Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,278 matching · page 211/686Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-40593(opens NVD record) | Medium | 6.0 | A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.5, FortiManager 7.0 all versions, FortiManager 6.4 all versions, FortiOS 7.6.0, FortiOS 7.4.4, FortiOS 7.2.7, FortiOS 7.0.14, FortiPortal 6.0 all versions may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell. | Dec 11, 2025 |
| CVE-2025-46266(opens NVD record) | Medium | 4.3 | A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information. | Dec 11, 2025 |
| CVE-2025-44016(opens NVD record) | High | 8.8 | A vulnerability in TeamViewer DEX Client (former 1E client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to bypass file integrity validation via a crafted request. By providing a valid hash for a malicious file, an attacker can cause the service to incorrectly validate and process the file as trusted, enabling arbitrary code execution under the Nomad Branch service context. | Dec 11, 2025 |
| CVE-2025-12687(opens NVD record) | Medium | 6.5 | A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 25.11 for Windows allows malicious actors to cause a denial of service (application crash) via a crafted command, resulting in service termination. | Dec 11, 2025 |
| CVE-2025-14512(opens NVD record) | Medium | 6.5 | A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | Dec 11, 2025 |
| CVE-2025-67716(opens NVD record) | Medium | 5.7 | The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0. | Dec 11, 2025 |
| CVE-2025-67505(opens NVD record) | High | 8.4 | Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1. | Dec 10, 2025 |
| CVE-2025-67490(opens NVD record) | Medium | 5.4 | The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1. | Dec 10, 2025 |
| CVE-2025-66033(opens NVD record) | Medium | 5.3 | Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade performance and availability in long-running applications and may result in a denial-of-service condition under sustained load. In addition to using the affected versions, users may be at risk if they are implementing a long-running application using the ApiClient in a multi-threaded manner. This issue is fixed in version 24.0.1. | Dec 10, 2025 |
| CVE-2025-65828(opens NVD record) | Medium | 6.5 | An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from its user and would require re-configuration to re-enable the device. As a result, the end user would be unable to receive updates from the Meatmeet base station which communicates with the cloud services until the device had been fixed or turned back on. | Dec 10, 2025 |
| CVE-2025-63895(opens NVD record) | High | 7.5 | An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet. | Dec 10, 2025 |
| CVE-2025-34430(opens NVD record) | Medium | 4.3 | 1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a panel-name change request; if a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows a remote attacker to change the victim’s panel name to an arbitrary value without consent. | Dec 10, 2025 |
| CVE-2025-34429(opens NVD record) | High | 7.1 | 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a port-change request; when a victim visits it while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the port on which the 1Panel web service listens, causing loss of access on the original port and resulting in service disruption or denial of service, and may unintentionally expose the service on an attacker-chosen port. | Dec 10, 2025 |
| CVE-2025-65807(opens NVD record) | High | 8.4 | An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command. | Dec 10, 2025 |
| CVE-2025-34410(opens NVD record) | High | 7.1 | 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a username-change request; when a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the victim’s 1Panel username without consent. After the change, the victim is logged out and unable to log in with the previous username, resulting in account lockout and denial of service. | Dec 10, 2025 |
| CVE-2025-34395(opens NVD record) | High | 7.5 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys. | Dec 10, 2025 |
| CVE-2025-34394(opens NVD record) | Critical | 9.8 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution. | Dec 10, 2025 |
| CVE-2025-34393(opens NVD record) | Critical | 9.8 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure reflection. This can result in remote code execution through either invocation of arbitrary methods or deserialization of untrusted types. | Dec 10, 2025 |
| CVE-2025-34392(opens NVD record) | Critical | 9.8 | Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload. | Dec 10, 2025 |
| CVE-2025-14087(opens NVD record) | Medium | 5.6 | A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | Dec 10, 2025 |
| CVE-2025-36437(opens NVD record) | Medium | 4.3 | IBM Planning Analytics Local 2.1.0 - 2.1.15 could disclose sensitive information about server architecture that could aid in further attacks against the system. | Dec 9, 2025 |
| CVE-2025-64899(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Dec 9, 2025 |
| CVE-2025-64787(opens NVD record) | Low | 3.3 | Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass cryptographic protections and gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature. | Dec 9, 2025 |
| CVE-2025-64786(opens NVD record) | Low | 3.3 | Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Improper Verification of Cryptographic Signature vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited unauthorized write access. Exploitation of this issue requires user interaction with a cryptographic signature. | Dec 9, 2025 |
| CVE-2025-64785(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30264, 20.005.30793, 25.001.20982, 24.001.30273, 20.005.30803 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that the user needs to open a malicious file. | Dec 9, 2025 |
| CVE-2025-65882(opens NVD record) | Critical | 9.8 | An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands. | Dec 9, 2025 |
| CVE-2025-11531(opens NVD record) | High | 8.8 | HP System Event Utility and Omen Gaming Hub might allow execution of certain files outside of their restricted paths. This potential vulnerability was remediated with HP System Event Utility version 3.2.12 and Omen Gaming Hub version 1101.2511.101.0. | Dec 9, 2025 |
| CVE-2025-65594(opens NVD record) | High | 8.1 | OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users. | Dec 9, 2025 |
| CVE-2025-64894(opens NVD record) | Medium | 5.5 | DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Dec 9, 2025 |
| CVE-2025-64893(opens NVD record) | High | 7.1 | DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Dec 9, 2025 |
| CVE-2025-64784(opens NVD record) | High | 7.1 | DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Dec 9, 2025 |
| CVE-2025-64783(opens NVD record) | High | 7.8 | DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Dec 9, 2025 |
| CVE-2025-64680(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-64679(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-64678(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | Dec 9, 2025 |
| CVE-2025-64673(opens NVD record) | High | 7.8 | Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-64672(opens NVD record) | High | 8.8 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | Dec 9, 2025 |
| CVE-2025-64671(opens NVD record) | High | 8.4 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-64670(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network. | Dec 9, 2025 |
| CVE-2025-64667(opens NVD record) | Medium | 5.3 | User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Dec 9, 2025 |
| CVE-2025-64666(opens NVD record) | High | 7.5 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | Dec 9, 2025 |
| CVE-2025-64661(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-64658(opens NVD record) | High | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-64471(opens NVD record) | Medium | 4.9 | A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests | Dec 9, 2025 |
| CVE-2025-64447(opens NVD record) | High | 8.1 | A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number. | Dec 9, 2025 |
| CVE-2025-64156(opens NVD record) | High | 7.2 | An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests | Dec 9, 2025 |
| CVE-2025-64153(opens NVD record) | High | 7.2 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.6.0 through 7.6.3, FortiExtender 7.4.0 through 7.4.7, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request. | Dec 9, 2025 |
| CVE-2025-62631(opens NVD record) | Medium | 5.6 | An insufficient session expiration vulnerability [CWE-613] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's password change under particular conditions outside of the attacker's control | Dec 9, 2025 |
| CVE-2025-62573(opens NVD record) | High | 7.0 | Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62572(opens NVD record) | High | 7.8 | Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |