Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,352 matching · page 215/1628Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-13640(opens NVD record) | Low | 3.5 | Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low) | Dec 2, 2025 |
| CVE-2025-13639(opens NVD record) | High | 8.1 | Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | Dec 2, 2025 |
| CVE-2025-13638(opens NVD record) | High | 8.8 | Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | Dec 2, 2025 |
| CVE-2025-13637(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low) | Dec 2, 2025 |
| CVE-2025-13636(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low) | Dec 2, 2025 |
| CVE-2025-13635(opens NVD record) | Medium | 4.4 | Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Dec 2, 2025 |
| CVE-2025-13634(opens NVD record) | Medium | 4.4 | Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium) | Dec 2, 2025 |
| CVE-2025-13633(opens NVD record) | High | 8.8 | Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Dec 2, 2025 |
| CVE-2025-13632(opens NVD record) | Medium | 5.4 | Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High) | Dec 2, 2025 |
| CVE-2025-13631(opens NVD record) | High | 8.8 | Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High) | Dec 2, 2025 |
| CVE-2025-13630(opens NVD record) | High | 8.8 | Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Dec 2, 2025 |
| CVE-2025-59704(opens NVD record) | Medium | 4.6 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password. | Dec 2, 2025 |
| CVE-2025-59703(opens NVD record) | Critical | 9.1 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack. | Dec 2, 2025 |
| CVE-2025-59705(opens NVD record) | Medium | 6.8 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01. | Dec 2, 2025 |
| CVE-2025-59702(opens NVD record) | High | 7.2 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components. | Dec 2, 2025 |
| CVE-2025-59701(opens NVD record) | Medium | 4.1 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted). | Dec 2, 2025 |
| CVE-2025-59700(opens NVD record) | Low | 3.9 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection). | Dec 2, 2025 |
| CVE-2025-59699(opens NVD record) | Medium | 6.8 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader. | Dec 2, 2025 |
| CVE-2025-59698(opens NVD record) | Medium | 6.8 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader. | Dec 2, 2025 |
| CVE-2025-59697(opens NVD record) | High | 7.2 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06. | Dec 2, 2025 |
| CVE-2025-59696(opens NVD record) | Low | 3.2 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board. | Dec 2, 2025 |
| CVE-2025-59695(opens NVD record) | Critical | 9.8 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04. | Dec 2, 2025 |
| CVE-2025-59694(opens NVD record) | Medium | 6.8 | The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03. | Dec 2, 2025 |
| CVE-2025-59693(opens NVD record) | Critical | 9.8 | The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02. | Dec 2, 2025 |
| CVE-2024-45675(opens NVD record) | High | 8.4 | IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password. | Dec 2, 2025 |
| CVE-2025-65622(opens NVD record) | Medium | 5.4 | Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session. | Dec 1, 2025 |
| CVE-2025-65621(opens NVD record) | Medium | 5.4 | Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation. | Dec 1, 2025 |
| CVE-2025-51683(opens NVD record) | Critical | 9.8 | A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Server endpoint . | Dec 1, 2025 |
| CVE-2025-51682(opens NVD record) | Critical | 9.8 | mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly. | Dec 1, 2025 |
| CVE-2025-63365(opens NVD record) | High | 7.1 | SoftSea EPUB File Reader 1.0.0.0 is vulnerable to Directory Traversal. The vulnerability resides in the EPUB file processing component, specifically in the functionality responsible for extracting and handling EPUB archive contents. | Dec 1, 2025 |
| CVE-2025-34297(opens NVD record) | Medium | — | KissFFT versions prior to the fix commit 1b083165 contain an integer overflow in kiss_fft_alloc() in kiss_fft.c on platforms where size_t is 32-bit. The nfft parameter is not validated before being used in a size calculation (sizeof(kiss_fft_cpx) * (nfft - 1)), which can wrap to a small value when nfft is large. As a result, malloc() allocates an undersized buffer and the subsequent twiddle-factor initialization loop writes nfft elements, causing a heap buffer overflow. This vulnerability only affects 32-bit architectures. | Dec 1, 2025 |
| CVE-2025-61229(opens NVD record) | High | 7.8 | An issue in Shirt Pocket's SuperDuper! 3.10 and earlier allow a local attacker to modify the default task template to execute an arbitrary preflight script with root privileges and Full Disk Access, thus bypassing macOS privacy controls. | Dec 1, 2025 |
| CVE-2025-61228(opens NVD record) | High | 7.8 | An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism | Dec 1, 2025 |
| CVE-2025-57489(opens NVD record) | High | 8.1 | Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary. | Dec 1, 2025 |
| CVE-2025-3500(opens NVD record) | Critical | 9.0 | Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3. | Dec 1, 2025 |
| CVE-2025-49643(opens NVD record) | Medium | 6.5 | An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service. | Dec 1, 2025 |
| CVE-2025-27232(opens NVD record) | Medium | 4.9 | An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss. | Dec 1, 2025 |
| CVE-2025-12106(opens NVD record) | Critical | 9.1 | Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses | Dec 1, 2025 |
| CVE-2025-66221(opens NVD record) | Medium | 5.3 | Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4. | Nov 29, 2025 |
| CVE-2025-64312(opens NVD record) | Medium | 4.9 | Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58311(opens NVD record) | Medium | 5.8 | UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Nov 28, 2025 |
| CVE-2025-58308(opens NVD record) | High | 7.3 | Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Nov 28, 2025 |
| CVE-2025-58305(opens NVD record) | Medium | 6.2 | Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58304(opens NVD record) | Medium | 4.9 | Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58302(opens NVD record) | High | 8.4 | Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-64315(opens NVD record) | Medium | 4.4 | Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity. | Nov 28, 2025 |
| CVE-2025-64314(opens NVD record) | Critical | 9.3 | Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may affect confidentiality. | Nov 28, 2025 |
| CVE-2025-64313(opens NVD record) | Medium | 5.3 | Denial of service (DoS) vulnerability in the office service. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-64311(opens NVD record) | Medium | 5.1 | Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58316(opens NVD record) | High | 7.3 | DoS vulnerability in the video-related system service module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |