Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-57870 | CRITICAL | Patched | 10.0 | 2025-10-22 | A SQL Injection vulnerability exists in Esri ArcGIS Server versions 11.3, 11.4 and 11.5 on Windows, Linux and Kubernetes. This vulnerability allows a remote, unauthenticate… |
| CVE-2025-49060 | CRITICAL | 10.0 | 2025-10-22 | Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Wastia wastia allows Upload a Web Shell to a Web Server.This issue affects Wastia: from n/a … | |
| CVE-2025-48106 | CRITICAL | 10.0 | 2025-10-22 | Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1. | |
| CVE-2025-12004 | NONE | Patched | — | 2025-10-21 | Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Co… |
| CVE-2018-25118 | NONE | — | 2025-10-20 | GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to exe… | |
| CVE-2025-9574 | CRITICAL | 10.0 | 2025-10-20 | Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number fro… | |
| CVE-2025-62168 | CRITICAL | Patched | 10.0 | 2025-10-17 | Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. T… |
| CVE-2025-9265 | NONE | Patched | — | 2025-10-13 | A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing acti… |
| CVE-2025-3450 | CRITICAL | Patched | 10.0 | 2025-10-07 | An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based at… |
| CVE-2025-10363 | NONE | Patched | — | 2025-10-06 | Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.This issue affects at least Topal Fina… |
| CVE-2025-58384 | CRITICAL | Patched | 10.0 | 2025-09-26 | In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration … |
| CVE-2025-9846 | CRITICAL | Patched | 10.0 | 2025-09-23 | Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue af… |
| CVE-2025-9962 | NONE | — | 2025-09-23 | A buffer overflow vulnerability in Novakon P series allows attackers to gain root permission without prior authentication.This issue affects P series: P – V2001.A.C518o2 un… | |
| CVE-2025-9588 | CRITICAL | Patched | 10.0 | 2025-09-23 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command In… |
| CVE-2025-59528 | CRITICAL | Patched | 10.0 | 2025-09-22 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP nod… |
| CVE-2025-10035 | CRITICAL | Patched | 10.0 | 2025-09-18 | A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitra… |
| CVE-2025-41243 | CRITICAL | 10.0 | 2025-09-16 | Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following ar… | |
| CVE-2025-10264 | CRITICAL | 10.0 | 2025-09-12 | Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configur… | |
| CVE-2025-58321 | CRITICAL | Patched | 10.0 | 2025-09-11 | Delta Electronics DIALink has an Directory Traversal Authentication Bypass Vulnerability. |
| CVE-2025-55730 | CRITICAL | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… | |
| CVE-2025-55727 | CRITICAL | Patched | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… |
| CVE-2025-55728 | CRITICAL | Patched | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… |
| CVE-2025-55729 | CRITICAL | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing esc… | |
| CVE-2025-55051 | CRITICAL | 10.0 | 2025-09-09 | CWE-1392: Use of Default Credentials | |
| CVE-2025-54261 | CRITICAL | 10.0 | 2025-09-09 | ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability tha… |