Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 251–275 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2025-43700 | HIGH | 7.5 | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025. | |
| CVE-2025-43701 | HIGH | 7.5 | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254. | |
| CVE-2025-4577 | MEDIUM | Patched | 6.4 | 2025-06-10 | The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all… |
| CVE-2025-4774 | MEDIUM | Patched | 6.4 | 2025-06-10 | The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up t… |
| CVE-2025-49454 | HIGH | 8.1 | 2025-06-10 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt tinysalt allows PHP Local File I… | |
| CVE-2025-49455 | NONE | — | 2025-06-10 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Bli… | |
| CVE-2025-49507 | NONE | — | 2025-06-10 | Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1. | |
| CVE-2025-49509 | MEDIUM | 5.3 | 2025-06-10 | Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Level… | |
| CVE-2025-49510 | NONE | — | 2025-06-10 | Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request… | |
| CVE-2025-49511 | NONE | — | 2025-06-10 | Cross-Site Request Forgery (CSRF) vulnerability in uxper Civi Framework civi-framework allows Cross Site Request Forgery.This issue affects Civi Framework: from n/a through… | |
| CVE-2024-29198 | HIGH | Patched | 7.5 | 2025-06-10 | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. It possible to achieve Service Side Request Forgery (SSRF) … |
| CVE-2024-34711 | CRITICAL | Patched | 9.3 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacke… |
| CVE-2024-38524 | MEDIUM | Patched | 5.3 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPage(HttpServletRequest, HttpServle… |
| CVE-2024-40625 | MEDIUM | Patched | 5.5 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. The Coverage rest api /workspaces/{workspaceName}/coveragestores/{storeName}/{method… |
| CVE-2025-22455 | HIGH | Patched | 8.8 | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
| CVE-2025-22463 | HIGH | Patched | 7.3 | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. |
| CVE-2025-26394 | MEDIUM | Patched | 4.8 | 2025-06-10 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string t… |
| CVE-2025-26395 | HIGH | Patched | 7.1 | 2025-06-10 | SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authenticat… |
| CVE-2025-27505 | MEDIUM | Patched | 5.3 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. Th… |
| CVE-2025-30145 | HIGH | Patched | 7.5 | 2025-06-10 | GeoServer is an open source server that allows users to share and edit geospatial data. Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transfo… |
| CVE-2025-37100 | HIGH | 7.7 | 2025-06-10 | A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could a… | |
| CVE-2025-46612 | HIGH | Patched | 7.2 | 2025-06-10 | The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upl… |
| CVE-2025-5335 | HIGH | Patched | 7.8 | 2025-06-10 | A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autode… |
| CVE-2025-5353 | HIGH | Patched | 8.8 | 2025-06-10 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
| CVE-2024-41797 | MEDIUM | 4.3 | 2025-06-10 | A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324… |