Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-54236 KEV |
|
[KEV] Vulnerability in Adobe commerce (CVE-2025-54236)
vulnerability in Adobe commerce (CVE-2025-54236). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2025-57567 |
|
Code Injection in CVE-2025-57567 (CVE-2025-57567)
code injection in CVE-2025-57567 (CVE-2025-57567). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60641 |
|
SQL Injection in sqli (CVE-2025-60641)
SQL injection in sqli (CVE-2025-60641). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-56588 |
|
Code Injection in dolibarr (CVE-2025-56588)
code injection in dolibarr (CVE-2025-56588). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56513 |
|
Vulnerability in nicehash (CVE-2025-56513)
vulnerability in nicehash (CVE-2025-56513). Successful exploitation can lead to full system takeover.
|
| CVE-2020-36851 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2020-36851)
SSRF in ssrf (CVE-2020-36851). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-57819 KEV |
|
[KEV] SQL Injection in Sangoma freepbx (CVE-2025-57819)
SQL injection in Sangoma freepbx (CVE-2025-57819). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34162 |
|
SQL Injection in sqli (CVE-2025-34162)
SQL injection in sqli (CVE-2025-34162). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-34163 |
|
Unrestricted File Upload in CVE-2025-34163 (CVE-2025-34163)
vulnerability in CVE-2025-34163 (CVE-2025-34163). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-71344 |
|
Unsafe Deserialization in picklescan (CVE-2025-71344)
vulnerability in picklescan (CVE-2025-71344). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.30` or later.
|
| CVE-2025-71361 |
|
Vulnerability in picklescan (CVE-2025-71361)
vulnerability in picklescan (CVE-2025-71361). Confidential information can be exposed externally. Mitigation: upgrade to `0.0.29` or later.
|
| CVE-2012-10060 |
|
Vulnerability in sysax (CVE-2012-10060)
vulnerability in sysax (CVE-2012-10060). Successful exploitation can lead to full system takeover.
|
| CVE-2012-10047 |
|
SQL Injection in sqli (CVE-2012-10047)
SQL injection in sqli (CVE-2012-10047). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-51056 |
|
Unrestricted File Upload in vedo-suite-project (CVE-2025-51056)
vulnerability in vedo-suite-project (CVE-2025-51056). Confidential information can be exposed externally.
|
| CVE-2012-10027 |
|
Unrestricted File Upload in wordpress (CVE-2012-10027)
vulnerability in wordpress (CVE-2012-10027). Risk of unauthorized operations or information disclosure. Exploitable via ``uploadify.php``.
|
| CVE-2025-29534 |
|
OS Command Injection in CVE-2025-29534 (CVE-2025-29534)
OS command injection in CVE-2025-29534 (CVE-2025-29534). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53867 |
|
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
|
| CVE-2025-2251 |
|
Unsafe Deserialization in deserialization (CVE-2025-2251)
vulnerability in deserialization (CVE-2025-2251). Data can be tampered with by attackers.
|
| CVE-2025-25802 |
|
Command Injection in seacms (CVE-2025-25802)
command injection in seacms (CVE-2025-25802). Data can be tampered with by attackers.
|
| CVE-2025-25813 |
|
Command Injection in seacms (CVE-2025-25813)
command injection in seacms (CVE-2025-25813). Data can be tampered with by attackers.
|
| CVE-2025-25792 |
|
Command Injection in seacms (CVE-2025-25792)
command injection in seacms (CVE-2025-25792). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-25793 |
|
Command Injection in seacms (CVE-2025-25793)
command injection in seacms (CVE-2025-25793). Data can be tampered with by attackers.
|
| CVE-2025-25794 |
|
Command Injection in seacms (CVE-2025-25794)
command injection in seacms (CVE-2025-25794). Data can be tampered with by attackers.
|
| CVE-2025-25796 |
|
Command Injection in seacms (CVE-2025-25796)
command injection in seacms (CVE-2025-25796). Data can be tampered with by attackers.
|
| CVE-2025-25797 |
|
Command Injection in seacms (CVE-2025-25797)
command injection in seacms (CVE-2025-25797). Data can be tampered with by attackers.
|
| CVE-2025-25789 |
|
Code Injection in foxcms (CVE-2025-25789)
code injection in foxcms (CVE-2025-25789). Successful exploitation can lead to full system takeover.
|
| CVE-2025-0624 |
|
Out-of-Bounds Write in CVE-2025-0624 (CVE-2025-0624)
out-of-bounds write in CVE-2025-0624 (CVE-2025-0624). Successful exploitation can lead to full system takeover.
|
| CVE-2024-42911 |
|
Code Injection in CVE-2024-42911 (CVE-2024-42911)
code injection in CVE-2024-42911 (CVE-2024-42911). Confidential information can be exposed externally.
|
| CVE-2025-21402 |
|
Microsoft Office OneNote Remote Code Execution Vulnerability
Microsoft Office OneNote Remote Code Execution Vulnerability
|
| CVE-2025-21361 |
|
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
|
| CVE-2025-21338 |
|
GDI+ Remote Code Execution Vulnerability
GDI+ Remote Code Execution Vulnerability
|
| CVE-2024-9143 |
|
Out-of-Bounds Read in CVE-2024-9143 (CVE-2024-9143)
vulnerability in CVE-2024-9143 (CVE-2024-9143). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-31493 |
|
Code Injection in zoneminder (CVE-2023-31493)
code injection in zoneminder (CVE-2023-31493). Confidential information can be exposed externally.
|
| CVE-2023-50780 |
|
Vulnerability in apache (CVE-2023-50780)
vulnerability in apache (CVE-2023-50780). Successful exploitation can lead to full system takeover.
|
| CVE-2024-46084 |
|
Command Injection in scriptcase (CVE-2024-46084)
command injection in scriptcase (CVE-2024-46084). Successful exploitation can lead to full system takeover.
|
| CVE-2024-38909 |
|
Vulnerability in std42 (CVE-2024-38909)
vulnerability in std42 (CVE-2024-38909). Successful exploitation can lead to full system takeover.
|
| CVE-2024-30104 |
|
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
|
| CVE-2024-30101 |
|
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
|
| CVE-2024-30103 |
|
Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Outlook Remote Code Execution Vulnerability
|
| CVE-2024-3166 |
|
Cross-Site Scripting (XSS) in mintplexlabs (CVE-2024-3166)
cross-site scripting in mintplexlabs (CVE-2024-3166). Successful exploitation can lead to full system takeover.
|
| CVE-2024-26257 |
|
Microsoft Excel Remote Code Execution Vulnerability
Microsoft Excel Remote Code Execution Vulnerability
|
| CVE-2024-20673 |
|
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Remote Code Execution Vulnerability
|
| CVE-2024-23054 |
|
Vulnerability in plone (CVE-2024-23054)
vulnerability in plone (CVE-2024-23054). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22899 |
|
Code Injection in vinchin (CVE-2024-22899)
code injection in vinchin (CVE-2024-22899). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22900 |
|
Command Injection in vinchin (CVE-2024-22900)
command injection in vinchin (CVE-2024-22900). Successful exploitation can lead to full system takeover.
|
| CVE-2024-22903 |
|
Command Injection in vinchin (CVE-2024-22903)
command injection in vinchin (CVE-2024-22903). Successful exploitation can lead to full system takeover.
|
| CVE-2024-23055 |
|
Vulnerability in plone (CVE-2024-23055)
vulnerability in plone (CVE-2024-23055). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|
| CVE-2023-40547 |
|
Out-of-Bounds Write in redhat (CVE-2023-40547)
out-of-bounds write in redhat (CVE-2023-40547). Successful exploitation can lead to full system takeover.
|
| CVE-2023-50651 |
|
OS Command Injection in totolink (CVE-2023-50651)
OS command injection in totolink (CVE-2023-50651). Successful exploitation can lead to full system takeover.
|
| CVE-2023-46987 |
|
Code Injection in seacms (CVE-2023-46987)
code injection in seacms (CVE-2023-46987). Successful exploitation can lead to full system takeover.
|