Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
13,062 matching · page 262/262Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-47158(opens NVD record) | Critical | 9.0 | Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | Jul 18, 2025 |
| CVE-2025-45157(opens NVD record) | Medium | 6.5 | Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users. | Jul 18, 2025 |
| CVE-2025-45156(opens NVD record) | Medium | 5.3 | Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users. | Jul 18, 2025 |
| CVE-2025-7784(opens NVD record) | Medium | 6.5 | A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm. | Jul 18, 2025 |
| CVE-2024-32124(opens NVD record) | Medium | 4.3 | An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request. | Jul 18, 2025 |
| CVE-2024-27779(opens NVD record) | Medium | 6.7 | An insufficient session expiration vulnerability [CWE-613] in FortiSandbox FortiSandbox version 4.4.4 and below, version 4.2.6 and below, 4.0 all versions, 3.2 all versions and FortiIsolator version 2.4 and below, 2.3 all versions, 2.2 all versions, 2.1 all versions, 2.0 all versions, 1.2 all versions may allow a remote attacker in possession of an admin session cookie to keep using that admin's session even after the admin user was deleted. | Jul 18, 2025 |
| CVE-2025-7398(opens NVD record) | Critical | 9.1 | Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036. | Jul 17, 2025 |
| CVE-2025-7397(opens NVD record) | High | 7.1 | A vulnerability in the ascgshell, of Brocade ASCG before 3.3.0 stores any command executed in the Command Line Interface (CLI) in plain text within the command history. A local authenticated user that can access sensitive information like passwords within the CLI history leading to unauthorized access and potential data breaches. | Jul 17, 2025 |
| CVE-2025-6391(opens NVD record) | Critical | 9.1 | Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure. | Jul 17, 2025 |
| CVE-2025-46102(opens NVD record) | Medium | 5.4 | Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive information via the URL parameter | Jul 17, 2025 |
| CVE-2025-53867(opens NVD record) | Critical | 9.8 | Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL. | Jul 17, 2025 |
| CVE-2025-25257(opens NVD record) | Critical | 9.8 | An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | Jul 17, 2025 |