Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 176–200 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2025-30515 | CRITICAL | Patched | 9.8 | 2025-06-09 | CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system. |
| CVE-2025-5901 | HIGH | 8.8 | 2025-06-09 | A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cste… | |
| CVE-2025-5902 | HIGH | 8.8 | 2025-06-09 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the comp… | |
| CVE-2025-0036 | LOW | 3.2 | 2025-06-10 | In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to… | |
| CVE-2025-0037 | MEDIUM | 6.6 | 2025-06-10 | In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected me… | |
| CVE-2025-5903 | HIGH | 8.8 | 2025-06-10 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the… | |
| CVE-2025-5904 | HIGH | 8.8 | 2025-06-10 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bi… | |
| CVE-2025-5905 | HIGH | 8.8 | 2025-06-10 | A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been rated as critical. Affected by this issue is the function setWiFiRepeaterCfg of the file /cgi-bin/cstecg… | |
| CVE-2025-23192 | HIGH | 8.2 | 2025-06-10 | SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses… | |
| CVE-2025-31325 | MEDIUM | 5.8 | 2025-06-10 | Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page thr… | |
| CVE-2025-42977 | HIGH | 7.6 | 2025-06-10 | SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows … | |
| CVE-2025-42982 | HIGH | 8.8 | 2025-06-10 | SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high… | |
| CVE-2025-42983 | HIGH | 8.5 | 2025-06-10 | SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering th… | |
| CVE-2025-42984 | MEDIUM | 5.4 | 2025-06-10 | SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function … | |
| CVE-2025-42987 | MEDIUM | 4.3 | 2025-06-10 | SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missin… | |
| CVE-2025-42988 | LOW | 3.7 | 2025-06-10 | Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by spec… | |
| CVE-2025-42989 | CRITICAL | 9.6 | 2025-06-10 | RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the atta… | |
| CVE-2025-42990 | LOW | 3.0 | 2025-06-10 | Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker con… | |
| CVE-2025-42991 | MEDIUM | 4.3 | 2025-06-10 | SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account … | |
| CVE-2025-42993 | MEDIUM | 6.7 | 2025-06-10 | Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create a… | |
| CVE-2025-42994 | HIGH | 7.5 | 2025-06-10 | SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would … | |
| CVE-2025-42995 | HIGH | 7.5 | 2025-06-10 | SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then f… | |
| CVE-2025-42996 | MEDIUM | 5.6 | 2025-06-10 | SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access o… | |
| CVE-2025-42998 | MEDIUM | 5.3 | 2025-06-10 | The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted p… | |
| CVE-2025-5906 | HIGH | 7.3 | 2025-06-10 | A vulnerability classified as critical has been found in code-projects Laundry System 1.0. This affects an unknown part of the file /data/. The manipulation leads to missin… |