Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,278 matching · page 241/686Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-43888(opens NVD record) | High | 8.8 | Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | Sep 10, 2025 |
| CVE-2025-43887(opens NVD record) | High | 7.0 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | Sep 10, 2025 |
| CVE-2025-43886(opens NVD record) | Medium | 4.4 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | Sep 10, 2025 |
| CVE-2025-43885(opens NVD record) | High | 7.8 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | Sep 10, 2025 |
| CVE-2025-43884(opens NVD record) | High | 8.2 | Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | Sep 10, 2025 |
| CVE-2025-43725(opens NVD record) | High | 7.8 | Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | Sep 10, 2025 |
| CVE-2025-10227(opens NVD record) | Medium | 4.6 | Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One (C-Werk) before 2.0.8 on Windows and Linux allows a local attacker with access to exported storage or stolen physical drives to extract sensitive archive data in plaintext via lack of encryption at rest. | Sep 10, 2025 |
| CVE-2025-10226(opens NVD record) | Critical | 9.8 | Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. | Sep 10, 2025 |
| CVE-2025-10221(opens NVD record) | Medium | 5.5 | Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet / C-WerkNet 2.0.4 and earlier on Windows platforms allows a local attacker to obtain plaintext credentials via reading TRACE log files containing serialized JSON with passwords. | Sep 10, 2025 |
| CVE-2025-54241(opens NVD record) | Medium | 5.5 | After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 9, 2025 |
| CVE-2025-54240(opens NVD record) | Medium | 5.5 | After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 9, 2025 |
| CVE-2025-54239(opens NVD record) | Medium | 5.5 | After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 9, 2025 |
| CVE-2025-43491(opens NVD record) | Critical | 9.8 | A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted. | Sep 9, 2025 |
| CVE-2025-34178(opens NVD record) | Medium | 5.4 | In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions. | Sep 9, 2025 |
| CVE-2025-34177(opens NVD record) | Medium | 5.4 | In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions. | Sep 9, 2025 |
| CVE-2025-34176(opens NVD record) | Medium | 4.3 | In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions. | Sep 9, 2025 |
| CVE-2025-23344(opens NVD record) | High | 7.3 | The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure and data tampering. | Sep 9, 2025 |
| CVE-2025-23343(opens NVD record) | High | 7.6 | The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of this vulnerability may lead to information disclosure, denial of service, and data tampering. | Sep 9, 2025 |
| CVE-2025-23342(opens NVD record) | High | 8.2 | The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure and data tampering. | Sep 9, 2025 |
| CVE-2025-54257(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged. | Sep 9, 2025 |
| CVE-2025-54255(opens NVD record) | Medium | 4.0 | Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged. | Sep 9, 2025 |
| CVE-2025-36125(opens NVD record) | Medium | 6.4 | IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Sep 9, 2025 |
| CVE-2025-36011(opens NVD record) | Medium | 4.3 | IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | Sep 9, 2025 |
| CVE-2025-34175(opens NVD record) | Medium | 6.1 | In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is authenticated. | Sep 9, 2025 |
| CVE-2025-34173(opens NVD record) | Medium | 4.3 | In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents of the file cannot be read, the server reveals whether a file exists, which allows an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: Snort package" permissions. | Sep 9, 2025 |
| CVE-2025-34172(opens NVD record) | Medium | 6.1 | In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is authenticated. | Sep 9, 2025 |
| CVE-2025-54256(opens NVD record) | High | 8.6 | Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must click on a malicious link, and scope is changed. | Sep 9, 2025 |
| CVE-2025-54242(opens NVD record) | High | 7.8 | Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file, and scope is unchanged. | Sep 9, 2025 |
| CVE-2025-10199(opens NVD record) | High | 7.8 | A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. | Sep 9, 2025 |
| CVE-2025-10198(opens NVD record) | High | 7.8 | Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories. | Sep 9, 2025 |
| CVE-2025-55317(opens NVD record) | High | 7.8 | Improper link resolution before file access ('link following') in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | Sep 9, 2025 |
| CVE-2025-55316(opens NVD record) | High | 7.8 | External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. | Sep 9, 2025 |
| CVE-2025-55245(opens NVD record) | High | 7.8 | Improper link resolution before file access ('link following') in Xbox allows an authorized attacker to elevate privileges locally. | Sep 9, 2025 |
| CVE-2025-55243(opens NVD record) | High | 7.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Office Plus allows an unauthorized attacker to perform spoofing over a network. | Sep 9, 2025 |
| CVE-2025-55236(opens NVD record) | High | 7.3 | Time-of-check time-of-use (toctou) race condition in Graphics Kernel allows an authorized attacker to execute code locally. | Sep 9, 2025 |
| CVE-2025-55234(opens NVD record) | High | 8.8 | SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. | Sep 9, 2025 |
| CVE-2025-55232(opens NVD record) | Critical | 9.8 | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network. | Sep 9, 2025 |
| CVE-2025-55228(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | Sep 9, 2025 |
| CVE-2025-55227(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | Sep 9, 2025 |
| CVE-2025-55226(opens NVD record) | Medium | 6.7 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally. | Sep 9, 2025 |
| CVE-2025-55225(opens NVD record) | Medium | 6.5 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | Sep 9, 2025 |
| CVE-2025-55224(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | Sep 9, 2025 |
| CVE-2025-55223(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | Sep 9, 2025 |
| CVE-2025-54919(opens NVD record) | High | 7.5 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | Sep 9, 2025 |
| CVE-2025-54918(opens NVD record) | High | 8.8 | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | Sep 9, 2025 |
| CVE-2025-54917(opens NVD record) | Medium | 4.3 | Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | Sep 9, 2025 |
| CVE-2025-54916(opens NVD record) | High | 7.8 | Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally. | Sep 9, 2025 |
| CVE-2025-54915(opens NVD record) | Medium | 6.7 | Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally. | Sep 9, 2025 |
| CVE-2025-54913(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows UI XAML Maps MapControlSettings allows an authorized attacker to elevate privileges locally. | Sep 9, 2025 |
| CVE-2025-54912(opens NVD record) | High | 7.8 | Use after free in Windows BitLocker allows an authorized attacker to elevate privileges locally. | Sep 9, 2025 |