Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
18,100 matching · page 273/362Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-4231(opens NVD record) | High | 7.2 | A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | Jun 13, 2025 |
| CVE-2025-27689(opens NVD record) | High | 7.8 | Dell iDRAC Tools, version(s) prior to 11.3.0.0, contain(s) an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | Jun 12, 2025 |
| CVE-2025-46035(opens NVD record) | High | 7.5 | Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint | Jun 12, 2025 |
| CVE-2025-36573(opens NVD record) | High | 7.1 | Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability, leading to Information disclosure. | Jun 12, 2025 |
| CVE-2025-6021(opens NVD record) | High | 7.5 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. | Jun 12, 2025 |
| CVE-2025-4613(opens NVD record) | High | 8.8 | Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template | Jun 12, 2025 |
| CVE-2025-25032(opens NVD record) | High | 7.5 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a specially crafted request that would exhaust memory resources. | Jun 11, 2025 |
| CVE-2025-0923(opens NVD record) | Medium | 5.3 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against the system. | Jun 11, 2025 |
| CVE-2025-0917(opens NVD record) | Medium | 5.5 | IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Jun 11, 2025 |
| CVE-2025-0913(opens NVD record) | Medium | 5.5 | os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink. | Jun 11, 2025 |
| CVE-2025-3473(opens NVD record) | Medium | 6.7 | IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. | Jun 11, 2025 |
| CVE-2025-0163(opens NVD record) | Medium | 5.3 | IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts. | Jun 11, 2025 |
| CVE-2025-32711(opens NVD record) | Critical | 9.3 | Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | Jun 11, 2025 |
| CVE-2025-32717(opens NVD record) | High | 8.4 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Jun 11, 2025 |
| CVE-2024-41505(opens NVD record) | Medium | 6.1 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor). | Jun 10, 2025 |
| CVE-2024-41504(opens NVD record) | Medium | 6.1 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript. | Jun 10, 2025 |
| CVE-2024-41503(opens NVD record) | Medium | 6.1 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function. | Jun 10, 2025 |
| CVE-2024-41502(opens NVD record) | Medium | 6.1 | Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person. | Jun 10, 2025 |
| CVE-2025-47112(opens NVD record) | Medium | 5.5 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-47111(opens NVD record) | Medium | 5.5 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-47107(opens NVD record) | High | 7.8 | InCopy versions 20.2, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-43579(opens NVD record) | Medium | 5.5 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information. Exploitation of this issue does not require user interaction. | Jun 10, 2025 |
| CVE-2025-43578(opens NVD record) | Medium | 5.5 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-43577(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-43576(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-43575(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-43574(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-43573(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-43550(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-30327(opens NVD record) | High | 7.8 | InCopy versions 20.2, 19.5.3 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-36580(opens NVD record) | Medium | 6.1 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection | Jun 10, 2025 |
| CVE-2025-36578(opens NVD record) | Medium | 6.8 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Incorrect Authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | Jun 10, 2025 |
| CVE-2025-36577(opens NVD record) | Medium | 6.1 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | Jun 10, 2025 |
| CVE-2025-36576(opens NVD record) | Low | 2.7 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain a Cross-Site Request Forgery (CSRF) vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Server-side request forgery. | Jun 10, 2025 |
| CVE-2025-36575(opens NVD record) | High | 7.5 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Exposure of Sensitive Information Through Data Queries vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | Jun 10, 2025 |
| CVE-2025-36574(opens NVD record) | High | 8.2 | Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Absolute Path Traversal vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure and Unauthorized access. | Jun 10, 2025 |
| CVE-2025-47977(opens NVD record) | High | 8.2 | Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. | Jun 10, 2025 |
| CVE-2025-47969(opens NVD record) | Medium | 4.4 | Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally. | Jun 10, 2025 |
| CVE-2025-47968(opens NVD record) | High | 7.8 | Improper input validation in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | Jun 10, 2025 |
| CVE-2025-47962(opens NVD record) | High | 7.8 | Improper access control in Windows SDK allows an authorized attacker to elevate privileges locally. | Jun 10, 2025 |
| CVE-2025-47957(opens NVD record) | High | 8.4 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Jun 10, 2025 |
| CVE-2025-47956(opens NVD record) | Medium | 5.5 | External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | Jun 10, 2025 |
| CVE-2025-47955(opens NVD record) | High | 7.8 | Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | Jun 10, 2025 |
| CVE-2025-47953(opens NVD record) | High | 8.4 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 10, 2025 |
| CVE-2025-47176(opens NVD record) | High | 7.8 | '.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. | Jun 10, 2025 |
| CVE-2025-47175(opens NVD record) | High | 7.8 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | Jun 10, 2025 |
| CVE-2025-47174(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Jun 10, 2025 |
| CVE-2025-47173(opens NVD record) | High | 7.8 | Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally. | Jun 10, 2025 |
| CVE-2025-47172(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Jun 10, 2025 |
| CVE-2025-47171(opens NVD record) | Medium | 6.7 | Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | Jun 10, 2025 |