Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
18,100 matching · page 265/362Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-53861(opens NVD record) | Low | 3.1 | A flaw was found in Ansible. Sensitive cookies without security flags over non-encrypted channels can lead to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks allowing attackers to read transmitted data. | Jul 11, 2025 |
| CVE-2025-6392(opens NVD record) | Medium | 4.4 | Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | Jul 10, 2025 |
| CVE-2025-6390(opens NVD record) | Medium | 4.4 | Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | Jul 10, 2025 |
| CVE-2025-4662(opens NVD record) | Medium | 4.4 | Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. | Jul 10, 2025 |
| CVE-2025-53503(opens NVD record) | High | 7.8 | Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | Jul 10, 2025 |
| CVE-2025-53378(opens NVD record) | High | 7.6 | A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only. | Jul 10, 2025 |
| CVE-2025-52837(opens NVD record) | High | 7.8 | Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation. | Jul 10, 2025 |
| CVE-2025-52521(opens NVD record) | High | 7.8 | Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | Jul 10, 2025 |
| CVE-2024-43394(opens NVD record) | High | 7.5 | Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via mod_rewrite or apache expressions that pass unvalidated request input. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63. Note: The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. The server offers limited protection against administrators directing the server to open UNC paths. Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication. | Jul 10, 2025 |
| CVE-2025-7365(opens NVD record) | High | 7.1 | A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account. | Jul 10, 2025 |
| CVE-2025-44251(opens NVD record) | High | 7.5 | Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process. | Jul 10, 2025 |
| CVE-2025-36090(opens NVD record) | Medium | 4.3 | IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to gather information for future attacks from a detailed technical error message. | Jul 10, 2025 |
| CVE-2024-39752(opens NVD record) | Medium | 6.8 | IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | Jul 10, 2025 |
| CVE-2024-38327(opens NVD record) | Medium | 6.8 | IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API. | Jul 10, 2025 |
| CVE-2024-37524(opens NVD record) | Medium | 5.3 | IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | Jul 10, 2025 |
| CVE-2025-7424(opens NVD record) | High | 7.5 | A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior. | Jul 10, 2025 |
| CVE-2024-36697(opens NVD record) | Medium | 6.1 | A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SessionID parameter at query.asp. | Jul 10, 2025 |
| CVE-2025-32990(opens NVD record) | Medium | 6.5 | A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. | Jul 10, 2025 |
| CVE-2025-38322(opens NVD record) | Medium | 5.5 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: <TASK> icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it. | Jul 10, 2025 |
| CVE-2025-32989(opens NVD record) | Medium | 5.3 | A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly. | Jul 10, 2025 |
| CVE-2025-32988(opens NVD record) | Medium | 6.5 | A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior. | Jul 10, 2025 |
| CVE-2025-36599(opens NVD record) | Medium | 4.3 | Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account. | Jul 9, 2025 |
| CVE-2025-44525(opens NVD record) | Medium | 6.5 | Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet. | Jul 9, 2025 |
| CVE-2025-44526(opens NVD record) | Medium | 6.5 | Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet. | Jul 9, 2025 |
| CVE-2025-2670(opens NVD record) | Medium | 4.3 | IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state. | Jul 9, 2025 |
| CVE-2025-1112(opens NVD record) | Medium | 4.3 | IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users. | Jul 9, 2025 |
| CVE-2025-47133(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47132(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47131(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47130(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47129(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47128(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47127(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47126(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47125(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47124(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47123(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47122(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47121(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47120(opens NVD record) | Medium | 5.5 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47119(opens NVD record) | Medium | 5.5 | Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47099(opens NVD record) | High | 7.8 | InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47098(opens NVD record) | High | 7.8 | InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-47097(opens NVD record) | High | 7.8 | InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2024-56468(opens NVD record) | High | 7.5 | IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service. | Jul 8, 2025 |
| CVE-2025-6759(opens NVD record) | High | 7.8 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | Jul 8, 2025 |
| CVE-2025-49532(opens NVD record) | High | 7.8 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49531(opens NVD record) | High | 7.8 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49530(opens NVD record) | High | 7.8 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |
| CVE-2025-49529(opens NVD record) | High | 7.8 | Illustrator versions 28.7.6, 29.5.1 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 8, 2025 |