31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 101–150 of 1,619 in KEV · page 3 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2025-59230 | Microsoft Windows Improper Access Control Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to ele… |
| CVE-2025-58360 | OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability KEVCVSS 9.8OSGeo | OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a sp… |
| CVE-2025-58034 | Fortinet FortiWeb OS Command Injection Vulnerability KEVCVSS 7.2Fortinet | Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system… |
| CVE-2025-57819 | Sangoma FreePBX Authentication Bypass Vulnerability KEVCVSS 9.8Sangoma | Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Adm… |
| CVE-2025-5777 | Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability KEVCVSS 7.5Citrix | Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overre… |
| CVE-2025-55182 | Meta React Server Components Remote Code Execution Vulnerability KEVCVSS 10.0Meta | Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how … |
| CVE-2025-55177 | Meta Platforms WhatsApp Incorrect Authorization Vulnerability KEVCVSS 5.4Meta Platforms | Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vu… |
| CVE-2025-54948 | Trend Micro Apex One OS Command Injection Vulnerability KEVCVSS 9.8Trend Micro | Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upl… |
| CVE-2025-54313 | Prettier eslint-config-prettier Embedded Malicious Code Vulnerability KEVCVSS 7.5Prettier | Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the… |
| CVE-2025-54309 | CrushFTP Unprotected Alternate Channel Vulnerability KEVCVSS 9.8CrushFTP | CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows rem… |
| CVE-2025-54253 | Adobe Experience Manager Forms Code Execution Vulnerability KEVCVSS 10.0Adobe | Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution. |
| CVE-2025-54236 | Adobe Commerce and Magento Improper Input Validation Vulnerability KEVCVSS 9.1Adobe | Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through t… |
| CVE-2025-5419 | Google Chromium V8 Out-of-Bounds Read and Write Vulnerability KEVCVSS 8.8Google | Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a craft… |
| CVE-2025-54068 | Laravel Livewire Code Injection Vulnerability KEVCVSS 9.8Laravel | Laravel Livewire contain a code injection vulnerability that could allow unauthenticated attackers to achieve remote command execution in specific scenarios. |
| CVE-2025-53770 | Microsoft SharePoint Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8Microsoft | Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code ov… |
| CVE-2025-53690 | Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability KEVCVSS 9.0Sitecore | Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerabili… |
| CVE-2025-53521 | F5 BIG-IP Stack-Based Buffer Overflow Vulnerability KEVCVSS 9.8F5 | F5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution. |
| CVE-2025-52691 | SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability KEVCVSS 10.0SmarterTools | SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbit… |
| CVE-2025-5086 | Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability KEVCVSS 9.0Dassault Systèmes | Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution. |
| CVE-2025-49706 | Microsoft SharePoint Improper Authentication Vulnerability KEVCVSS 6.5Microsoft | Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully expl… |
| CVE-2025-49704 | Microsoft SharePoint Code Injection Vulnerability KEVCVSS 8.8Microsoft | Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could b… |
| CVE-2025-49113 | RoundCube Webmail Deserialization of Untrusted Data Vulnerability KEVCVSS 8.8Roundcube | RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from paramet… |
| CVE-2025-48928 | TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability KEVCVSS 4.0TeleMessage | TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in… |
| CVE-2025-48927 | TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability KEVCVSS 5.3TeleMessage | TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator … |
| CVE-2025-48703 | CWP Control Web Panel OS Command Injection Vulnerability KEVCVSS 9.0CWP | CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell me… |
| CVE-2025-48700 | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability KEVCVSS 6.1Synacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the us… |
| CVE-2025-48633 | Android Framework Information Disclosure Vulnerability KEVCVSS 5.5Android | Android Framework contains an unspecified vulnerability that allows for information disclosure. |
| CVE-2025-48595 | Android Framework Integer Overflow Vulnerability KEVCVSS 8.4Android | Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation. |
| CVE-2025-48572 | Android Framework Privilege Escalation Vulnerability KEVCVSS 7.8Android | Android Framework contains an unspecified vulnerability that allows for privilege escalation. |
| CVE-2025-48543 | Android Runtime Use-After-Free Vulnerability KEVCVSS 8.8Android | Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation. |
| CVE-2025-48384 | Git Link Following Vulnerability KEVCVSS 8.0Git | Git contains a link following vulnerability that stems from Git’s inconsistent handling of carriage return characters in configuration files. |
| CVE-2025-47827 | IGEL OS Use of a Key Past its Expiration Date Vulnerability KEVCVSS 4.6IGEL | IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a c… |
| CVE-2025-47813 | Wing FTP Server Information Disclosure Vulnerability KEVCVSS 4.3Wing FTP Server | Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie. |
| CVE-2025-47812 | Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability KEVCVSS 10.0Wing FTP Server | Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user sessio… |
| CVE-2025-47729 | TeleMessage TM SGNL Hidden Functionality Vulnerability KEVCVSS 4.9TeleMessage | TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application us… |
| CVE-2025-4632 | Samsung MagicINFO 9 Server Path Traversal Vulnerability KEVCVSS 9.8Samsung | Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority. |
| CVE-2025-4428 | Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability KEVCVSS 8.8Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute ar… |
| CVE-2025-4427 | Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability KEVCVSS 7.5Ivanti | Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resource… |
| CVE-2025-43529 | Apple Multiple Products Use-After-Free WebKit Vulnerability KEVCVSS 8.8Apple | Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to mem… |
| CVE-2025-43520 | Apple Multiple Products Classic Buffer Overflow Vulnerability KEVCVSS 5.5Apple | Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpe… |
| CVE-2025-43510 | Apple Multiple Products Improper Locking Vulnerability KEVCVSS 7.8Apple | Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected ch… |
| CVE-2025-43300 | Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability KEVCVSS 10.0Apple | Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework. |
| CVE-2025-43200 | Apple Multiple Products Unspecified Vulnerability KEVCVSS 4.2Apple | Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud… |
| CVE-2025-42999 | SAP NetWeaver Deserialization Vulnerability KEVCVSS 9.1SAP | SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, i… |
| CVE-2025-42599 | Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability KEVCVSS 9.8Qualitia | Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a den… |
| CVE-2025-41244 | Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability KEVCVSS 7.8Broadcom | Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative… |
| CVE-2025-40602 | SonicWall SMA1000 Missing Authorization Vulnerability KEVCVSS 6.6SonicWall | SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devic… |
| CVE-2025-40551 | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8SolarWinds | SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to … |
| CVE-2025-40536 | SolarWinds Web Help Desk Security Control Bypass Vulnerability KEVCVSS 9.8SolarWinds | SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted fun… |
| CVE-2025-4008 | Smartbedded Meteobridge Command Injection Vulnerability KEVCVSS 8.8Smartbedded | Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with e… |