Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,609 matching · page 266/1633Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-49528(opens NVD record) | High | 7.8 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49527(opens NVD record) | High | 7.8 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49526(opens NVD record) | High | 7.8 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49525(opens NVD record) | Medium | 5.5 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49524(opens NVD record) | Medium | 5.5 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47136(opens NVD record) | High | 7.8 | InDesign Desktop versions 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47134(opens NVD record) | High | 7.8 | InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47103(opens NVD record) | High | 7.8 | InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-43594(opens NVD record) | High | 7.8 | InDesign Desktop versions 19.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-43592(opens NVD record) | High | 7.8 | InDesign Desktop versions 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-43591(opens NVD record) | High | 7.8 | InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-30313(opens NVD record) | Medium | 5.5 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-27165(opens NVD record) | Medium | 5.5 | Substance3D - Stager versions 3.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-27369(opens NVD record) | Medium | 4.3 | IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used for the administration of OpenPages. An authenticated user is able to obtain certain information about system configuration and internal state which is only intended for administrators of the system. | Jul 8, 2025 |
| CVE-2025-27367(opens NVD record) | Medium | 5.3 | IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to improper input validation due to bypassing of client-side validation for the data types and requiredness of fields for GRC Objects when an authenticated user sends a specially crafted payload to the server allowing for data to be saved without storing the required fields. | Jul 8, 2025 |
| CVE-2024-49784(opens NVD record) | Medium | 5.3 | IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values they could exploit this weaker algorithm to use additional cryptographic methods to possibly extract the encrypted data. | Jul 8, 2025 |
| CVE-2024-49783(opens NVD record) | Medium | 5.3 | IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data. | Jul 8, 2025 |
| CVE-2023-43039(opens NVD record) | Medium | 6.1 | IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session | Jul 8, 2025 |
| CVE-2025-4663(opens NVD record) | Medium | 4.9 | An Improper Check for Unusual or Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a could allow an authenticated, network-based attacker to cause a Denial-of-Service (DoS). The vulnerability is encountered when supportsave is invoked remotely, using ssh command or SANnav inline ssh, and the corresponding ssh session is terminated with Control C (^c ) before supportsave completion. This issue affects Brocade Fabric OS 9.0.0 through 9.2.2 | Jul 8, 2025 |
| CVE-2025-47135(opens NVD record) | Medium | 5.5 | Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-30312(opens NVD record) | High | 7.8 | Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49760(opens NVD record) | Low | 3.5 | External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network. | Jul 8, 2025 |
| CVE-2025-49756(opens NVD record) | Low | 3.3 | Use of a broken or risky cryptographic algorithm in Office Developer Platform allows an authorized attacker to bypass a security feature locally. | Jul 8, 2025 |
| CVE-2025-49753(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | Jul 8, 2025 |
| CVE-2025-49744(opens NVD record) | High | 7.0 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49742(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally. | Jul 8, 2025 |
| CVE-2025-49740(opens NVD record) | High | 8.8 | Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network. | Jul 8, 2025 |
| CVE-2025-49739(opens NVD record) | High | 8.8 | Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. | Jul 8, 2025 |
| CVE-2025-49738(opens NVD record) | High | 7.8 | Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49737(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49735(opens NVD record) | High | 8.1 | Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | Jul 8, 2025 |
| CVE-2025-49733(opens NVD record) | High | 7.8 | Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49732(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49731(opens NVD record) | Low | 3.1 | Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | Jul 8, 2025 |
| CVE-2025-49730(opens NVD record) | High | 7.8 | Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49729(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | Jul 8, 2025 |
| CVE-2025-49727(opens NVD record) | High | 7.0 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49726(opens NVD record) | High | 7.8 | Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49725(opens NVD record) | High | 7.8 | Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49724(opens NVD record) | High | 8.8 | Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. | Jul 8, 2025 |
| CVE-2025-49723(opens NVD record) | High | 8.8 | Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally. | Jul 8, 2025 |
| CVE-2025-49722(opens NVD record) | Medium | 5.7 | Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network. | Jul 8, 2025 |
| CVE-2025-49721(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally. | Jul 8, 2025 |
| CVE-2025-49719(opens NVD record) | High | 7.5 | Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. | Jul 8, 2025 |
| CVE-2025-49718(opens NVD record) | High | 7.5 | Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. | Jul 8, 2025 |
| CVE-2025-49717(opens NVD record) | High | 8.5 | Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. | Jul 8, 2025 |
| CVE-2025-49716(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network. | Jul 8, 2025 |
| CVE-2025-49714(opens NVD record) | High | 7.8 | Trust boundary violation in Visual Studio Code - Python extension allows an unauthorized attacker to execute code locally. | Jul 8, 2025 |
| CVE-2025-49711(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Jul 8, 2025 |
| CVE-2025-49706(opens NVD record) | Medium | 6.5 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | Jul 8, 2025 |