Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-54068 KEV |
|
[KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-31898 |
|
Vulnerability in parall (CVE-2026-31898)
vulnerability in parall (CVE-2026-31898). Confidential information can be exposed externally. Exploitable via ``createAnnotation``.
|
| CVE-2025-50881 |
|
Code Injection in CVE-2025-50881 (CVE-2025-50881)
code injection in CVE-2025-50881 (CVE-2025-50881). Successful exploitation can lead to full system takeover. Exploitable via ``action``.
|
| CVE-2026-4276 |
|
Code Injection in librechat (CVE-2026-4276)
code injection in librechat (CVE-2026-4276). Data can be tampered with by attackers.
|
| CVE-2026-3476 |
|
Code Injection in 3ds (CVE-2026-3476)
code injection in 3ds (CVE-2026-3476). Successful exploitation can lead to full system takeover.
|
| CVE-2025-14287 |
|
Code Injection in lfprojects (CVE-2025-14287)
code injection in lfprojects (CVE-2025-14287). Successful exploitation can lead to full system takeover.
|
| CVE-2026-32640 |
|
Code Injection in simpleeval (CVE-2026-32640)
code injection in simpleeval (CVE-2026-32640). Successful exploitation can lead to full system takeover. Exploitable via ``names``. Mitigation: upgrade to `1.0.5` or later.
|
| CVE-2026-32304 |
|
Code Injection in locutus (CVE-2026-32304)
code injection in locutus (CVE-2026-32304). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.0.14` or later.
|
| CVE-2026-21669 |
|
Code Injection in veeam (CVE-2026-21669)
code injection in veeam (CVE-2026-21669). Successful exploitation can lead to full system takeover.
|
| CVE-2026-21671 |
|
Code Injection in veeam (CVE-2026-21671)
code injection in veeam (CVE-2026-21671). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67035 |
|
Code Injection in lantronix (CVE-2025-67035)
code injection in lantronix (CVE-2025-67035). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67036 |
|
Code Injection in lantronix (CVE-2025-67036)
code injection in lantronix (CVE-2025-67036). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67037 |
|
Code Injection in lantronix (CVE-2025-67037)
code injection in lantronix (CVE-2025-67037). Successful exploitation can lead to full system takeover.
|
| CVE-2025-67034 |
|
Code Injection in lantronix (CVE-2025-67034)
code injection in lantronix (CVE-2025-67034). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2273 |
|
Code Injection in schneider-electric (CVE-2026-2273)
code injection in schneider-electric (CVE-2026-2273). Successful exploitation can lead to full system takeover.
|
| CVE-2026-29091 |
|
Vulnerability in locutus (CVE-2026-29091)
vulnerability in locutus (CVE-2026-29091). Successful exploitation can lead to full system takeover.
|
| CVE-2026-27830 |
|
Code Injection in deserialization (CVE-2026-27830)
code injection in deserialization (CVE-2026-27830). Successful exploitation can lead to full system takeover. Exploitable via ``javax.naming.Reference``.
|
| CVE-2026-25755 |
|
Code Injection in parall (CVE-2026-25755)
code injection in parall (CVE-2026-25755). Confidential information can be exposed externally. Exploitable via ``addJS``.
|
| CVE-2025-14009 |
|
Code Injection in nltk (CVE-2025-14009)
code injection in nltk (CVE-2025-14009). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.9.3` or later.
|
| CVE-2025-33239 |
|
Code Injection in nvidia (CVE-2025-33239)
code injection in nvidia (CVE-2025-33239). Successful exploitation can lead to full system takeover.
|
| CVE-2025-33240 |
|
Code Injection in nvidia (CVE-2025-33240)
code injection in nvidia (CVE-2025-33240). Successful exploitation can lead to full system takeover.
|
| CVE-2025-69872 |
|
Code Injection in CVE-2025-69872 (CVE-2025-69872)
code injection in CVE-2025-69872 (CVE-2025-69872). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1615 |
|
Code Injection in CVE-2026-1615 (CVE-2026-1615)
code injection in CVE-2026-1615 (CVE-2026-1615). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61732 |
|
Code Injection in toolchain (CVE-2025-61732)
code injection in toolchain (CVE-2025-61732). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.24.13, 1.25.7` or later.
|
| CVE-2026-25153 |
|
Code Injection in linuxfoundation (CVE-2026-25153)
code injection in linuxfoundation (CVE-2026-25153). Confidential information can be exposed externally. Exploitable via ``hooks``.
|
| CVE-2025-24293 |
|
Command Injection in CVE-2025-24293 (CVE-2025-24293)
command injection in CVE-2025-24293 (CVE-2025-24293). Successful exploitation can lead to full system takeover.
|
| CVE-2026-1281 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-57283 |
|
Code Injection in browserstack (CVE-2025-57283)
code injection in browserstack (CVE-2025-57283). Successful exploitation can lead to full system takeover.
|
| CVE-2026-24747 |
|
Code Injection in linuxfoundation (CVE-2026-24747)
code injection in linuxfoundation (CVE-2026-24747). Successful exploitation can lead to full system takeover. Exploitable via ``weights_only``.
|
| CVE-2026-22807 |
|
Code Injection in vllm (CVE-2026-22807)
code injection in vllm (CVE-2026-22807). Successful exploitation can lead to full system takeover. Exploitable via ``auto_map``.
|
| CVE-2026-20045 KEV |
|
[KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)
code injection in Cisco unified-communications-manager (CVE-2026-20045). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-22771 |
|
Code Injection in envoyproxy (CVE-2026-22771)
code injection in envoyproxy (CVE-2026-22771). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.5.7` or later.
|
| CVE-2025-69262 |
|
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings....
pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Code E...
|
| CVE-2009-0556 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-37164 KEV |
|
[KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66848 |
|
Code Injection in jdcloud (CVE-2025-66848)
code injection in jdcloud (CVE-2025-66848). Successful exploitation can lead to full system takeover.
|
| CVE-2023-53888 |
|
Code Injection in zomp (CVE-2023-53888)
code injection in zomp (CVE-2023-53888). Successful exploitation can lead to full system takeover.
|
| CVE-2025-65854 |
|
Code Injection in mineadmin (CVE-2025-65854)
code injection in mineadmin (CVE-2025-65854). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56399 |
|
Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6204 KEV |
|
[KEV] Code Injection in Dassault systèmes dassault-systemes (CVE-2025-6204)
code injection in Dassault systèmes dassault-systemes (CVE-2025-6204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-57567 |
|
Code Injection in CVE-2025-57567 (CVE-2025-57567)
code injection in CVE-2025-57567 (CVE-2025-57567). Successful exploitation can lead to full system takeover.
|
| CVE-2025-56588 |
|
Code Injection in dolibarr (CVE-2025-56588)
code injection in dolibarr (CVE-2025-56588). Successful exploitation can lead to full system takeover.
|
| CVE-2025-50567 |
|
SQL Injection in CVE-2025-50567 (CVE-2025-50567)
SQL injection in CVE-2025-50567 (CVE-2025-50567). Successful exploitation can lead to full system takeover.
|
| CVE-2012-10032 |
|
Cross-Site Scripting (XSS) in CVE-2012-10032 (CVE-2012-10032)
cross-site scripting in CVE-2012-10032 (CVE-2012-10032). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-4056 |
|
Code Injection in dos (CVE-2025-4056)
code injection in dos (CVE-2025-4056). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-49704 KEV |
|
[KEV] Code Injection in Microsoft sharepoint (CVE-2025-49704)
code injection in Microsoft sharepoint (CVE-2025-49704). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-53867 |
|
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
|
| CVE-2024-56145 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4428 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2421 |
|
Code Injection in felisify (CVE-2025-2421)
code injection in felisify (CVE-2025-2421). Successful exploitation can lead to full system takeover.
|