Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
18,100 matching · page 255/362Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-49758(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | Aug 12, 2025 |
| CVE-2025-49757(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | Aug 12, 2025 |
| CVE-2025-49755(opens NVD record) | Medium | 4.3 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | Aug 12, 2025 |
| CVE-2025-49751(opens NVD record) | Medium | 6.8 | Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. | Aug 12, 2025 |
| CVE-2025-49745(opens NVD record) | Medium | 5.4 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to perform spoofing over a network. | Aug 12, 2025 |
| CVE-2025-49743(opens NVD record) | Medium | 6.7 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-49736(opens NVD record) | Medium | 4.3 | The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | Aug 12, 2025 |
| CVE-2025-49712(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Aug 12, 2025 |
| CVE-2025-49707(opens NVD record) | High | 7.9 | Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. | Aug 12, 2025 |
| CVE-2025-48807(opens NVD record) | Medium | 6.7 | Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-47954(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | Aug 12, 2025 |
| CVE-2025-33051(opens NVD record) | High | 7.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network. | Aug 12, 2025 |
| CVE-2025-25007(opens NVD record) | Medium | 5.3 | Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Aug 12, 2025 |
| CVE-2025-25006(opens NVD record) | Medium | 5.3 | Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Aug 12, 2025 |
| CVE-2025-25005(opens NVD record) | Medium | 6.5 | Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network. | Aug 12, 2025 |
| CVE-2025-24999(opens NVD record) | High | 8.8 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | Aug 12, 2025 |
| CVE-2025-49568(opens NVD record) | Medium | 5.5 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-49567(opens NVD record) | Medium | 5.5 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-49564(opens NVD record) | High | 7.8 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-49563(opens NVD record) | High | 7.8 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Aug 12, 2025 |
| CVE-2025-8310(opens NVD record) | Medium | 6.5 | Missing authorization in the admin console of Ivanti Virtual Application Delivery Controller before version 22.9 allows a remote authenticated attacker to take over admin accounts by resetting the password | Aug 12, 2025 |
| CVE-2025-8297(opens NVD record) | High | 7.2 | Incomplete restriction of configuration in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to achieve remote code execution | Aug 12, 2025 |
| CVE-2025-8296(opens NVD record) | High | 7.2 | SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to remote code execution | Aug 12, 2025 |
| CVE-2025-5468(opens NVD record) | Medium | 5.5 | Improper handling of symbolic links in Ivanti Connect Secure before version 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a local authenticated attacker to read arbitrary files on disk. | Aug 12, 2025 |
| CVE-2025-5466(opens NVD record) | Medium | 4.9 | XEE in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote authenticated attacker with admin privileges to trigger a denial of service | Aug 12, 2025 |
| CVE-2025-5462(opens NVD record) | High | 7.5 | A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. | Aug 12, 2025 |
| CVE-2025-5456(opens NVD record) | High | 7.5 | A buffer over-read vulnerability in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025) allows a remote unauthenticated attacker to trigger a denial of service. CWE-125 | Aug 12, 2025 |
| CVE-2025-3831(opens NVD record) | High | 8.1 | Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties. | Aug 12, 2025 |
| CVE-2025-26398(opens NVD record) | Medium | 5.6 | SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This vulnerability requires additional software not installed by default, local access to the server and administrator level privileges on the host. | Aug 12, 2025 |
| CVE-2025-8852(opens NVD record) | Medium | 4.3 | A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/upload of the component API Response Handler. The manipulation leads to information exposure through error message. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | Aug 11, 2025 |
| CVE-2025-8661(opens NVD record) | Medium | 6.1 | A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user. | Aug 11, 2025 |
| CVE-2025-8660(opens NVD record) | Critical | 9.8 | Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. | Aug 11, 2025 |
| CVE-2025-8732(opens NVD record) | Low | 3.3 | A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains, that "[t]he issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. I also doubt that anyone is still using SGML catalogs at all." | Aug 8, 2025 |
| CVE-2025-36119(opens NVD record) | High | 7.1 | IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions in DCM as an administrator. | Aug 8, 2025 |
| CVE-2025-36023(opens NVD record) | Medium | 6.5 | IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key. | Aug 8, 2025 |
| CVE-2025-8088(opens NVD record) | High | 8.8 | A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. | Aug 8, 2025 |
| CVE-2024-58257(opens NVD record) | Medium | 5.7 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | Aug 8, 2025 |
| CVE-2024-58256(opens NVD record) | Medium | 4.5 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | Aug 8, 2025 |
| CVE-2024-58255(opens NVD record) | Medium | 5.0 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution. | Aug 8, 2025 |
| CVE-2025-53792(opens NVD record) | Critical | 9.1 | Azure Portal Elevation of Privilege Vulnerability | Aug 7, 2025 |
| CVE-2025-53787(opens NVD record) | High | 8.2 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | Aug 7, 2025 |
| CVE-2025-53774(opens NVD record) | Medium | 6.5 | Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | Aug 7, 2025 |
| CVE-2025-53767(opens NVD record) | Critical | 10.0 | Azure OpenAI Elevation of Privilege Vulnerability | Aug 7, 2025 |
| CVE-2025-26513(opens NVD record) | High | 7.0 | The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. | Aug 7, 2025 |
| CVE-2025-55077(opens NVD record) | High | 7.4 | Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01. | Aug 7, 2025 |
| CVE-2025-51629(opens NVD record) | High | 8.8 | A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter. | Aug 7, 2025 |
| CVE-2024-56339(opens NVD record) | Low | 3.7 | IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. | Aug 7, 2025 |
| CVE-2024-55401(opens NVD record) | Medium | 6.5 | An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal. | Aug 7, 2025 |
| CVE-2024-52680(opens NVD record) | Medium | 6.1 | EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. | Aug 7, 2025 |
| CVE-2025-8583(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Aug 7, 2025 |