-2026-3082)
vulnerability in gstreamer (CVE-2026-3082). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3085 |
|
Vulnerability in gstreamer (CVE-2026-3085)
vulnerability in gstreamer (CVE-2026-3085). Successful exploitation can lead to full system takeover.
|
| CVE-2026-3083 |
|
Vulnerability in gstreamer (CVE-2026-3083)
vulnerability in gstreamer (CVE-2026-3083). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2923 |
|
Out-of-Bounds Write in gstreamer (CVE-2026-2923)
out-of-bounds write in gstreamer (CVE-2026-2923). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2921 |
|
Vulnerability in gstreamer (CVE-2026-2921)
vulnerability in gstreamer (CVE-2026-2921). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2922 |
|
Out-of-Bounds Write in gstreamer (CVE-2026-2922)
out-of-bounds write in gstreamer (CVE-2026-2922). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2920 |
|
Vulnerability in gstreamer (CVE-2026-2920)
vulnerability in gstreamer (CVE-2026-2920). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21708 |
|
SQL Injection in veeam (CVE-2026-21708)
SQL injection in veeam (CVE-2026-21708). Confidential information can be exposed externally.
|
| CVE-2026-21669 |
|
Code Injection in veeam (CVE-2026-21669)
code injection in veeam (CVE-2026-21669). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21671 |
|
Code Injection in veeam (CVE-2026-21671)
code injection in veeam (CVE-2026-21671). Successful exploitation can lead to full system takeover.
|
| CVE-2026-28292 |
|
OS Command Injection in simple-git-project (CVE-2026-28292)
OS command injection in simple-git-project (CVE-2026-28292). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1286 |
|
Unsafe Deserialization in deserialization (CVE-2026-1286)
vulnerability in deserialization (CVE-2026-1286). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29091 |
|
Vulnerability in locutus (CVE-2026-29091)
vulnerability in locutus (CVE-2026-29091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2743 |
|
Path Traversal in path-traversal (CVE-2026-2743)
path traversal in path-traversal (CVE-2026-2743). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0847 |
|
Path Traversal in nltk (CVE-2026-0847)
path traversal in nltk (CVE-2026-0847). Confidential information can be exposed externally. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-28364 |
|
Vulnerability in c (CVE-2026-28364)
vulnerability in c (CVE-2026-28364). Confidential information can be exposed externally.
|
| CVE-2026-25109 |
|
OS Command Injection in copeland (CVE-2026-25109)
OS command injection in copeland (CVE-2026-25109). Successful exploitation can lead to full system takeover.
|
| CVE-2026-20910 |
|
OS Command Injection in copeland (CVE-2026-20910)
OS command injection in copeland (CVE-2026-20910). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27148 |
|
Vulnerability in storybook (CVE-2026-27148)
vulnerability in storybook (CVE-2026-27148). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27606 |
|
Path Traversal in path-traversal (CVE-2026-27606)
path traversal in path-traversal (CVE-2026-27606). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14905 |
|
Vulnerability in c (CVE-2025-14905)
vulnerability in c (CVE-2025-14905). Successful exploitation can lead to full system takeover. Exploitable via ``schema_attr_enum_callback``.
|
| CVE-2026-2044 |
|
Vulnerability in gimp (CVE-2026-2044)
vulnerability in gimp (CVE-2026-2044). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2048 |
|
Out-of-Bounds Write in gimp (CVE-2026-2048)
out-of-bounds write in gimp (CVE-2026-2048). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2047 |
|
Vulnerability in gimp (CVE-2026-2047)
vulnerability in gimp (CVE-2026-2047). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2045 |
|
Out-of-Bounds Write in gimp (CVE-2026-2045)
out-of-bounds write in gimp (CVE-2026-2045). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0797 |
|
Vulnerability in gimp (CVE-2026-0797)
vulnerability in gimp (CVE-2026-0797). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2033 |
|
Path Traversal in path-traversal (CVE-2026-2033)
path traversal in path-traversal (CVE-2026-2033). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26200 |
|
Vulnerability in hdfgroup (CVE-2026-26200)
vulnerability in hdfgroup (CVE-2026-26200). Successful exploitation can lead to full system takeover.
|
| CVE-2025-13590 |
|
Unrestricted File Upload in wso2 (CVE-2025-13590)
vulnerability in wso2 (CVE-2025-13590). Successful exploitation can lead to full system takeover.
|
| CVE-2026-0974 |
|
Vulnerability in wordpress (CVE-2026-0974)
vulnerability in wordpress (CVE-2026-0974). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14009 |
|
Code Injection in nltk (CVE-2025-14009)
code injection in nltk (CVE-2025-14009). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2026-22208 |
|
Vulnerability in CVE-2026-22208 (CVE-2026-22208)
vulnerability in CVE-2026-22208 (CVE-2026-22208). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65480 |
|
OS Command Injection in CVE-2025-65480 (CVE-2025-65480)
OS command injection in CVE-2025-65480 (CVE-2025-65480). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1615 |
|
Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
|
| CVE-2026-22778 |
|
Vulnerability in vllm (CVE-2026-22778)
vulnerability in vllm (CVE-2026-22778). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.14.1` or later.
|
| CVE-2026-24881 |
|
Vulnerability in dos (CVE-2026-24881)
vulnerability in dos (CVE-2026-24881). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15467 |
|
Out-of-Bounds Write in cisa (CVE-2025-15467)
out-of-bounds write in cisa (CVE-2025-15467). Successful exploitation can lead to full system takeover.
|
| CVE-2025-15059 |
|
Vulnerability in gimp (CVE-2025-15059)
vulnerability in gimp (CVE-2025-15059). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56005 |
|
Unsafe Deserialization in dabeaz (CVE-2025-56005)
vulnerability in dabeaz (CVE-2025-56005). Successful exploitation can lead to full system takeover. Exploitable via ``picklefile``.
|
| CVE-2021-47839 |
|
Cross-Site Scripting (XSS) in CVE-2021-47839 (CVE-2021-47839)
cross-site scripting in CVE-2021-47839 (CVE-2021-47839). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-69262 |
|
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
|
| CVE-2025-69264 |
|
Vulnerability in pnpm (CVE-2025-69264)
vulnerability in pnpm (CVE-2025-69264). Successful exploitation can lead to full system takeover.
|
| CVE-2025-11157 |
|
Unsafe Deserialization in CVE-2025-11157 (CVE-2025-11157)
vulnerability in CVE-2025-11157 (CVE-2025-11157). Successful exploitation can lead to full system takeover.
|
| CVE-2025-2155 |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade...
Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade...
|
| CVE-2023-53888 |
|
Code Injection in zomp (CVE-2023-53888)
code injection in zomp (CVE-2023-53888). Successful exploitation can lead to full system takeover.
|
| CVE-2025-34291 KEV |
|
[KEV] Vulnerability in langflow (CVE-2025-34291)
vulnerability in langflow (CVE-2025-34291). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2025-63258 |
|
Command Injection in CVE-2025-63258 (CVE-2025-63258)
command injection in CVE-2025-63258 (CVE-2025-63258). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56399 |
|
Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
|
| CVE-2025-55752 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|
| CVE-2025-54236 KEV |
|
[KEV] Vulnerability in Adobe commerce (CVE-2025-54236)
vulnerability in Adobe commerce (CVE-2025-54236). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|