Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,609 matching · page 259/1633Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-45620(opens NVD record) | High | 8.1 | An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request | Jul 30, 2025 |
| CVE-2025-45619(opens NVD record) | Medium | 6.5 | An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function | Jul 30, 2025 |
| CVE-2025-36611(opens NVD record) | High | 7.3 | Dell Encryption and Dell Security Management Server, versions prior to 11.11.0, contain an Improper Link Resolution Before File Access ('Link Following') Vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation. | Jul 30, 2025 |
| CVE-2025-25692(opens NVD record) | Medium | 6.5 | A PHAR deserialization vulnerability in the _getHeaders function of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | Jul 30, 2025 |
| CVE-2025-25691(opens NVD record) | Medium | 6.5 | A PHAR deserialization vulnerability in the component /themes/import of PrestaShop v8.2.0 allows attackers to execute arbitrary code via a crafted POST request. | Jul 30, 2025 |
| CVE-2024-45955(opens NVD record) | High | 7.3 | Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter. | Jul 30, 2025 |
| CVE-2025-43018(opens NVD record) | Medium | 5.3 | Certain HP LaserJet Pro printers may be vulnerable to information disclosure when a non-authenticated user queries a device’s local address book. | Jul 30, 2025 |
| CVE-2025-8292(opens NVD record) | High | 8.8 | Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Jul 30, 2025 |
| CVE-2025-8319(opens NVD record) | Medium | 6.1 | the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter | Jul 30, 2025 |
| CVE-2025-43214(opens NVD record) | Medium | 6.5 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | Jul 30, 2025 |
| CVE-2025-43213(opens NVD record) | Medium | 6.5 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. | Jul 30, 2025 |
| CVE-2025-31277(opens NVD record) | High | 8.8 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption. | Jul 30, 2025 |
| CVE-2025-7361(opens NVD record) | High | 7.8 | A code injection vulnerability due to an improper initialization check exists in NI LabVIEW that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI using a CIN node. This vulnerability affects 32-bit NI LabVIEW 2025 Q1 and prior versions. LabVIEW 64-bit versions do not support CIN nodes and are not affected. | Jul 29, 2025 |
| CVE-2025-40600(opens NVD record) | Critical | 9.8 | Use of Externally-Controlled Format String vulnerability in the SonicOS SSL VPN interface allows a remote unauthenticated attacker to cause service disruption. | Jul 29, 2025 |
| CVE-2025-36071(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources. | Jul 29, 2025 |
| CVE-2025-33114(opens NVD record) | Medium | 5.3 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions. | Jul 29, 2025 |
| CVE-2025-33092(opens NVD record) | High | 7.8 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | Jul 29, 2025 |
| CVE-2024-52894(opens NVD record) | Medium | 4.9 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | Jul 29, 2025 |
| CVE-2024-51473(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | Jul 29, 2025 |
| CVE-2024-49828(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | Jul 29, 2025 |
| CVE-2025-36010(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock. | Jul 29, 2025 |
| CVE-2025-2533(opens NVD record) | Medium | 5.3 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | Jul 29, 2025 |
| CVE-2025-28170(opens NVD record) | High | 7.6 | Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files. | Jul 29, 2025 |
| CVE-2025-28171(opens NVD record) | Medium | 6.5 | An issue in Grandstream UCM6510 v.1.0.20.52 and before allows a remote attacker to obtain sensitive information via the Login function at /cgi and /webrtccgi. | Jul 29, 2025 |
| CVE-2025-28172(opens NVD record) | Medium | 6.5 | Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform an arbitrary number of authentication attempts using different passwords and eventually gain access to the targeted account using a brute force attack. | Jul 29, 2025 |
| CVE-2025-6505(opens NVD record) | High | 8.1 | Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access. When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters. | Jul 29, 2025 |
| CVE-2025-6504(opens NVD record) | High | 8.4 | In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range. This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access. | Jul 29, 2025 |
| CVE-2025-26400(opens NVD record) | Medium | 5.3 | SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files. | Jul 29, 2025 |
| CVE-2025-50486(opens NVD record) | High | 7.1 | Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50485(opens NVD record) | High | 7.1 | Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-29534(opens NVD record) | High | 8.8 | An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from insufficient sanitization of user-supplied input in the /cgi-bin/cgi_vista.cgi executable, which is passed to a system-level function call. | Jul 28, 2025 |
| CVE-2025-8283(opens NVD record) | Low | 3.7 | A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers. | Jul 28, 2025 |
| CVE-2025-50487(opens NVD record) | High | 7.1 | Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50484(opens NVD record) | High | 7.1 | Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50492(opens NVD record) | High | 7.5 | Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50491(opens NVD record) | High | 7.1 | Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50489(opens NVD record) | High | 7.5 | Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50488(opens NVD record) | High | 7.1 | Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-43023(opens NVD record) | Critical | 9.1 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is due to the use of a weak code signing key, Digital Signature Algorithm (DSA). | Jul 28, 2025 |
| CVE-2025-50494(opens NVD record) | High | 7.5 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50493(opens NVD record) | High | 7.5 | Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-50490(opens NVD record) | High | 7.5 | Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack. | Jul 28, 2025 |
| CVE-2025-6250(opens NVD record) | Medium | 6.7 | Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions. | Jul 28, 2025 |
| CVE-2025-2297(opens NVD record) | High | 7.8 | Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator. | Jul 28, 2025 |
| CVE-2024-49343(opens NVD record) | Medium | 5.4 | IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | Jul 28, 2025 |
| CVE-2024-49342(opens NVD record) | High | 7.5 | IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | Jul 28, 2025 |
| CVE-2025-4056(opens NVD record) | High | 7.5 | A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | Jul 28, 2025 |
| CVE-2025-52455(opens NVD record) | Medium | 5.3 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | Jul 25, 2025 |
| CVE-2025-52454(opens NVD record) | High | 8.2 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | Jul 25, 2025 |
| CVE-2025-52453(opens NVD record) | High | 8.2 | Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19. | Jul 25, 2025 |