Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2012-10044 | NONE | — | 2025-08-08 | MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization chec… | |
| CVE-2012-10047 | NONE | — | 2025-08-08 | Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is … | |
| CVE-2025-53767 | CRITICAL | 10.0 | 2025-08-07 | Azure OpenAI Elevation of Privilege Vulnerability | |
| CVE-2013-10066 | NONE | — | 2025-08-05 | An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to… | |
| CVE-2013-10070 | NONE | — | 2025-08-05 | PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A… | |
| CVE-2012-10035 | NONE | — | 2025-08-05 | Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unau… | |
| CVE-2012-10025 | NONE | — | 2025-08-05 | The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP conf… | |
| CVE-2012-10026 | NONE | — | 2025-08-05 | The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly valid… | |
| CVE-2025-54253 | CRITICAL | Patched | 10.0 | 2025-08-05 | Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could lever… |
| CVE-2025-54119 | CRITICAL | Patched | 10.0 | 2025-08-05 | ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. In versions 5.22.9 and below, improper escaping of a query p… |
| CVE-2014-125121 | NONE | — | 2025-07-31 | Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH … | |
| CVE-2014-125123 | NONE | — | 2025-07-31 | An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-… | |
| CVE-2014-125124 | NONE | — | 2025-07-31 | An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port… | |
| CVE-2025-54419 | CRITICAL | Patched | 10.0 | 2025-07-28 | A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is di… |
| CVE-2025-5120 | CRITICAL | Patched | 10.0 | 2025-07-27 | A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote… |
| CVE-2014-125115 | NONE | — | 2025-07-25 | An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the… | |
| CVE-2025-5243 | CRITICAL | Patched | 10.0 | 2025-07-24 | Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SMG Software In… |
| CVE-2025-41240 | CRITICAL | 10.0 | 2025-07-24 | Three Bitnami Helm charts mount Kubernetes Secrets under a predictable path (/opt/bitnami/*/secrets) that is located within the web server document root. In affected versio… | |
| CVE-2025-4285 | CRITICAL | Patched | 10.0 | 2025-07-22 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This … |
| CVE-2025-54122 | CRITICAL | Patched | 10.0 | 2025-07-21 | Manager-io/Manager is accounting software. A critical unauthenticated full read Server-Side Request Forgery (SSRF) vulnerability has been identified in the proxy handler co… |
| CVE-2025-20337 | CRITICAL | 10.0 | 2025-07-16 | A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating syste… | |
| CVE-2025-34300 | NONE | — | 2025-07-16 | A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exp… | |
| CVE-2025-34112 | NONE | — | 2025-07-15 | An authenticated multi-stage remote code execution vulnerability exists in Riverbed SteelCentral NetProfiler and NetExpress 10.8.7 virtual appliances. A SQL injection vulne… | |
| CVE-2025-34105 | NONE | — | 2025-07-15 | A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from i… | |
| CVE-2025-53833 | CRITICAL | Patched | 10.0 | 2025-07-14 | LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Inje… |