Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
78,346 matching · page 160/1567Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-57489(opens NVD record) | High | 8.1 | Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary. | Dec 1, 2025 |
| CVE-2025-3500(opens NVD record) | Critical | 9.0 | Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3. | Dec 1, 2025 |
| CVE-2025-49643(opens NVD record) | Medium | 6.5 | An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. | Dec 1, 2025 |
| CVE-2025-27232(opens NVD record) | Medium | 4.9 | An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss. | Dec 1, 2025 |
| CVE-2025-12106(opens NVD record) | Critical | 9.1 | Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses | Dec 1, 2025 |
| CVE-2025-66221(opens NVD record) | Medium | 5.3 | Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4. | Nov 29, 2025 |
| CVE-2025-64312(opens NVD record) | Medium | 4.9 | Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58311(opens NVD record) | Medium | 5.8 | UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Nov 28, 2025 |
| CVE-2025-58308(opens NVD record) | High | 7.3 | Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Nov 28, 2025 |
| CVE-2025-58305(opens NVD record) | Medium | 6.2 | Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58304(opens NVD record) | Medium | 4.9 | Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58302(opens NVD record) | High | 8.4 | Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-64315(opens NVD record) | Medium | 4.4 | Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. | Nov 28, 2025 |
| CVE-2025-64314(opens NVD record) | Critical | 9.3 | Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality. | Nov 28, 2025 |
| CVE-2025-64313(opens NVD record) | Medium | 5.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-64311(opens NVD record) | Medium | 5.1 | Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58316(opens NVD record) | High | 7.3 | DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-58315(opens NVD record) | Medium | 5.5 | Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58314(opens NVD record) | Medium | 6.6 | Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Nov 28, 2025 |
| CVE-2025-58312(opens NVD record) | Medium | 5.1 | Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-58310(opens NVD record) | High | 8.0 | Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58309(opens NVD record) | Medium | 6.8 | Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Nov 28, 2025 |
| CVE-2025-58307(opens NVD record) | Medium | 6.4 | UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-58303(opens NVD record) | High | 8.4 | UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-58294(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-65670(opens NVD record) | Medium | 4.3 | An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access. | Nov 26, 2025 |
| CVE-2025-50433(opens NVD record) | Critical | 9.8 | An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts. | Nov 26, 2025 |
| CVE-2025-65676(opens NVD record) | Medium | 5.4 | Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. | Nov 26, 2025 |
| CVE-2025-65675(opens NVD record) | Medium | 5.4 | Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures. | Nov 26, 2025 |
| CVE-2025-65672(opens NVD record) | High | 7.5 | Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings. | Nov 26, 2025 |
| CVE-2025-65669(opens NVD record) | Critical | 9.1 | An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. | Nov 26, 2025 |
| CVE-2025-13601(opens NVD record) | High | 7.7 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. | Nov 26, 2025 |
| CVE-2025-64657(opens NVD record) | Critical | 9.8 | Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. | Nov 26, 2025 |
| CVE-2025-64656(opens NVD record) | Critical | 9.4 | Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | Nov 26, 2025 |
| CVE-2025-63735(opens NVD record) | Medium | 6.1 | A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp. | Nov 25, 2025 |
| CVE-2025-51741(opens NVD record) | High | 7.5 | An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users. | Nov 25, 2025 |
| CVE-2025-61168(opens NVD record) | Critical | 9.8 | An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. | Nov 25, 2025 |
| CVE-2025-61167(opens NVD record) | Medium | 6.5 | SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters. | Nov 25, 2025 |
| CVE-2025-33205(opens NVD record) | High | 7.3 | NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution. | Nov 25, 2025 |
| CVE-2025-33204(opens NVD record) | High | 7.8 | NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | Nov 25, 2025 |
| CVE-2025-33200(opens NVD record) | Low | 2.3 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33199(opens NVD record) | Low | 3.2 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering. | Nov 25, 2025 |
| CVE-2025-33198(opens NVD record) | Low | 3.3 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33197(opens NVD record) | Medium | 4.3 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service. | Nov 25, 2025 |
| CVE-2025-33196(opens NVD record) | Medium | 4.4 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33195(opens NVD record) | Medium | 4.4 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges. | Nov 25, 2025 |
| CVE-2025-33194(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service. | Nov 25, 2025 |
| CVE-2025-33193(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33192(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. | Nov 25, 2025 |
| CVE-2025-33191(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service. | Nov 25, 2025 |