Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,278 matching · page 213/686Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-54838(opens NVD record) | Medium | 6.8 | An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. | Dec 9, 2025 |
| CVE-2025-54353(opens NVD record) | Medium | 5.4 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests. | Dec 9, 2025 |
| CVE-2025-54100(opens NVD record) | High | 7.8 | Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-53949(opens NVD record) | High | 7.2 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. | Dec 9, 2025 |
| CVE-2025-53679(opens NVD record) | High | 7.2 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | Dec 9, 2025 |
| CVE-2025-46637(opens NVD record) | High | 7.3 | Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this vulnerability, leading to Elevation of privileges. | Dec 9, 2025 |
| CVE-2025-46636(opens NVD record) | Medium | 6.6 | Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | Dec 9, 2025 |
| CVE-2024-47570(opens NVD record) | Medium | 6.6 | An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0 all versions; FortiProxy 7.4.0 through 7.4.3, 7.2.0 through 7.2.11; FortiPAM 1.4 all versions, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiSRA 1.4 all versions may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration). | Dec 9, 2025 |
| CVE-2025-56704(opens NVD record) | High | 8.8 | LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code. | Dec 9, 2025 |
| CVE-2025-66568(opens NVD record) | Critical | 9.1 | The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrapping attack. When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. ruby-saml then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded. This issue is fixed in version 1.18.0. | Dec 9, 2025 |
| CVE-2025-66567(opens NVD record) | Critical | 9.1 | The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different document structures from the same input. This allows an attacker to execute a Signature Wrapping attack. This issue is fixed in version 1.18.0. | Dec 9, 2025 |
| CVE-2025-13662(opens NVD record) | High | 7.8 | Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. | Dec 9, 2025 |
| CVE-2025-13661(opens NVD record) | High | 7.1 | Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. | Dec 9, 2025 |
| CVE-2025-13659(opens NVD record) | High | 8.8 | Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. | Dec 9, 2025 |
| CVE-2025-10573(opens NVD record) | Critical | 9.6 | Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. | Dec 9, 2025 |
| CVE-2024-56464(opens NVD record) | Low | 2.7 | IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update. | Dec 9, 2025 |
| CVE-2025-36140(opens NVD record) | Medium | 6.5 | IBM watsonx.data 2.2 through 2.2.1 could allow an authenticated user to cause a denial of service through ingestion pods due to improper allocation of resources without limits. | Dec 8, 2025 |
| CVE-2025-64650(opens NVD record) | Medium | 6.5 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.18 could disclose sensitive user credentials in log files. | Dec 8, 2025 |
| CVE-2025-36102(opens NVD record) | Low | 2.7 | IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow a privileged user to bypass validation, passing user input into the application as trusted data, due to client-side enforcement of server-side security. | Dec 8, 2025 |
| CVE-2025-36017(opens NVD record) | Medium | 6.5 | IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user. | Dec 8, 2025 |
| CVE-2025-36015(opens NVD record) | Medium | 6.5 | IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 could allow an authenticated user to cause a denial of service due to improper validation of a specified quantity size input. | Dec 8, 2025 |
| CVE-2025-33111(opens NVD record) | Medium | 4.3 | IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 is vulnerable to creation of temporary files without atomic operations which may expose sensitive information to an authenticated user due to race condition attacks. | Dec 8, 2025 |
| CVE-2025-12832(opens NVD record) | Medium | 4.6 | IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | Dec 8, 2025 |
| CVE-2025-12635(opens NVD record) | Medium | 5.4 | IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by cross-site scripting due to improper validation of user-supplied input. An attacker could exploit this vulnerability by using a specially crafted URL to redirect the user to a malicious site. | Dec 8, 2025 |
| CVE-2025-65799(opens NVD record) | Medium | 4.3 | A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal. | Dec 8, 2025 |
| CVE-2025-65797(opens NVD record) | Medium | 6.5 | Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS). | Dec 8, 2025 |
| CVE-2025-65795(opens NVD record) | High | 7.5 | Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request. | Dec 8, 2025 |
| CVE-2025-65363(opens NVD record) | High | 7.2 | Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint. | Dec 8, 2025 |
| CVE-2025-65798(opens NVD record) | Medium | 5.4 | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users. | Dec 8, 2025 |
| CVE-2025-65796(opens NVD record) | Medium | 4.3 | Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos. | Dec 8, 2025 |
| CVE-2025-27020(opens NVD record) | Critical | 9.8 | Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-27019(opens NVD record) | Critical | 9.8 | Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-66334(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66333(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66332(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66331(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66330(opens NVD record) | Medium | 4.9 | App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-66329(opens NVD record) | Medium | 4.0 | Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66328(opens NVD record) | High | 8.4 | Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66327(opens NVD record) | High | 7.1 | Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-66325(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-58279(opens NVD record) | Medium | 4.4 | Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Dec 8, 2025 |
| CVE-2025-26489(opens NVD record) | Medium | 6.5 | Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-26488(opens NVD record) | High | 7.5 | Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a reboot of the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0. | Dec 8, 2025 |
| CVE-2025-26487(opens NVD record) | High | 8.6 | Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows remote unauthenticated users to gain access to other network resources using HTTPS requests through the appliance used as a bridge. | Dec 8, 2025 |
| CVE-2025-66326(opens NVD record) | Medium | 6.7 | Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66324(opens NVD record) | High | 8.4 | Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. | Dec 8, 2025 |
| CVE-2025-66323(opens NVD record) | Medium | 5.3 | Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66322(opens NVD record) | Medium | 5.1 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |
| CVE-2025-66321(opens NVD record) | Medium | 5.1 | Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Dec 8, 2025 |