Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 304/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-25193(opens NVD record) | Medium | 5.5 | Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix. | Feb 10, 2025 |
| CVE-2025-24970(opens NVD record) | High | 7.5 | Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. | Feb 10, 2025 |
| CVE-2024-54176(opens NVD record) | Medium | 4.3 | IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | Feb 8, 2025 |
| CVE-2025-22402(opens NVD record) | Low | 2.6 | Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | Feb 7, 2025 |
| CVE-2025-21408(opens NVD record) | High | 8.8 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Feb 6, 2025 |
| CVE-2025-21404(opens NVD record) | Medium | 4.3 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Feb 6, 2025 |
| CVE-2025-21342(opens NVD record) | High | 8.8 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Feb 6, 2025 |
| CVE-2025-21283(opens NVD record) | Medium | 6.5 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Feb 6, 2025 |
| CVE-2025-21279(opens NVD record) | Medium | 6.5 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | Feb 6, 2025 |
| CVE-2025-21267(opens NVD record) | Medium | 4.4 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Feb 6, 2025 |
| CVE-2025-21253(opens NVD record) | Medium | 5.3 | Microsoft Edge for IOS and Android Spoofing Vulnerability | Feb 6, 2025 |
| CVE-2025-21177(opens NVD record) | High | 8.7 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. | Feb 6, 2025 |
| CVE-2025-1004(opens NVD record) | Medium | 5.3 | Certain HP LaserJet Pro printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer via IPP (Internet Printing Protocol). | Feb 6, 2025 |
| CVE-2025-0158(opens NVD record) | Medium | 5.5 | IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation. | Feb 6, 2025 |
| CVE-2024-56467(opens NVD record) | Low | 3.3 | IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. | Feb 6, 2025 |
| CVE-2024-54171(opens NVD record) | High | 7.1 | IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | Feb 6, 2025 |
| CVE-2025-22936(opens NVD record) | Medium | 5.7 | An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers. | Feb 6, 2025 |
| CVE-2024-52892(opens NVD record) | Medium | 6.1 | IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 6, 2025 |
| CVE-2024-57523(opens NVD record) | Medium | 4.5 | Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. | Feb 6, 2025 |
| CVE-2024-24911(opens NVD record) | Medium | 5.3 | In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache. | Feb 6, 2025 |
| CVE-2024-57962(opens NVD record) | Medium | 6.1 | Vulnerability of incomplete verification information in the VPN service module Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2025 |
| CVE-2024-57961(opens NVD record) | Medium | 6.8 | Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Feb 6, 2025 |
| CVE-2024-57960(opens NVD record) | High | 7.7 | Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2025 |
| CVE-2024-57959(opens NVD record) | Medium | 6.1 | Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Feb 6, 2025 |
| CVE-2024-57958(opens NVD record) | Medium | 5.7 | Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Feb 6, 2025 |
| CVE-2024-57957(opens NVD record) | Medium | 6.6 | Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2025 |
| CVE-2024-57956(opens NVD record) | Low | 2.8 | Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. | Feb 6, 2025 |
| CVE-2024-57955(opens NVD record) | Medium | 6.1 | Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2025 |
| CVE-2024-57954(opens NVD record) | Medium | 6.2 | Permission verification vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2025 |
| CVE-2024-12602(opens NVD record) | Medium | 6.2 | Identity verification vulnerability in the ParamWatcher module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Feb 6, 2025 |
| CVE-2025-0799(opens NVD record) | Medium | 6.5 | IBM App Connect enterprise 12.0.1.0 through 12.0.12.10 and 13.0.1.0 through 13.0.2.1 could allow an authenticated user to write to an arbitrary file on the system during bar configuration deployment due to improper pathname limitations on restricted directories. | Feb 6, 2025 |
| CVE-2024-51450(opens NVD record) | Critical | 9.1 | IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | Feb 6, 2025 |
| CVE-2024-49814(opens NVD record) | High | 7.8 | IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. | Feb 6, 2025 |
| CVE-2024-49800(opens NVD record) | Medium | 4.3 | IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | Feb 6, 2025 |
| CVE-2024-49798(opens NVD record) | Medium | 4.3 | IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | Feb 6, 2025 |
| CVE-2024-49797(opens NVD record) | Medium | 5.9 | IBM ApplinX 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | Feb 6, 2025 |
| CVE-2024-49796(opens NVD record) | Medium | 5.4 | IBM ApplinX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | Feb 6, 2025 |
| CVE-2024-49795(opens NVD record) | Medium | 4.3 | IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Feb 6, 2025 |
| CVE-2024-49794(opens NVD record) | Medium | 4.3 | IBM ApplinX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | Feb 6, 2025 |
| CVE-2024-49793(opens NVD record) | Medium | 5.4 | IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 6, 2025 |
| CVE-2024-49792(opens NVD record) | Medium | 5.4 | IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 6, 2025 |
| CVE-2024-49791(opens NVD record) | Medium | 6.4 | IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 6, 2025 |
| CVE-2024-56473(opens NVD record) | Medium | 5.3 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 could allow an attacker to spoof their IP address, which is written to log files, due to improper verification of 'Client-IP' headers. | Feb 5, 2025 |
| CVE-2024-56472(opens NVD record) | Medium | 6.4 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 5, 2025 |
| CVE-2024-56471(opens NVD record) | Medium | 5.4 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | Feb 5, 2025 |
| CVE-2024-56470(opens NVD record) | Medium | 5.4 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | Feb 5, 2025 |
| CVE-2024-38318(opens NVD record) | Medium | 4.8 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | Feb 5, 2025 |
| CVE-2024-38317(opens NVD record) | Medium | 4.8 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Feb 5, 2025 |
| CVE-2024-38316(opens NVD record) | Medium | 4.3 | IBM Aspera Shares 1.9.0 through 1.10.0 PL6 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | Feb 5, 2025 |
| CVE-2024-57598(opens NVD record) | Medium | 6.5 | A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability. | Feb 5, 2025 |