Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 291/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-31172(opens NVD record) | High | 7.8 | Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Apr 7, 2025 |
| CVE-2025-31171(opens NVD record) | Medium | 6.8 | File read permission bypass vulnerability in the kernel file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Apr 7, 2025 |
| CVE-2025-31170(opens NVD record) | High | 8.4 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | Apr 7, 2025 |
| CVE-2024-58127(opens NVD record) | High | 8.4 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | Apr 7, 2025 |
| CVE-2024-58126(opens NVD record) | High | 8.4 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | Apr 7, 2025 |
| CVE-2024-58125(opens NVD record) | High | 8.4 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | Apr 7, 2025 |
| CVE-2024-58124(opens NVD record) | High | 8.4 | Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | Apr 7, 2025 |
| CVE-2024-58116(opens NVD record) | Medium | 4.0 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58115(opens NVD record) | Medium | 4.0 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58113(opens NVD record) | Medium | 5.3 | Vulnerability of improper resource management in the memory management module Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58112(opens NVD record) | High | 7.5 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58111(opens NVD record) | High | 7.5 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58110(opens NVD record) | Medium | 4.6 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58109(opens NVD record) | Medium | 4.6 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58108(opens NVD record) | Medium | 4.6 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58107(opens NVD record) | High | 7.5 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2024-58106(opens NVD record) | Medium | 4.6 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. | Apr 7, 2025 |
| CVE-2025-1500(opens NVD record) | Medium | 5.5 | IBM Maximo Application Suite 9.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened. | Apr 5, 2025 |
| CVE-2025-29815(opens NVD record) | High | 7.6 | Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | Apr 4, 2025 |
| CVE-2025-29796(opens NVD record) | Medium | 4.7 | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | Apr 4, 2025 |
| CVE-2025-25001(opens NVD record) | Medium | 4.3 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | Apr 4, 2025 |
| CVE-2025-25000(opens NVD record) | High | 8.8 | Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | Apr 4, 2025 |
| CVE-2025-29987(opens NVD record) | High | 8.8 | Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of Access Control vulnerability. An authenticated user from a trusted remote client could exploit this vulnerability to execute arbitrary commands with root privileges. | Apr 3, 2025 |
| CVE-2025-22457(opens NVD record) | Critical | 9.0 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution. | Apr 3, 2025 |
| CVE-2024-4877(opens NVD record) | High | 8.8 | OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its privileges | Apr 3, 2025 |
| CVE-2025-3155(opens NVD record) | High | 7.4 | A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. | Apr 3, 2025 |
| CVE-2025-22005(opens NVD record) | Medium | 5.5 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init() but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak. Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the error path. Note that we can remove the fib6_nh_release() call in nh_create_ipv6() later in net-next.git. | Apr 3, 2025 |
| CVE-2025-21999(opens NVD record) | High | 7.8 | In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered is a bug unless use_pde/unuse_pde() pair has been used. use_pde/unuse_pde can be avoided (2 atomic ops!) because pde->proc_ops never changes so information necessary for inode instantiation can be saved _before_ proc_register() in PDE itself and used later, avoiding pde->proc_ops->... dereference. rmmod lookup sys_delete_module proc_lookup_de pde_get(de); proc_get_inode(dir->i_sb, de); mod->exit() proc_remove remove_proc_subtree proc_entry_rundown(de); free_module(mod); if (S_ISREG(inode->i_mode)) if (de->proc_ops->proc_read_iter) --> As module is already freed, will trigger UAF BUG: unable to handle page fault for address: fffffbfff80a702b PGD 817fc4067 P4D 817fc4067 PUD 817fc0067 PMD 102ef4067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 26 UID: 0 PID: 2667 Comm: ls Tainted: G Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:proc_get_inode+0x302/0x6e0 RSP: 0018:ffff88811c837998 EFLAGS: 00010a06 RAX: dffffc0000000000 RBX: ffffffffc0538140 RCX: 0000000000000007 RDX: 1ffffffff80a702b RSI: 0000000000000001 RDI: ffffffffc0538158 RBP: ffff8881299a6000 R08: 0000000067bbe1e5 R09: 1ffff11023906f20 R10: ffffffffb560ca07 R11: ffffffffb2b43a58 R12: ffff888105bb78f0 R13: ffff888100518048 R14: ffff8881299a6004 R15: 0000000000000001 FS: 00007f95b9686840(0000) GS:ffff8883af100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: fffffbfff80a702b CR3: 0000000117dd2000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_lookup_de+0x11f/0x2e0 __lookup_slow+0x188/0x350 walk_component+0x2ab/0x4f0 path_lookupat+0x120/0x660 filename_lookup+0x1ce/0x560 vfs_statx+0xac/0x150 __do_sys_newstat+0x96/0x110 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e [adobriyan@gmail.com: don't do 2 atomic ops on the common path] | Apr 3, 2025 |
| CVE-2025-2784(opens NVD record) | High | 7.0 | A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. | Apr 3, 2025 |
| CVE-2025-2704(opens NVD record) | High | 7.5 | OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase | Apr 2, 2025 |
| CVE-2025-31286(opens NVD record) | Medium | 4.6 | An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | Apr 2, 2025 |
| CVE-2025-31285(opens NVD record) | Medium | 4.6 | A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | Apr 2, 2025 |
| CVE-2025-31284(opens NVD record) | Medium | 4.6 | A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | Apr 2, 2025 |
| CVE-2025-31283(opens NVD record) | Medium | 4.6 | A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | Apr 2, 2025 |
| CVE-2025-31282(opens NVD record) | Medium | 4.6 | A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | Apr 2, 2025 |
| CVE-2025-20203(opens NVD record) | Medium | 4.8 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid administrative credentials. {{value}} ["%7b%7bvalue%7d%7d"])}]] | Apr 2, 2025 |
| CVE-2025-20139(opens NVD record) | High | 7.5 | A vulnerability in chat messaging features of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input to chat entry points. An attacker could exploit this vulnerability by sending malicious requests to a messaging chat entry point in the affected application. A successful exploit could allow the attacker to cause the application to stop responding, resulting in a DoS condition. The application may not recover on its own and may need an administrator to manually restart services to recover. | Apr 2, 2025 |
| CVE-2025-20120(opens NVD record) | Medium | 6.1 | A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | Apr 2, 2025 |
| CVE-2025-0154(opens NVD record) | Medium | 5.3 | IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers. | Apr 2, 2025 |
| CVE-2024-56476(opens NVD record) | Medium | 5.3 | IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy. | Apr 2, 2025 |
| CVE-2024-56475(opens NVD record) | Medium | 5.4 | IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Apr 2, 2025 |
| CVE-2024-56474(opens NVD record) | Medium | 4.3 | IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Apr 2, 2025 |
| CVE-2024-56341(opens NVD record) | Medium | 5.4 | IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Apr 2, 2025 |
| CVE-2024-25051(opens NVD record) | Medium | 6.6 | IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system. | Apr 2, 2025 |
| CVE-2025-27556(opens NVD record) | Medium | 5.8 | An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | Apr 2, 2025 |
| CVE-2023-40714(opens NVD record) | Critical | 9.9 | A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements | Apr 2, 2025 |
| CVE-2024-45700(opens NVD record) | Medium | 6.5 | Zabbix server is vulnerable to a DoS vulnerability due to uncontrolled resource exhaustion. An attacker can send specially crafted requests to the server, which will cause the server to allocate an excessive amount of memory and perform CPU-intensive decompression operations, ultimately leading to a service crash. | Apr 2, 2025 |
| CVE-2024-45699(opens NVD record) | Medium | 5.4 | The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser. | Apr 2, 2025 |
| CVE-2024-42325(opens NVD record) | Low | 3.5 | Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc. | Apr 2, 2025 |
| CVE-2024-36469(opens NVD record) | Low | 3.1 | Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. | Apr 2, 2025 |