Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 201–225 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS ↓ | Published | Description |
|---|---|---|---|---|---|
| CVE-2025-67109 | CRITICAL | Patched | 10.0 | 2025-12-23 | Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges. |
| CVE-2025-67108 | CRITICAL | 10.0 | 2025-12-23 | eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections. | |
| CVE-2025-67288 | CRITICAL | 10.0 | 2025-12-22 | An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supp… | |
| CVE-2025-65037 | CRITICAL | 10.0 | 2025-12-18 | Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network. | |
| CVE-2025-65041 | CRITICAL | 10.0 | 2025-12-18 | Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2025-62521 | CRITICAL | Patched | 10.0 | 2025-12-17 | ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows u… |
| CVE-2025-20393 | CRITICAL | Patched | 10.0 | 2025-12-17 | A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticate… |
| CVE-2025-44005 | CRITICAL | 10.0 | 2025-12-17 | An attacker can bypass authorization checks and force a Step CA ACME or SCEP provisioner to create certificates without completing certain protocol authorization checks. | |
| CVE-2025-63414 | CRITICAL | 10.0 | 2025-12-16 | A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a cra… | |
| CVE-2025-37164 | CRITICAL | Patched | 10.0 | 2025-12-16 | A remote code execution issue exists in HPE OneView. |
| CVE-2025-64721 | CRITICAL | Patched | 10.0 | 2025-12-11 | Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe… |
| CVE-2025-66570 | CRITICAL | Patched | 10.0 | 2025-12-05 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP headers to influence serv… |
| CVE-2025-55182 | CRITICAL | Patched | 10.0 | 2025-12-03 | A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: rea… |
| CVE-2025-13390 | CRITICAL | Patched | 10.0 | 2025-12-03 | The WP Directory Kit plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.4.4 due to incorrect implementation of the authenti… |
| CVE-2025-63531 | CRITICAL | 10.0 | 2025-12-01 | A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplie… | |
| CVE-2025-64126 | CRITICAL | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a vali… | |
| CVE-2025-64127 | CRITICAL | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into … | |
| CVE-2025-64128 | CRITICAL | 10.0 | 2025-11-26 | An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could per… | |
| CVE-2025-65108 | CRITICAL | Patched | 10.0 | 2025-11-21 | md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScri… |
| CVE-2025-41115 | CRITICAL | Patched | 10.0 | 2025-11-21 | SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated us… |
| CVE-2025-49752 | CRITICAL | 10.0 | 2025-11-20 | Azure Bastion Elevation of Privilege Vulnerability | |
| CVE-2025-63224 | CRITICAL | 10.0 | 2025-11-19 | The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtai… | |
| CVE-2025-63216 | CRITICAL | 10.0 | 2025-11-18 | The Itel DAB Gateway (IDGat build c041640a) is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obta… | |
| CVE-2025-58083 | CRITICAL | 10.0 | 2025-11-15 | General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device. | |
| CVE-2025-54339 | CRITICAL | Patched | 10.0 | 2025-11-14 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of … |