Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 256/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-8582(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | Aug 7, 2025 |
| CVE-2025-8581(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Aug 7, 2025 |
| CVE-2025-8580(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Aug 7, 2025 |
| CVE-2025-8579(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Aug 7, 2025 |
| CVE-2025-8578(opens NVD record) | High | 8.8 | Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Aug 7, 2025 |
| CVE-2025-8577(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Aug 7, 2025 |
| CVE-2025-8576(opens NVD record) | High | 8.8 | Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | Aug 7, 2025 |
| CVE-2025-51058(opens NVD record) | Medium | 6.5 | Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery (SSRF) in the /api_vedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter. | Aug 6, 2025 |
| CVE-2025-51057(opens NVD record) | Medium | 6.5 | A local file inclusion (LFI) vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'readfile()' function call in '/api_vedo/video/preview'. | Aug 6, 2025 |
| CVE-2025-51056(opens NVD record) | High | 8.2 | An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE). | Aug 6, 2025 |
| CVE-2025-51055(opens NVD record) | High | 8.6 | Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains clear-text credentials, secret keys, and database information. | Aug 6, 2025 |
| CVE-2025-51054(opens NVD record) | Medium | 6.5 | Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty HTTP POST request to the /autologin/ API endpoint. | Aug 6, 2025 |
| CVE-2025-51053(opens NVD record) | Medium | 6.1 | A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in victim's browser. | Aug 6, 2025 |
| CVE-2025-51052(opens NVD record) | Medium | 6.5 | A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'. | Aug 6, 2025 |
| CVE-2024-55402(opens NVD record) | Medium | 5.3 | 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue. | Aug 6, 2025 |
| CVE-2024-55399(opens NVD record) | Medium | 6.5 | 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF). | Aug 6, 2025 |
| CVE-2024-55398(opens NVD record) | Medium | 6.5 | 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. | Aug 6, 2025 |
| CVE-2025-51624(opens NVD record) | High | 7.6 | Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0. | Aug 6, 2025 |
| CVE-2025-38747(opens NVD record) | High | 7.8 | Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges. | Aug 6, 2025 |
| CVE-2025-38746(opens NVD record) | Low | 3.5 | Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure. | Aug 6, 2025 |
| CVE-2025-8419(opens NVD record) | Medium | 5.3 | A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks. | Aug 6, 2025 |
| CVE-2025-53786(opens NVD record) | High | 8.0 | On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment. | Aug 6, 2025 |
| CVE-2025-36020(opens NVD record) | Medium | 5.9 | IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information. | Aug 6, 2025 |
| CVE-2025-2028(opens NVD record) | Medium | 6.5 | Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs | Aug 6, 2025 |
| CVE-2024-52885(opens NVD record) | Medium | 5.0 | The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway. | Aug 6, 2025 |
| CVE-2025-3354(opens NVD record) | High | 8.1 | IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | Aug 6, 2025 |
| CVE-2025-3320(opens NVD record) | High | 8.1 | IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | Aug 6, 2025 |
| CVE-2025-23335(opens NVD record) | Medium | 4.4 | NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker could cause an underflow by a specific model configuration and a specific input. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23334(opens NVD record) | Medium | 5.9 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request. A successful exploit of this vulnerability might lead to information disclosure. | Aug 6, 2025 |
| CVE-2025-23333(opens NVD record) | Medium | 5.9 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by manipulating shared memory data. A successful exploit of this vulnerability might lead to information disclosure. | Aug 6, 2025 |
| CVE-2025-23331(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a memory allocation with excessive size value, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23327(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through specially crafted inputs. A successful exploit of this vulnerability might lead to denial of service and data tampering. | Aug 6, 2025 |
| CVE-2025-23326(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23325(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23324(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23323(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause an integer overflow or wraparound, leading to a segmentation fault, by providing an invalid request. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23322(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where multiple requests could cause a double free when a stream is cancelled before it is processed. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23321(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where a user could cause a divide by zero issue by issuing an invalid request. A successful exploit of this vulnerability might lead to denial of service. | Aug 6, 2025 |
| CVE-2025-23320(opens NVD record) | High | 7.5 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request. A successful exploit of this vulnerability might lead to information disclosure. | Aug 6, 2025 |
| CVE-2025-23319(opens NVD record) | High | 8.1 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure. | Aug 6, 2025 |
| CVE-2025-23318(opens NVD record) | High | 8.1 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. | Aug 6, 2025 |
| CVE-2025-23317(opens NVD record) | Critical | 9.1 | NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code execution, denial of service, data tampering, or information disclosure. | Aug 6, 2025 |
| CVE-2025-23311(opens NVD record) | Critical | 9.8 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering. | Aug 6, 2025 |
| CVE-2025-23310(opens NVD record) | Critical | 9.8 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause stack buffer overflow by specially crafted inputs. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, and data tampering. | Aug 6, 2025 |
| CVE-2025-54651(opens NVD record) | Medium | 4.8 | Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Aug 6, 2025 |
| CVE-2025-54650(opens NVD record) | Medium | 4.2 | Improper array index verification vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect the audio decoding function. | Aug 6, 2025 |
| CVE-2025-54649(opens NVD record) | Medium | 4.5 | Vulnerability of using incompatible types to access resources in the location service. Impact: Successful exploitation of this vulnerability may cause some location information attributes to be incorrect. | Aug 6, 2025 |
| CVE-2025-54648(opens NVD record) | Medium | 5.4 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability. | Aug 6, 2025 |
| CVE-2025-54647(opens NVD record) | Medium | 5.4 | Out-of-bounds read vulnerability in the SSAP module of the NearLink protocol stack. Impact: Successful exploitation of this vulnerability may affect availability. | Aug 6, 2025 |
| CVE-2025-54646(opens NVD record) | Medium | 5.1 | Vulnerability of inadequate packet length check in the BLE module. Impact: Successful exploitation of this vulnerability may affect performance. | Aug 6, 2025 |