Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
18,100 matching · page 252/362Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-51452(opens NVD record) | Critical | 9.8 | In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | Aug 13, 2025 |
| CVE-2025-54809(opens NVD record) | High | 7.4 | F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Aug 13, 2025 |
| CVE-2025-54500(opens NVD record) | Medium | 5.3 | An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Aug 13, 2025 |
| CVE-2025-53859(opens NVD record) | Low | 3.7 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Aug 13, 2025 |
| CVE-2025-52585(opens NVD record) | High | 7.5 | When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Aug 13, 2025 |
| CVE-2025-48500(opens NVD record) | High | 7.3 | A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Aug 13, 2025 |
| CVE-2025-46405(opens NVD record) | High | 7.5 | When Network Access is configured on a BIG-IP APM virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | Aug 13, 2025 |
| CVE-2025-8901(opens NVD record) | High | 8.8 | Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | Aug 13, 2025 |
| CVE-2025-8882(opens NVD record) | High | 8.8 | Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Aug 13, 2025 |
| CVE-2025-8881(opens NVD record) | Medium | 6.5 | Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Aug 13, 2025 |
| CVE-2025-8880(opens NVD record) | High | 8.8 | Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Aug 13, 2025 |
| CVE-2025-8879(opens NVD record) | High | 8.8 | Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) | Aug 13, 2025 |
| CVE-2025-54238(opens NVD record) | Medium | 5.5 | Dimension versions 4.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54233(opens NVD record) | Medium | 5.5 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54232(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54231(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54230(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54229(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54222(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54228(opens NVD record) | Medium | 5.5 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54227(opens NVD record) | Medium | 5.5 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54226(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54225(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54224(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54223(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54221(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54220(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54219(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54218(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54217(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54216(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54215(opens NVD record) | High | 7.8 | InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54214(opens NVD record) | Medium | 5.5 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54213(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54212(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54211(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54210(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54209(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54208(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54207(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-54206(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-49570(opens NVD record) | High | 7.8 | Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-49562(opens NVD record) | Medium | 5.5 | Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-49561(opens NVD record) | High | 7.8 | Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-36000(opens NVD record) | Medium | 4.4 | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Aug 12, 2025 |
| CVE-2025-53744(opens NVD record) | High | 7.2 | An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager. | Aug 12, 2025 |
| CVE-2025-52970(opens NVD record) | High | 8.1 | A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request. | Aug 12, 2025 |
| CVE-2025-49813(opens NVD record) | High | 7.2 | An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and authenticated attacker with low privilege to execute unauthorized code via specifically crafted HTTP parameters. | Aug 12, 2025 |
| CVE-2025-47857(opens NVD record) | Medium | 6.7 | A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or command via crafted CLI commands. | Aug 12, 2025 |
| CVE-2025-36124(opens NVD record) | Medium | 5.9 | IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration | Aug 12, 2025 |