| 04/02/2026 |
⚠️ |
CVE-2026-20732 |
F5 BIG-IP Configuration Utility - Reflected Content Injection |
Link |
| 22/01/2026 |
⚠️ |
CVE-2025-15523 |
TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app |
Link |
| 14/01/2026 |
⚠️ |
CVE-2025-13175 |
Insecure Password Storage in Y Soft SafeQ 6 |
Link |
| 15/12/2025 |
⚠️ |
CVE-2025-14714 |
TCC Bypass via Inherited Permissions in Bundled Interpreter |
Link |
| 10/12/2025 |
⚠️ |
CVE-2025-64897 |
Local Privilege Escalation due to world-writeable permissions in Adobe ColdFusion |
Link |
| 25/09/2025 |
⚠️ |
CVE-2025-36857 |
Rapid7 Appspider Broken Access Control |
Link |
| 16/09/2025 |
⚠️ |
CVE-2025-10015 |
TCC Bypass via Downloader XPC Service in Sparkle |
Link |
| 16/09/2025 |
⚠️ |
CVE-2025-10016 |
Local Privilege Escalation in Sparkle Autoupdate Daemon |
Link |
| 16/09/2025 |
⚠️ |
CVE-2025-42945 |
HTML Injection Vulnerability In SAP NetWeaver Application Server ABAP |
Link |
| 16/09/2025 |
⚠️ |
CVE-2025-42943 |
SAP GUI - NTLM Hash Hijacking via UNC Paths |
Link |
| 26/08/2025 |
⚠️ |
CVE-2025-8700 |
Privilege Escalation via get-task-allow entitlement in Invoice Ninja |
Link |
| 26/08/2025 |
⚠️ |
CVE-2025-8597 |
Privilege Escalation via get-task-allow entitlement in MacVim |
Link |
| 26/08/2025 |
⚠️ |
CVE-2025-53813 |
TCC Bypass via misconfigured Node fuses in Nozbe |
Link |
| 26/08/2025 |
⚠️ |
CVE-2025-9190 |
TCC Bypass via misconfigured Node fuses in Cursor |
Link |
| 26/08/2025 |
⚠️ |
CVE-2025-53811 |
TCC Bypass via misconfigured Node fuses in Mosh-Pro |
Link |
| 11/08/2025 |
⚠️ |
CVE-2025-8672 |
TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app |
Link |
| 07/08/2025 |
⚠️ |
CVE-2025-8533 |
Incorrect Authorization of XPC Service in Fantastical.app |
Link |
| 06/08/2025 |
⚠️ |
CVE-2024-52885 |
Check Point Mobile Access File Share directory traversal attacks |
Link |
| 25/07/2025 |
⚠️ |
CVE-2025-22165 |
Local Privilege Escalation in Sourcetree for Mac |
Link |
| 24/07/2025 |
⚠️ |
CVE-2024-33510 |
SSLVPN WEB UI Text injection |
Link |
| 08/07/2025 |
⚠️ |
CVE-2025-42979 |
SAP GUI - Insecure Key & Secret Management |
Link |
| 29/06/2025 |
⚠️ |
CVE-2024-24915 |
Credential Exposure via Memory Dump in Check Point SmartConsole |
Link |
| 20/06/2025 |
⚠️ |
CVE-2025-5963 |
TCC Bypass via Dylib Injection in Postbox |
Link |
| 20/06/2025 |
⚠️ |
CVE-2025-5255 |
TCC Bypass via Dylib Injection in Phoenix Code |
Link |
| 19/06/2025 |
⚠️ |
CVE-2024-24916 |
DLL HiJacking in SmartConsole for R82 |
Link |
| 28/05/2025 |
⚠️ |
CVE-2025-4081 |
TCC Bypass via Dylib Substitution in DaVinci Resolve |
Link |
| 28/05/2025 |
⚠️ |
CVE-2025-3864 |
Connection Pool Exhaustion In Hackney |
Link |
| 27/05/2025 |
⚠️ |
CVE-2025-4412 |
TCC Bypass via Dylib Loading in Viscosity.app |
Link |
| 22/05/2025 |
⚠️ |
CVE-2025-4280 |
TCC Bypass via Inherited Permissions in Bundled Interpreter in Poedit.app |
Link |
| 21/05/2025 |
⚠️ |
CVE-2025-1415 |
Low-privileged Proget MDM users can access task and device details, including UUIDs, via brute-forced task IDs |
Link |
| 21/05/2025 |
⚠️ |
CVE-2025-1416 |
Low-privileged Proget MDM users can retrieve device passwords using known UUIDs from CVE-2025-1415 or CVE-2025-1417 |
Link |
| 21/05/2025 |
⚠️ |
CVE-2025-1417 |
Low-privileged Proget MDM users can view sensitive data from all device backups, including UUIDs, names, and emails |
Link |
| 21/05/2025 |
⚠️ |
CVE-2025-1418 |
Low-privileged Proget MDM users can access MDM profiles listing allowed and blocked features |
Link |
| 21/05/2025 |
⚠️ |
CVE-2025-1419 |
Improper sanitization in Proget Console comments enables stored XSS by high-privileged users |
Link |
| 21/05/2025 |
⚠️ |
CVE-2025-1420 |
Unsanitized activation messages in Proget Console allow stored XSS attacks by high-privileged users |
Link |
| 21/05/2025 |
⚠️ |
CVE-2025-1421 |
Activation data saved in Proget Console database may lead to remote code execution via malicious CSV opened in Excel |
Link |
| 20/05/2025 |
⚠️ |
CVE-2025-4951 |
Stored Cross-Site Scripting in Rapid7 AppSpider Pro |
Link |
| 10/11/2024 |
⚠️ |
CVE-2024-5848 |
WSO2 API Manager - Reflected Cross-Site Scripting (XSS) |
Link |
| 14/05/2025 |
⚠️ |
CVE-2024-10864 |
SQL Injection in OpenText Advanced Authentication (NetIQ) |
Link |
| 14/05/2025 |
⚠️ |
CVE-2024-10865 |
Cross-site Scripting in OpenText Advanced Authentication (NetIQ) |
Link |
| 27/04/2025 |
⚠️ |
CVE-2024-52887 |
Check Point Mobile Access portal SNX bookmarks - Cross-Site Scripting (XSS) |
Link |
| 27/04/2025 |
⚠️ |
CVE-2024-52888 |
Check Point Mobile Access portal File Share application - Cross-Site Scripting (XSS) |
Link |
| 18/04/2025 |
⚠️ |
CC-2390 |
Local Privilege Escalation Due to Incorrect DLL Permissions in KeeperChat on macOS |
Link |
| 16/04/2025 |
⚠️ |
CVE-2025-1983 |
Ready_ Symfonia eDokumenty - Cross Site Scripting |
Link |
| 16/04/2025 |
⚠️ |
CVE-2025-1982 |
Ready_ Symfonia eDokumenty - Local File Inclusion |
Link |
| 16/04/2025 |
⚠️ |
CVE-2025-1981 |
Ready_ Symfonia eDokumenty - SQL Injection |
Link |
| 16/04/2025 |
⚠️ |
CVE-2025-1980 |
Ready_ Symfonia eDokumenty - Remote Code Execution |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-10087 |
Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-10088 |
Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-10089 |
Stored Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-10090 |
Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-13597 |
Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-13598 |
Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-49705 |
Client-Side Denial of Service in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-49706 |
Open Redirect in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-49707 |
Reflected Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-49708 |
Stored Cross-Site Scripting in SoftCOM iKSORIS Internet Starter Module |
Link |
| 14/04/2025 |
⚠️ |
CVE-2024-49709 |
Session Fixation in SoftCOM iKSORIS Internet Starter Module |
Link |
| 26/03/2025 |
⚠️ |
CVE-2025-2098 |
Dylib Hijacking in Fast CAD Reader |
Link |
| 11/03/2025 |
⚠️ |
CVE-2025-25242 |
SAP NetWeaver Application Server ABAP - Cross-Site Scripting (XSS) |
Link |
| 18/02/2025 |
⚠️ |
CVE-2025-24870 |
SAP GUI - Insecure Key & Secret Management |
Link |
| 06/03/2025 |
⚠️ |
CVE-2024-13892 |
Command Injection in Smartwares cameras |
Link |
| 06/03/2025 |
⚠️ |
CVE-2024-13893 |
Shared credentials in Smartwares cameras |
Link |
| 06/03/2025 |
⚠️ |
CVE-2024-13894 |
Path traversal in Smartwares cameras |
Link |
| 28/02/2025 |
⚠️ |
CVE-2025-22270 |
Stored XSS in CyberArk Endpoint Privilege Manager |
Link |
| 28/02/2025 |
⚠️ |
CVE-2025-22271 |
IP Spoofing in CyberArk Endpoint Privilege Manager |
Link |
| 28/02/2025 |
⚠️ |
CVE-2025-22272 |
Self Reflected XSS in CyberArk Endpoint Privilege Manager |
Link |
| 28/02/2025 |
⚠️ |
CVE-2025-22273 |
Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager |
Link |
| 28/02/2025 |
⚠️ |
CVE-2025-22274 |
HTML injection in CyberArk Endpoint Privilege Manager |
Link |
| 28/02/2025 |
⚠️ |
CVE-2025-1413 |
DaVinci Resolve Dylib Hijacking |
Link |
| 02/01/2025 |
⚠️ |
CVE-2024-12907 |
Reflected Cross-Site Scripting in Kentico CMS |
Link |
| 17/10/2024 |
⚠️ |
CVE-2024-50312 |
Information Disclosure via GraphQL Introspection in OpenShift |
Link |
| 17/10/2024 |
⚠️ |
CVE-2024-50311 |
OpenShift Denial of Service (DoS) |
Link |
| 31/07/2024 |
⚠️ |
CVE-2024-41955 |
Open Redirect in Login Redirect in MobSF <= 4.0.4 |
Link |
| 28/06/2024 |
⚠️ |
CVE-2024-28797 |
Stored Cross-Site Scripting in IBM InfoSphere DataStage Designer < 11.7.4 |
Link |
| 28/06/2024 |
⚠️ |
CVE-2024-28795 |
Stored Cross-Site Scripting in IBM InfoSphere Information Server < 11.7 |
Link |
| 28/06/2024 |
⚠️ |
CVE-2024-28794 |
Stored Cross-Site Scripting in IBM InfoSphere Information Server < 11.7 |
Link |
| 28/06/2024 |
⚠️ |
CVE-2024-5737 |
AdmirorFrames Joomla! Extension < 5.0 - HTML Injection |
Link |
| 28/06/2024 |
⚠️ |
CVE-2024-5736 |
AdmirorFrames Joomla! Extension < 5.0 - Server-Side Request Forgery |
Link |
| 28/06/2024 |
⚠️ |
CVE-2024-5735 |
AdmirorFrames Joomla! Extension < 5.0 - Full Path Disclosure |
Link |
| 24/05/2024 |
⚠️ |
CVE-2024-2218 |
LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS |
Link |
| 08/05/2024 |
⚠️ |
CVE-2024-3050 |
Site Reviews < 7.0.0 - IP Spoofing |
Link |
| 09/05/2024 |
⚠️ |
CVE-2024-3459 |
KioWare for Windows environment escape |
Link |
| 09/05/2024 |
⚠️ |
CVE-2024-3460 |
KioWare for Windows security control bypass |
Link |
| 09/05/2024 |
⚠️ |
CVE-2024-3461 |
KioWare for Windows PIN brute force |
Link |
| 18/03/2024 |
⚠️ |
CVE-2024-1606 |
HTML injection in BMC Control-M |
Link |
| 18/03/2024 |
⚠️ |
CVE-2024-1605 |
DLL side-loading in BMC Control-M |
Link |
| 18/03/2024 |
⚠️ |
CVE-2024-1604 |
Incorrect authorization in BMC Control-M |
Link |
| 14/02/2024 |
⚠️ |
CVE-2024-0010 |
PAN-OS: Reflected Cross-Site Scripting (XSS) Vulnerability in GlobalProtect Portal |
Link |
| 07/02/2024 |
⚠️ |
CVE-2024-24816 |
Cross-site scripting (XSS) in CKEditor4 samples with the preview feature enabled |
Link |
| 31/01/2024 |
⚠️ |
CVE-2022-47072 |
Sparx Systems - Enterprise Architect SQL Injection |
Link |
| 11/01/2024 |
⚠️ |
CVE-2023-5118 |
Stored XSS in Kofax Capture software |
Link |
| 21/12/2023 |
⚠️ |
CVE-2023-4925 |
Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting |
Link |
| 12/12/2023 |
⚠️ |
CVE-2023-45184 |
Decryption key disclosure in IBM i Access Client Solutions due to improper authority checks |
Link |
| 12/12/2023 |
⚠️ |
CVE-2023-45182 |
Possibility to decrypt password-encryption key in IBM i Access Client Solutions allowing an attacker to obtain passwords to other systems |
Link |
| 12/12/2023 |
⚠️ |
CVE-2023-45185 |
Remote Code Execution in IBM i Access Client Solutions |
Link |
| 12/12/2023 |
⚠️ |
CVE-2023-4932 |
Reflected Cross-Site Scripting in SAS 9.4 |
Link |
| 06/11/2023 |
⚠️ |
CVE-2023-5958 |
POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting |
Link |
| 06/11/2023 |
⚠️ |
CVE-2023-5209 |
Bookly < 22.5 - Admin+ Stored XSS |
Link |
| 08/08/2023 |
⚠️ |
CVE-2023-35359 |
Windows Kernel Elevation of Privilege Vulnerability |
Link |
| 25/07/2023 |
⚠️ |
CVE-2023-39062 |
Cross-Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 |
Link |
| 02/10/2023 |
⚠️ |
CVE-2023-38419 |
Denial of Service of Big-IQ iControl SOAP daemon by an attacker with guest privileges |
Link |
| 02/10/2023 |
⚠️ |
CVE-2023-38138 |
Reflected Cross-site Scripting in BIG-IP Configuration utility |
Link |
| 13/06/2023 |
⚠️ |
CVE-2023-35840 |
elFinder < 2.1.62 - Path Traversal vulnerability in PHP LocalVolumeDriver connector |
Link |
| 20/03/2023 |
⚠️ |
CVE-2023-1478 |
Hummingbird < 3.4.2 - Unauthenticated Path Traversal |
Link |
| 16/03/2023 |
⚠️ |
CVE-2023-28530 |
IBM Cognos Analytics - Stored cross-site scripting caused by improper validation of SVG Files in Custom Visualizations |
Link |
| 18/10/2022 |
⚠️ |
CVE-2022-40746 |
OwnCloud URL spoofing in password reset mail |
Link |
| 16/09/2022 |
⚠️ |
CVE-2022-40746 |
IBM i Access Client Solutions is vulnerable to DLL hijacking when run on a Windows operating system |
Link |
| 25/07/2022 |
⚠️ |
CVE-2022-36433 |
Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 |
Link |
| 25/07/2022 |
⚠️ |
CVE-2022-36432 |
Cross-site Scripting (XSS) in Preview functionality in Amasty Blog Pro for Magento 2 |
Link |
| 11/07/2022 |
⚠️ |
CVE-2022-35501 |
Stored Cross-site Scripting (XSS) in blog-post creation functionality in Amasty Blog Pro for Magento 2 |
Link |
| 11/07/2022 |
⚠️ |
CVE-2022-35500 |
Stored Cross-site Scripting (XSS) in leave comment functionality in Amasty Blog Pro for Magento 2 |
Link |
| 11/07/2022 |
⚠️ |
CVE-2022-35642 |
IBM InfoSphere Information Server is vulnerable to stored cross-site scripting |
Link |
| 12/05/2022 |
⚠️ |
CVE-2022-30615 |
IBM InfoSphere Information Server is vulnerable to cross-site scripting |
Link |
| 28/06/2021 |
⚠️ |
CVE-2021-34254 |
Open Redirection (OurUmbraco) |
Link |
| 16/06/2021 |
⚠️ |
CVE-2021-3584 |
Server-side remote code execution (Foreman) |
Link |
| 08/06/2021 |
⚠️ |
CVE-2021-1675 |
Windows Print Spooler Elevation of Privilege Vulnerability |
Link |
| 07/06/2021 |
⚠️ |
CVE-2021-24378 |
Authenticated Stored XSS (Autoptimize) |
Link |
| 07/06/2021 |
⚠️ |
CVE-2021-24377 |
Race Condition leading to RCE (Autoptimize) |
Link |
| 07/06/2021 |
⚠️ |
CVE-2021-24376 |
Arbitrary File Upload (Autoptimize) |
Link |
| 13/05/2021 |
⚠️ |
CVE-2021-21559 |
Dell EMC NetWorker Security Update for Multiple Vulnerabilities |
Link |
| 13/05/2021 |
⚠️ |
CVE-2021-21558 |
Dell EMC NetWorker Security Update for Multiple Vulnerabilities |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25130 |
SQL Injection (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25131 |
Cross-Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25132 |
SQL Injection (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25133 |
Authenticated Directory Traversal And Local File Inclusion (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25134 |
Authenticated Directory Traversal And Local File Inclusion (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25135 |
Cross-Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25136 |
Authenticated Directory Traversal And Local File Inclusion (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25137 |
Cross Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25138 |
Cross Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25139 |
Cross Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25140 |
Cross Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25141 |
Cross Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25142 |
Cross Site Request Forgery (CSRF) (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25143 |
SQL Injection (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25144 |
Authenticated Directory Traversal And Local File Inclusion (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25145 |
Authenticated Directory Traversal And Local File Inclusion (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25146 |
Cross Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25147 |
SQL Injection (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25148 |
Cross Site Scripting (Observium) |
Link |
| 25/09/2020 |
⚠️ |
CVE-2020-25149 |
Authenticated Directory Traversal And Local File Inclusion (Observium) |
Link |
| 03/09/2020 |
⚠️ |
CVE-2020-25102 |
Cross-Site Scripting (SilverStripe Advanced Reports Module) |
Link |
| 26/08/2020 |
⚠️ |
CVE-2020-5920 |
F5 BIG-IP AFM SQL Injection |
Link |
| 11/08/2020 |
⚠️ |
CVE-2020-1569 |
Microsoft Edge Memory Corruption |
Link |
| 17/07/2020 |
⚠️ |
CVE-2020-15596 |
Touchpad driver DLL Hijacking |
Link |
| 29/05/2020 |
⚠️ |
CVE-2020-13700 |
wp plugin acf-to-rest-api Insecure direct object reference via permalinks manipulation |
Link |
| 25/05/2020 |
⚠️ |
CVE-2020-13484 |
Bitrix CRM unauthenticated server side request forgery |
Link |
| 25/05/2020 |
⚠️ |
CVE-2020-13483 |
Bitrix CRM XSS / WAF bypass |
Link |
| 24/05/2020 |
⚠️ |
CVE-2020-13443 |
ExpressionEngine Remote Command Execution via unrestricted file upload |
Link |
| 21/04/2020 |
⚠️ |
CVE-2020-11976 |
Apache Wicket Directory traversal due to guard protection bypass - read wicket markup file source |
Link |
| 13/01/2020 |
⚠️ |
CVE-2020-6856 |
JOC Cockpit, Jobscheduler, XML External Entity |
Link |
| 13/01/2020 |
⚠️ |
CVE-2020-6855 |
JOC Cockpit, Jobscheduler, Denial of Service |
Link |
| 13/01/2020 |
⚠️ |
CVE-2020-6854 |
JOC Cockpit, Jobscheduler, Multiple Stored Cross Site Scripting |
Link |
| 20/11/2019 |
⚠️ |
CVE-2019-19129 |
Afterlogic WebMail Pro 8.3.11 Remote Stored XSS via an attachment name. |
Link |
| 05/08/2019 |
⚠️ |
CVE-2019-14521 |
Arbitrary File Upload leading to RCE (Energy Logserver) |
Link |
| 17/07/2019 |
⚠️ |
CVE-2020-5907 |
TMOS Shell privilege escalation vulnerability |
Link |
| 26/03/2019 |
⚠️ |
CVE-2019-10070 |
Apache Atlas, Stored Cross Site Scripting |
Link |
|
|
![]() |
|
|