Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,352 matching · page 216/1628Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-58315(opens NVD record) | Medium | 5.5 | Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58314(opens NVD record) | Medium | 6.6 | Vulnerability of accessing invalid memory in the component driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Nov 28, 2025 |
| CVE-2025-58312(opens NVD record) | Medium | 5.1 | Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-58310(opens NVD record) | High | 8.0 | Permission control vulnerability in the distributed component. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-58309(opens NVD record) | Medium | 6.8 | Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | Nov 28, 2025 |
| CVE-2025-58307(opens NVD record) | Medium | 6.4 | UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-58303(opens NVD record) | High | 8.4 | UAF vulnerability in the screen recording framework module. Impact: Successful exploitation of this vulnerability may affect availability. | Nov 28, 2025 |
| CVE-2025-58294(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Nov 28, 2025 |
| CVE-2025-12758(opens NVD record) | High | 7.5 | Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service. | Nov 27, 2025 |
| CVE-2025-65670(opens NVD record) | Medium | 4.3 | An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access. | Nov 26, 2025 |
| CVE-2025-50433(opens NVD record) | Critical | 9.8 | An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts. | Nov 26, 2025 |
| CVE-2025-65676(opens NVD record) | Medium | 5.4 | Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. | Nov 26, 2025 |
| CVE-2025-65675(opens NVD record) | Medium | 5.4 | Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures. | Nov 26, 2025 |
| CVE-2025-65672(opens NVD record) | High | 7.5 | Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings. | Nov 26, 2025 |
| CVE-2025-65669(opens NVD record) | Critical | 9.1 | An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction. | Nov 26, 2025 |
| CVE-2025-13601(opens NVD record) | High | 7.7 | A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. | Nov 26, 2025 |
| CVE-2025-64657(opens NVD record) | Critical | 9.8 | Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network. | Nov 26, 2025 |
| CVE-2025-64656(opens NVD record) | Critical | 9.4 | Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network. | Nov 26, 2025 |
| CVE-2025-63735(opens NVD record) | Medium | 6.1 | A reflected Cross site scripting (XSS) vulnerability in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the the captive-portal endpoint selfguestpass/guestAccessSubmit.jsp. | Nov 25, 2025 |
| CVE-2025-51741(opens NVD record) | High | 7.5 | An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint potentially causing a denial of service to the server or the downstream users. | Nov 25, 2025 |
| CVE-2025-61168(opens NVD record) | Critical | 9.8 | An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file. | Nov 25, 2025 |
| CVE-2025-61167(opens NVD record) | Medium | 6.5 | SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters. | Nov 25, 2025 |
| CVE-2025-33205(opens NVD record) | High | 7.3 | NVIDIA NeMo framework contains a vulnerability in a predefined variable, where an attacker could cause inclusion of functionality from an untrusted control sphere by use of a predefined variable. A successful exploit of this vulnerability may lead to code execution. | Nov 25, 2025 |
| CVE-2025-33204(opens NVD record) | High | 7.8 | NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP and LLM components, where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | Nov 25, 2025 |
| CVE-2025-33200(opens NVD record) | Low | 2.3 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33199(opens NVD record) | Low | 3.2 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause incorrect control flow behavior. A successful exploit of this vulnerability might lead to data tampering. | Nov 25, 2025 |
| CVE-2025-33198(opens NVD record) | Low | 3.3 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33197(opens NVD record) | Medium | 4.3 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a NULL pointer dereference. A successful exploit of this vulnerability might lead to denial of service. | Nov 25, 2025 |
| CVE-2025-33196(opens NVD record) | Medium | 4.4 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause a resource to be reused. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33195(opens NVD record) | Medium | 4.4 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause unexpected memory buffer operations. A successful exploit of this vulnerability might lead to data tampering, denial of service, or escalation of privileges. | Nov 25, 2025 |
| CVE-2025-33194(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper processing of input data. A successful exploit of this vulnerability might lead to information disclosure or denial of service. | Nov 25, 2025 |
| CVE-2025-33193(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause improper validation of integrity. A successful exploit of this vulnerability might lead to information disclosure. | Nov 25, 2025 |
| CVE-2025-33192(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an arbitrary memory read. A successful exploit of this vulnerability might lead to denial of service. | Nov 25, 2025 |
| CVE-2025-33191(opens NVD record) | Medium | 5.7 | NVIDIA DGX Spark GB10 contains a vulnerability in OSROOT firmware, where an attacker could cause an invalid memory read. A successful exploit of this vulnerability might lead to denial of service. | Nov 25, 2025 |
| CVE-2025-33190(opens NVD record) | Medium | 6.7 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or escalation of privileges. | Nov 25, 2025 |
| CVE-2025-33189(opens NVD record) | High | 7.8 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT firmware, where an attacker could cause an out-of-bound write. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, information disclosure, or escalation of privileges. | Nov 25, 2025 |
| CVE-2025-33188(opens NVD record) | High | 8.0 | NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service. | Nov 25, 2025 |
| CVE-2025-33187(opens NVD record) | Critical | 9.3 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges. | Nov 25, 2025 |
| CVE-2025-36134(opens NVD record) | Low | 3.7 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. | Nov 25, 2025 |
| CVE-2025-63674(opens NVD record) | Medium | 6.8 | An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.2926 allows local physical attackers to execute arbitrary code via overriding the bootloader on the SD card. | Nov 24, 2025 |
| CVE-2024-47856(opens NVD record) | Critical | 9.8 | In RSA Authentication Agent before 7.4.7, service paths and shortcut paths may be vulnerable to path interception if the path has one or more spaces and is not surrounded by quotation marks. An adversary can place an executable in a higher-level directory of the path, and Windows will resolve that executable instead of the intended executable. | Nov 24, 2025 |
| CVE-2025-36150(opens NVD record) | Medium | 5.9 | IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | Nov 24, 2025 |
| CVE-2025-64048(opens NVD record) | Medium | 6.1 | YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field. | Nov 24, 2025 |
| CVE-2025-64047(opens NVD record) | Medium | 6.1 | OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php. | Nov 24, 2025 |
| CVE-2025-56400(opens NVD record) | High | 8.8 | Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa account to a victim's Tuya account. The applications fail to validate the OAuth state parameter during the account linking flow, enabling a cross-site request forgery (CSRF)-like attack. By tricking the victim into clicking a crafted authorization link, an attacker can complete the OAuth flow on the victim's behalf, resulting in unauthorized Alexa access to the victim's Tuya-connected devices. This affects users regardless of prior Alexa linkage and does not require the Tuya application to be active at the time. Successful exploitation may allow remote control of devices such as cameras, doorbells, door locks, or alarms. | Nov 24, 2025 |
| CVE-2025-36112(opens NVD record) | Medium | 5.3 | IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.5 and 6.2.1.1 could reveal sensitive server IP configuration information to an unauthorized user. | Nov 24, 2025 |
| CVE-2025-56401(opens NVD record) | High | 7.6 | ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName. | Nov 24, 2025 |
| CVE-2025-36149(opens NVD record) | Medium | 6.3 | IBM Concert Software 1.0.0 through 2.0.0 could allow a remote attacker to hijack the clicking action of the victim. | Nov 21, 2025 |
| CVE-2025-64695(opens NVD record) | High | 7.8 | Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). If exploited, arbitrary code may be executed with the privilege of the user invoking the installer. | Nov 21, 2025 |
| CVE-2025-64299(opens NVD record) | Low | 2.7 | LogStare Collector improperly handles the password hash data. An administrative user may obtain the other users' password hashes. | Nov 21, 2025 |