Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42301 |
|
Vulnerability in CVE-2026-42301 (CVE-2026-42301)
vulnerability in CVE-2026-42301 (CVE-2026-42301). Successful exploitation can lead to full system takeover.
|
| CVE-2026-44334 |
|
Code Injection in praison (CVE-2026-44334)
code injection in praison (CVE-2026-44334). Successful exploitation can lead to full system takeover. Exploitable via `POST /v1/recipes/run`.
|
| CVE-2024-46507 |
|
Code Injection in yeti-platform (CVE-2024-46507)
code injection in yeti-platform (CVE-2024-46507). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41900 |
|
OS Command Injection in CVE-2026-41900 (CVE-2026-41900)
OS command injection in CVE-2026-41900 (CVE-2026-41900). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34197 KEV |
|
[KEV] Vulnerability in Apache activemq (CVE-2026-34197)
vulnerability in Apache activemq (CVE-2026-34197). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2009-0238 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0238)
code injection in Microsoft office (CVE-2009-0238). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1340 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1340). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-33017 KEV |
|
[KEV] Code Injection in langflow (CVE-2026-33017)
code injection in langflow (CVE-2026-33017). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-32432 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2025-32432)
code injection in Craft cms craft-cms (CVE-2025-32432). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-54068 KEV |
|
[KEV] Code Injection in Laravel livewire (CVE-2025-54068)
code injection in Laravel livewire (CVE-2025-54068). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-1281 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2026-1281). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2026-20045 KEV |
|
[KEV] Code Injection in Cisco unified-communications-manager (CVE-2026-20045)
code injection in Cisco unified-communications-manager (CVE-2026-20045). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2009-0556 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0556)
code injection in Microsoft office (CVE-2009-0556). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-37164 KEV |
|
[KEV] Code Injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164)
code injection in Hewlett packard enterprise (hpe) hewlett-packard-enterprise-hpe (CVE-2025-37164). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-6204 KEV |
|
[KEV] Code Injection in Dassault systèmes dassault-systemes (CVE-2025-6204)
code injection in Dassault systèmes dassault-systemes (CVE-2025-6204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-49704 KEV |
|
[KEV] Code Injection in Microsoft sharepoint (CVE-2025-49704)
code injection in Microsoft sharepoint (CVE-2025-49704). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-56145 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2024-56145)
code injection in Craft cms craft-cms (CVE-2024-56145). Risk of unauthorized operations or information disclosure. Exploitable via ``register_argc_argv``. Listed in CISA KEV — actively exploited.
|
| CVE-2025-4428 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428)
code injection in Ivanti endpoint-manager-mobile-epmm (CVE-2025-4428). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-1976 KEV |
|
[KEV] Code Injection in Broadcom brocade-fabric-os (CVE-2025-1976)
code injection in Broadcom brocade-fabric-os (CVE-2025-1976). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-23209 KEV |
|
[KEV] Code Injection in Craft cms craft-cms (CVE-2025-23209)
code injection in Craft cms craft-cms (CVE-2025-23209). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-24816 KEV |
|
[KEV] Code Injection in Osgeo jai-ext (CVE-2022-24816)
code injection in Osgeo jai-ext (CVE-2022-24816). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-20359 KEV |
|
[KEV] Code Injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359)
code injection in Cisco adaptive-security-appliance-asa-and-firepower-threat-defense-ftd (CVE-2024-20359). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-24955 KEV |
|
[KEV] Code Injection in Microsoft sharepoint-server (CVE-2023-24955)
code injection in Microsoft sharepoint-server (CVE-2023-24955). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-44529 KEV |
|
[KEV] Code Injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529)
code injection in Ivanti endpoint-manager-cloud-service-appliance-epm-csa (CVE-2021-44529). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-21351 KEV |
|
[KEV] Code Injection in Microsoft windows (CVE-2024-21351)
code injection in Microsoft windows (CVE-2024-21351). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-6548 KEV |
|
[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548)
code injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-6548). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-14667 KEV |
|
[KEV] Code Injection in Red hat red-hat (CVE-2018-14667)
code injection in Red hat red-hat (CVE-2018-14667). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-33246 KEV |
|
[KEV] Code Injection in Apache rocketmq (CVE-2023-33246)
code injection in Apache rocketmq (CVE-2023-33246). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-3519 KEV |
|
[KEV] Code Injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-3519)
code injection in Citrix netscaler-adc-and-netscaler-gateway (CVE-2023-3519). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-25717 KEV |
|
[KEV] Code Injection in Ruckus wireless ruckus-wireless (CVE-2023-25717)
code injection in Ruckus wireless ruckus-wireless (CVE-2023-25717). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-29492 KEV |
|
[KEV] Code Injection in Novi survey novi-survey (CVE-2023-29492)
code injection in Novi survey novi-survey (CVE-2023-29492). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-3163 KEV |
|
[KEV] Code Injection in Microsoft internet-explorer (CVE-2013-3163)
code injection in Microsoft internet-explorer (CVE-2013-3163). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-7494 KEV |
|
[KEV] Code Injection in samba (CVE-2017-7494)
code injection in samba (CVE-2017-7494). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2021-39144 KEV |
|
[KEV] Code Injection in xstream (CVE-2021-39144)
code injection in xstream (CVE-2021-39144). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-41223 KEV |
|
[KEV] Code Injection in Mitel mivoice-connect (CVE-2022-41223)
code injection in Mitel mivoice-connect (CVE-2022-41223). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-3236 KEV |
|
[KEV] Code Injection in Sophos firewall (CVE-2022-3236)
code injection in Sophos firewall (CVE-2022-3236). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22963 KEV |
|
[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2022-22963)
code injection in Vmware tanzu vmware-tanzu (CVE-2022-22963). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2009-1862 KEV |
|
[KEV] Code Injection in Adobe acrobat-and-reader (CVE-2009-1862)
code injection in Adobe acrobat-and-reader (CVE-2009-1862). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2009-0557 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2009-0557)
code injection in Microsoft office (CVE-2009-0557). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-4148 KEV |
|
[KEV] Code Injection in Microsoft windows (CVE-2014-4148)
code injection in Microsoft windows (CVE-2014-4148). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22947 KEV |
|
[KEV] Code Injection in Vmware spring-cloud-gateway (CVE-2022-22947)
code injection in Vmware spring-cloud-gateway (CVE-2022-22947). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22954 KEV |
|
[KEV] Code Injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954)
code injection in Vmware workspace-one-access-and-identity-manager (CVE-2022-22954). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2022-22965 KEV |
|
[KEV] Code Injection in Vmware spring-framework (CVE-2022-22965)
code injection in Vmware spring-framework (CVE-2022-22965). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2009-1151 KEV |
|
[KEV] Code Injection in phpmyadmin (CVE-2009-1151)
code injection in phpmyadmin (CVE-2009-1151). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2018-1273 KEV |
|
[KEV] Code Injection in Vmware tanzu vmware-tanzu (CVE-2018-1273)
code injection in Vmware tanzu vmware-tanzu (CVE-2018-1273). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2014-6287 KEV |
|
[KEV] Code Injection in Rejetto http-file-server-hfs (CVE-2014-6287)
code injection in Rejetto http-file-server-hfs (CVE-2014-6287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-4810 KEV |
|
[KEV] Code Injection in Hewlett packard (hp) hewlett-packard-hp (CVE-2013-4810)
code injection in Hewlett packard (hp) hewlett-packard-hp (CVE-2013-4810). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2020-8218 KEV |
|
[KEV] Code Injection in Pulse secure pulse-secure (CVE-2020-8218)
code injection in Pulse secure pulse-secure (CVE-2020-8218). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2013-1347 KEV |
|
[KEV] Code Injection in Microsoft internet-explorer (CVE-2013-1347)
code injection in Microsoft internet-explorer (CVE-2013-1347). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2012-1856 KEV |
|
[KEV] Code Injection in Microsoft office (CVE-2012-1856)
code injection in Microsoft office (CVE-2012-1856). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|