Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 276–300 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-42944 | CRITICAL | 10.0 | 2025-09-09 | Due to a deserialization vulnerability in SAP NetWeaver, an unauthenticated attacker could exploit the system through the RMI-P4 module by submitting malicious payload to a… | |
| CVE-2025-58367 | NONE | Patched | — | 2025-09-05 | DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class construct… |
| CVE-2025-54914 | CRITICAL | 10.0 | 2025-09-04 | Azure Networking Elevation of Privilege Vulnerability | |
| CVE-2025-55241 | CRITICAL | 10.0 | 2025-09-04 | Azure Entra ID Elevation of Privilege Vulnerability | |
| CVE-2010-10016 | NONE | — | 2025-08-30 | BS.Player version 2.57 (build 1051) contains a vulnerability in its playlist import functionality. When processing .m3u files, the application fails to properly validate th… | |
| CVE-2009-20011 | NONE | — | 2025-08-30 | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads… | |
| CVE-2025-34160 | NONE | — | 2025-08-27 | AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service… | |
| CVE-2025-34163 | NONE | — | 2025-08-27 | Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An a… | |
| CVE-2024-13980 | NONE | — | 2025-08-27 | H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper … | |
| CVE-2024-13981 | NONE | — | 2025-08-27 | LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.d… | |
| CVE-2024-13984 | NONE | — | 2025-08-27 | QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attack… | |
| CVE-2024-13985 | NONE | — | 2025-08-27 | A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handl… | |
| CVE-2023-7309 | NONE | — | 2025-08-27 | A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), af… | |
| CVE-2025-9118 | NONE | — | 2025-08-25 | A path traversal vulnerability in the NPM package installation process of Google Cloud Dataform allows a remote attacker to read and write files in other customers' reposit… | |
| CVE-2022-31491 | CRITICAL | Patched | 10.0 | 2025-08-22 | Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via… |
| CVE-2025-43300 | CRITICAL | Patched | 10.0 | 2025-08-21 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 an… |
| CVE-2025-49410 | CRITICAL | 10.0 | 2025-08-20 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imran Emu TC Testimonials allows Stored XSS. This issue affects TC Tes… | |
| CVE-2025-49408 | CRITICAL | 10.0 | 2025-08-20 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a t… | |
| CVE-2025-50567 | CRITICAL | 10.0 | 2025-08-19 | Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interp… | |
| CVE-2025-20265 | CRITICAL | 10.0 | 2025-08-14 | A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject a… | |
| CVE-2012-10058 | NONE | — | 2025-08-13 | RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploi… | |
| CVE-2011-10017 | NONE | — | 2025-08-13 | Snort Report versions < 1.3.2 contains a remote command execution vulnerability in the nmap.php and nbtscan.php scripts. These scripts fail to properly sanitize user input … | |
| CVE-2011-10011 | NONE | — | 2025-08-13 | WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly in… | |
| CVE-2011-10013 | NONE | — | 2025-08-13 | Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a… | |
| CVE-2025-34153 | NONE | — | 2025-08-13 | Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET … |