Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 277/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-22654(opens NVD record) | High | 7.5 | tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c. | May 29, 2025 |
| CVE-2025-5273(opens NVD record) | Medium | 6.5 | Versions of the package mcp-markdownify-server before 1.0.0 are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server. | May 29, 2025 |
| CVE-2025-36572(opens NVD record) | Medium | 6.5 | Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the hard-coded credentials, could potentially exploit this vulnerability to gain unauthorized access based on the hardcoded account's privileges. | May 28, 2025 |
| CVE-2025-45343(opens NVD record) | Critical | 9.8 | An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route. | May 28, 2025 |
| CVE-2024-51453(opens NVD record) | Medium | 4.3 | IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | May 28, 2025 |
| CVE-2024-38341(opens NVD record) | Medium | 5.9 | IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | May 28, 2025 |
| CVE-2025-3357(opens NVD record) | Critical | 9.8 | IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. | May 28, 2025 |
| CVE-2025-47295(opens NVD record) | Low | 3.7 | A buffer over-read in Fortinet FortiOS versions 7.4.0 through 7.4.3, versions 7.2.0 through 7.2.7, and versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the FGFM daemon via a specially crafted request, under rare conditions that are outside of the attacker's control. | May 28, 2025 |
| CVE-2025-47294(opens NVD record) | Medium | 5.3 | A integer overflow or wraparound in Fortinet FortiOS versions 7.2.0 through 7.2.7, versions 7.0.0 through 7.0.14 may allow a remote unauthenticated attacker to crash the csfd daemon via a specially crafted request. | May 28, 2025 |
| CVE-2025-46777(opens NVD record) | Low | 2.3 | A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted secrets via the FortiPortal System Log. | May 28, 2025 |
| CVE-2025-25251(opens NVD record) | High | 7.8 | An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | May 28, 2025 |
| CVE-2025-24473(opens NVD record) | Low | 3.7 | A exposure of sensitive system information to an unauthorized control sphere vulnerability in Fortinet FortiClientWindows 7.2.0 through 7.2.1, FortiClientWindows 7.0.13 through 7.0.14 may allow an unauthorized remote attacker to view application information via navigation to a hosted webpage, if Windows is configured to accept incoming connections to port 8053 (non-default setup) | May 28, 2025 |
| CVE-2025-22252(opens NVD record) | Critical | 9.8 | A missing authentication for critical function in Fortinet FortiProxy versions 7.6.0 through 7.6.1, FortiSwitchManager version 7.2.5, and FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0 may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass. | May 28, 2025 |
| CVE-2024-54020(opens NVD record) | Low | 2.3 | A missing authorization in Fortinet FortiManager versions 7.2.0 through 7.2.1, and versions 7.0.0 through 7.0.7 may allow an authenticated attacker to overwrite global threat feeds via crafted update requests. | May 28, 2025 |
| CVE-2025-25029(opens NVD record) | Medium | 4.9 | IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input. | May 28, 2025 |
| CVE-2025-25026(opens NVD record) | Medium | 4.3 | IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. | May 28, 2025 |
| CVE-2025-25025(opens NVD record) | Medium | 4.3 | IBM Security Guardium 12.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | May 28, 2025 |
| CVE-2024-45094(opens NVD record) | Medium | 5.5 | IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | May 27, 2025 |
| CVE-2025-5278(opens NVD record) | Medium | 4.4 | A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. | May 27, 2025 |
| CVE-2025-5222(opens NVD record) | High | 7.0 | A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. | May 27, 2025 |
| CVE-2025-5198(opens NVD record) | Medium | 5.0 | A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product. | May 27, 2025 |
| CVE-2025-23247(opens NVD record) | Medium | 4.4 | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary, where a failure to check the length of a buffer could allow a user to cause the tool to crash or execute arbitrary code by passing in a malformed ELF file. A successful exploit of this vulnerability might lead to arbitrary code execution. | May 27, 2025 |
| CVE-2025-33079(opens NVD record) | Medium | 6.5 | IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code. | May 27, 2025 |
| CVE-2025-5180(opens NVD record) | High | 7.0 | A vulnerability, which was classified as critical, has been found in Wondershare Filmora 14.5.16. Affected by this issue is some unknown functionality in the library CRYPTBASE.dll of the file NFWCHK.exe of the component Installer. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | May 26, 2025 |
| CVE-2025-24917(opens NVD record) | High | 7.8 | In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation. | May 23, 2025 |
| CVE-2025-24916(opens NVD record) | High | 7.0 | When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | May 23, 2025 |
| CVE-2025-41407(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report. | May 23, 2025 |
| CVE-2025-36527(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports. | May 23, 2025 |
| CVE-2025-47181(opens NVD record) | High | 8.8 | Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an authorized attacker to elevate privileges locally. | May 22, 2025 |
| CVE-2024-5962(opens NVD record) | Medium | 6.1 | A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking. | May 22, 2025 |
| CVE-2024-7487(opens NVD record) | Medium | 5.8 | An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process. | May 22, 2025 |
| CVE-2024-7103(opens NVD record) | Medium | 4.6 | A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser. While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking. | May 22, 2025 |
| CVE-2024-6914(opens NVD record) | Critical | 9.8 | An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges. This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the "/services" context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the "Security Guidelines for Production Deployment" by disabling exposure to untrusted networks. | May 22, 2025 |
| CVE-2025-33138(opens NVD record) | Medium | 5.4 | IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | May 22, 2025 |
| CVE-2025-33137(opens NVD record) | High | 7.1 | IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security. | May 22, 2025 |
| CVE-2025-33136(opens NVD record) | High | 7.1 | IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data. | May 22, 2025 |
| CVE-2025-32915(opens NVD record) | Medium | 5.5 | Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. | May 22, 2025 |
| CVE-2025-3944(opens NVD record) | High | 7.2 | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3943(opens NVD record) | Medium | 4.1 | Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3942(opens NVD record) | Medium | 4.3 | Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3941(opens NVD record) | Medium | 5.4 | Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3940(opens NVD record) | Medium | 5.3 | Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3939(opens NVD record) | Medium | 5.3 | Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3938(opens NVD record) | Medium | 6.8 | Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3937(opens NVD record) | High | 7.7 | Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-3936(opens NVD record) | Medium | 6.5 | Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | May 22, 2025 |
| CVE-2025-41403(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data. | May 22, 2025 |
| CVE-2025-3836(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report. | May 22, 2025 |
| CVE-2025-3444(opens NVD record) | Medium | 6.5 | Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded. | May 22, 2025 |
| CVE-2025-34026(opens NVD record) | High | 7.5 | The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. | May 21, 2025 |