Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 311/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-22905(opens NVD record) | Critical | 9.8 | RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | Jan 16, 2025 |
| CVE-2025-22904(opens NVD record) | Critical | 9.8 | RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. | Jan 16, 2025 |
| CVE-2024-54540(opens NVD record) | Medium | 4.3 | The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | Jan 15, 2025 |
| CVE-2025-0502(opens NVD record) | Critical | 9.1 | Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6. | Jan 15, 2025 |
| CVE-2024-12084(opens NVD record) | Critical | 9.8 | A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. | Jan 15, 2025 |
| CVE-2024-5198(opens NVD record) | Low | 3.3 | OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt. | Jan 15, 2025 |
| CVE-2025-0440(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jan 15, 2025 |
| CVE-2024-35280(opens NVD record) | Medium | 5.4 | A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints | Jan 15, 2025 |
| CVE-2025-22394(opens NVD record) | Medium | 6.7 | Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation. | Jan 15, 2025 |
| CVE-2025-21101(opens NVD record) | Medium | 6.6 | Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. | Jan 15, 2025 |
| CVE-2024-57483(opens NVD record) | Critical | 9.8 | Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. | Jan 14, 2025 |
| CVE-2024-57473(opens NVD record) | Critical | 9.8 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | Jan 14, 2025 |
| CVE-2024-42911(opens NVD record) | High | 7.4 | ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. | Jan 14, 2025 |
| CVE-2024-57482(opens NVD record) | Critical | 9.8 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | Jan 14, 2025 |
| CVE-2024-57480(opens NVD record) | Critical | 9.8 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | Jan 14, 2025 |
| CVE-2024-57479(opens NVD record) | Critical | 9.8 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | Jan 14, 2025 |
| CVE-2024-57471(opens NVD record) | Critical | 9.8 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | Jan 14, 2025 |
| CVE-2025-21135(opens NVD record) | High | 7.8 | Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jan 14, 2025 |
| CVE-2025-21132(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jan 14, 2025 |
| CVE-2025-21131(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jan 14, 2025 |
| CVE-2025-21130(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jan 14, 2025 |
| CVE-2025-21129(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jan 14, 2025 |
| CVE-2025-21128(opens NVD record) | High | 7.8 | Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jan 14, 2025 |
| CVE-2025-21127(opens NVD record) | High | 7.8 | Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application. | Jan 14, 2025 |
| CVE-2025-21122(opens NVD record) | High | 7.8 | Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jan 14, 2025 |
| CVE-2025-0474(opens NVD record) | High | 7.7 | Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23. | Jan 14, 2025 |
| CVE-2025-23366(opens NVD record) | Medium | 6.5 | A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”. | Jan 14, 2025 |
| CVE-2025-21417(opens NVD record) | High | 8.8 | Windows Telephony Service Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21413(opens NVD record) | High | 8.8 | Windows Telephony Service Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21411(opens NVD record) | High | 8.8 | Windows Telephony Service Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21409(opens NVD record) | High | 8.8 | Windows Telephony Service Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21405(opens NVD record) | High | 7.3 | Visual Studio Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21403(opens NVD record) | Medium | 6.4 | On-Premises Data Gateway Information Disclosure Vulnerability | Jan 14, 2025 |
| CVE-2025-21402(opens NVD record) | High | 7.8 | Microsoft Office OneNote Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21395(opens NVD record) | High | 7.8 | Microsoft Access Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21393(opens NVD record) | Medium | 6.3 | Microsoft SharePoint Server Spoofing Vulnerability | Jan 14, 2025 |
| CVE-2025-21389(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. | Jan 14, 2025 |
| CVE-2025-21382(opens NVD record) | High | 7.8 | Windows Graphics Component Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21378(opens NVD record) | High | 7.8 | Windows CSC Service Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21374(opens NVD record) | Medium | 5.5 | Windows CSC Service Information Disclosure Vulnerability | Jan 14, 2025 |
| CVE-2025-21372(opens NVD record) | High | 7.8 | Microsoft Brokering File System Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21370(opens NVD record) | High | 7.8 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21366(opens NVD record) | High | 7.8 | Microsoft Access Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21365(opens NVD record) | High | 7.8 | Microsoft Office Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21364(opens NVD record) | High | 7.8 | Microsoft Excel Security Feature Bypass Vulnerability | Jan 14, 2025 |
| CVE-2025-21363(opens NVD record) | High | 7.8 | Microsoft Word Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21362(opens NVD record) | High | 8.4 | Microsoft Excel Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21361(opens NVD record) | High | 7.8 | Microsoft Outlook Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21360(opens NVD record) | High | 7.8 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21357(opens NVD record) | Medium | 6.7 | Microsoft Outlook Remote Code Execution Vulnerability | Jan 14, 2025 |