Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
31,416 matching · page 158/629Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-65796(opens NVD record) | Medium | 4.3 | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos. | Dec 8, 2025 |
| CVE-2025-27020(opens NVD record) | Critical | 9.8 | Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-27019(opens NVD record) | Critical | 9.8 | Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-66334(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66333(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66332(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66331(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66330(opens NVD record) | Medium | 4.9 | App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-66329(opens NVD record) | Medium | 4.0 | Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66328(opens NVD record) | High | 8.4 | Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66327(opens NVD record) | High | 7.1 | Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-66325(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-58279(opens NVD record) | Medium | 4.4 | Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-26489(opens NVD record) | Medium | 6.5 | Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-26488(opens NVD record) | High | 7.5 | Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-26487(opens NVD record) | High | 8.6 | Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge. | Dec 8, 2025 |
| CVE-2025-66326(opens NVD record) | Medium | 6.7 | Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66324(opens NVD record) | High | 8.4 | Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. | Dec 8, 2025 |
| CVE-2025-66323(opens NVD record) | Medium | 5.3 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66322(opens NVD record) | Medium | 5.1 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66321(opens NVD record) | Medium | 5.1 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66320(opens NVD record) | Medium | 5.1 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66644(opens NVD record) | High | 7.2 | Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. | Dec 5, 2025 |
| CVE-2025-46603(opens NVD record) | High | 7.0 | Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of Excessive Authentication Attempts vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access. | Dec 5, 2025 |
| CVE-2025-64056(opens NVD record) | Medium | 4.3 | File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem. | Dec 5, 2025 |
| CVE-2025-64054(opens NVD record) | Critical | 9.6 | A reflected Cross Site Scripting (XSS) vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint. | Dec 5, 2025 |
| CVE-2025-64053(opens NVD record) | High | 7.5 | A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint. | Dec 5, 2025 |
| CVE-2025-64052(opens NVD record) | Medium | 5.1 | An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands. | Dec 5, 2025 |
| CVE-2025-64057(opens NVD record) | High | 8.3 | Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts. | Dec 5, 2025 |
| CVE-2025-62223(opens NVD record) | Medium | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | Dec 5, 2025 |
| CVE-2025-6946(opens NVD record) | Medium | 4.8 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from 12.0 through 12.11.2. | Dec 4, 2025 |
| CVE-2025-1547(opens NVD record) | High | 7.2 | A stack-based buffer overflow vulnerability [CWE-121] in WatchGuard Fireware OS's certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This issue affects Fireware OS: from 12.0 through 12.5.12+701324, from 12.6 through 12.11.2. | Dec 4, 2025 |
| CVE-2025-1545(opens NVD record) | High | 7.5 | An XPath Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from the Firebox configuration through an exposed authentication or management web interface. This vulnerability only affects Firebox systems that have at least one authentication hotspot configured.This issue affects Fireware OS 11.11 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-13940(opens NVD record) | Medium | 5.5 | An Expected Behavior Violation [CWE-440] vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the Fireware Web UI will correctly show a failed system integrity check message in the event of a failure.This issue affects Fireware OS: from 12.8.1 through 12.11.4, from 2025.1 through 2025.1.2. | Dec 4, 2025 |
| CVE-2025-13939(opens NVD record) | Medium | 6.1 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Gateway Wireless Controller module) allows Stored XSS.This issue affects Fireware OS 11.7.2 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-13938(opens NVD record) | Medium | 6.1 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-13937(opens NVD record) | Medium | 6.1 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (ConnectWise Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-13936(opens NVD record) | Medium | 6.1 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Tigerpaw Technology Integration module) allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-12196(opens NVD record) | High | 7.2 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-12195(opens NVD record) | High | 7.2 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-12026(opens NVD record) | High | 7.2 | An Out-of-bounds Write vulnerability in WatchGuard Fireware OS’s certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-11838(opens NVD record) | High | 7.5 | A memory corruption vulnerability in WatchGuard Fireware OS may allow an unauthenticated attacker to trigger a Denial of Service (DoS) condition in the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer. This vulnerability affects Fireware OS 12.6.1 up to and including 12.11.4 and 2025.1 up to and including 2025.1.2. | Dec 4, 2025 |
| CVE-2025-63896(opens NVD record) | High | 7.6 | An issue in the Bluetooth Human Interface Device (HID) of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to inject arbitrary keystrokes via a spoofed Bluetooth HID device. | Dec 4, 2025 |
| CVE-2025-29269(opens NVD record) | Critical | 9.8 | ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint. | Dec 4, 2025 |
| CVE-2025-29268(opens NVD record) | Critical | 9.8 | ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library. | Dec 4, 2025 |
| CVE-2025-65945(opens NVD record) | High | 7.5 | auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1. | Dec 4, 2025 |
| CVE-2025-14010(opens NVD record) | Medium | 5.5 | A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and potentially compromise Keycloak accounts or administrative access. | Dec 4, 2025 |
| CVE-2025-64055(opens NVD record) | Critical | 9.8 | An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass. | Dec 3, 2025 |
| CVE-2025-13086(opens NVD record) | High | 7.5 | Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client | Dec 3, 2025 |
| CVE-2025-63402(opens NVD record) | Medium | 5.5 | An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests | Dec 3, 2025 |