Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,278 matching · page 235/686Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-58291(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | Oct 11, 2025 |
| CVE-2025-58290(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | Oct 11, 2025 |
| CVE-2025-58288(opens NVD record) | Medium | 5.5 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | Oct 11, 2025 |
| CVE-2025-58287(opens NVD record) | High | 7.8 | Use After Free (UAF) vulnerability in the office service. Successful exploitation of this vulnerability may affect service confidentiality. | Oct 11, 2025 |
| CVE-2025-58286(opens NVD record) | Low | 3.3 | Denial of service (DoS) vulnerability in the office service. Successful exploitation of this vulnerability may affect availability. | Oct 11, 2025 |
| CVE-2025-58285(opens NVD record) | Medium | 5.3 | Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality. | Oct 11, 2025 |
| CVE-2025-58284(opens NVD record) | Medium | 5.9 | Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality. | Oct 11, 2025 |
| CVE-2025-58283(opens NVD record) | Medium | 5.5 | Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality. | Oct 11, 2025 |
| CVE-2025-58282(opens NVD record) | Low | 2.8 | Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality. | Oct 11, 2025 |
| CVE-2025-58278(opens NVD record) | Medium | 6.2 | Identity authentication bypass vulnerability in the Gallery app. Successful exploitation of this vulnerability may affect service confidentiality. | Oct 11, 2025 |
| CVE-2025-58277(opens NVD record) | Medium | 4.0 | Permission verification bypass vulnerability in the Camera app. Successful exploitation of this vulnerability may affect service confidentiality. | Oct 11, 2025 |
| CVE-2025-54654(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality | Oct 11, 2025 |
| CVE-2025-60838(opens NVD record) | Medium | 6.5 | An arbitrary file upload vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary code via uploading a crafted file. | Oct 10, 2025 |
| CVE-2025-60308(opens NVD record) | Medium | 4.1 | code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting (XSS) vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing this room information | Oct 10, 2025 |
| CVE-2025-60306(opens NVD record) | Critical | 9.9 | code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations. | Oct 10, 2025 |
| CVE-2025-60307(opens NVD record) | Critical | 9.8 | code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts. | Oct 10, 2025 |
| CVE-2025-60305(opens NVD record) | High | 8.8 | SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations. | Oct 10, 2025 |
| CVE-2025-60378(opens NVD record) | High | 8.1 | Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business email compromise. Automated recurring invoices and messaging amplify the risk by distributing malicious content to multiple recipients. | Oct 10, 2025 |
| CVE-2025-59286(opens NVD record) | Critical | 9.3 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | Oct 9, 2025 |
| CVE-2025-59272(opens NVD record) | Critical | 9.3 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally. | Oct 9, 2025 |
| CVE-2025-59271(opens NVD record) | High | 8.7 | Redis Enterprise Elevation of Privilege Vulnerability | Oct 9, 2025 |
| CVE-2025-59252(opens NVD record) | Critical | 9.3 | Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | Oct 9, 2025 |
| CVE-2025-59247(opens NVD record) | High | 8.8 | Azure PlayFab Elevation of Privilege Vulnerability | Oct 9, 2025 |
| CVE-2025-59246(opens NVD record) | Critical | 9.8 | Azure Entra ID Elevation of Privilege Vulnerability | Oct 9, 2025 |
| CVE-2025-59218(opens NVD record) | Critical | 9.6 | Azure Entra ID Elevation of Privilege Vulnerability | Oct 9, 2025 |
| CVE-2025-55321(opens NVD record) | Critical | 9.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an unauthorized attacker to perform spoofing over a network. | Oct 9, 2025 |
| CVE-2025-4615(opens NVD record) | High | 7.2 | An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | Oct 9, 2025 |
| CVE-2025-4614(opens NVD record) | Low | 2.7 | An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators. Cloud NGFW and Prisma® Access are not affected by this vulnerability. | Oct 9, 2025 |
| CVE-2025-60304(opens NVD record) | Medium | 6.1 | code-projects Simple Scheduling System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Subject Description field. | Oct 9, 2025 |
| CVE-2025-60010(opens NVD record) | Medium | 5.4 | A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the password as their password was expired. Therefore the policy mandating the password change is not enforced. This does not allow users to login with a wrong password, but only with the correct but expired one. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S4-EVO, * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO. | Oct 9, 2025 |
| CVE-2025-60009(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlet page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-60006(opens NVD record) | Medium | 5.3 | Multiple instances of an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker executes crafted CLI commands, the options are processed via a script in some cases. These scripts are not hardened so injected commands might be executed via the shell, which allows an attacker to perform operations, which they should not be able to do according to their assigned permissions. This issue affects Junos OS Evolved: * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO. This issue does not affect Junos OS Evolved versions earlier than 24.2R1-EVO. | Oct 9, 2025 |
| CVE-2025-60004(opens NVD record) | High | 7.5 | An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart. A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur. This issue affects iBGP and eBGP, over IPv4 and IPv6. This issue affects: Junos OS: * 23.4 versions from 23.4R2-S3 before 23.4R2-S5, * 24.2 versions from 24.2R2 before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * 23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO, * 24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO. | Oct 9, 2025 |
| CVE-2025-60002(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-60001(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-60000(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59999(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59998(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59997(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59996(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59995(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59994(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59993(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59992(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Secure Console page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59991(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59990(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the template creation pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59989(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Discovery page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59988(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59987(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |
| CVE-2025-59986(opens NVD record) | Medium | 6.1 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4. | Oct 9, 2025 |