31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 151–200 of 1,619 in KEV · page 4 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2025-3935 | ConnectWise ScreenConnect Improper Authentication Vulnerability KEVCVSS 7.2ConnectWise | ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allo… |
| CVE-2025-3928 | Commvault Web Server Unspecified Vulnerability KEVCVSS 8.8Commvault | Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells. |
| CVE-2025-38352 | Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability KEVCVSS 7.4Linux | Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability. |
| CVE-2025-37164 | Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability KEVCVSS 9.8Hewlett Packard Enterprise (HPE) | Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution. |
| CVE-2025-35939 | Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability KEVCVSS 5.3Craft CMS | Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce … |
| CVE-2025-34291 | Langflow Origin Validation Error Vulnerability KEVCVSS 8.8Langflow | Langflow contains an origin validation error vulnerability in which an overly permissive CORS configuration combined with a refresh token cookie configured as … |
| CVE-2025-34028 | Commvault Command Center Path Traversal Vulnerability KEVCVSS 10.0Commvault | Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code. |
| CVE-2025-34026 | Versa Concerto Improper Authentication Vulnerability KEVCVSS 7.5Versa | Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker… |
| CVE-2025-33073 | Microsoft Windows SMB Client Improper Access Control Vulnerability KEVCVSS 8.8Microsoft | Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially… |
| CVE-2025-33053 | Microsoft Windows External Control of File Name or Path Vulnerability KEVCVSS 8.8Microsoft | Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location sp… |
| CVE-2025-32975 | Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability KEVCVSS 10.0Quest | Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users with… |
| CVE-2025-32756 | Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute… |
| CVE-2025-32709 | Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to ad… |
| CVE-2025-32706 | Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privil… |
| CVE-2025-32701 | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. |
| CVE-2025-3248 | Langflow Missing Authentication Vulnerability KEVCVSS 9.8Langflow | Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitr… |
| CVE-2025-32463 | Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability KEVCVSS 7.8Sudo | Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo’s -R (-… |
| CVE-2025-32433 | Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability KEVCVSS 10.0Erlang | Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands … |
| CVE-2025-32432 | Craft CMS Code Injection Vulnerability KEVCVSS 10.0Craft CMS | Craft CMS contains a code injection vulnerability that allows a remote attacker to execute arbitrary code. |
| CVE-2025-31324 | SAP NetWeaver Unrestricted File Upload Vulnerability KEVCVSS 9.8SAP | SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially m… |
| CVE-2025-31277 | Apple Multiple Products Buffer Overflow Vulnerability KEVCVSS 8.8Apple | Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted we… |
| CVE-2025-31201 | Apple Multiple Products Arbitrary Read and Write Vulnerability KEVCVSS 9.8Apple | Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. |
| CVE-2025-31200 | Apple Multiple Products Memory Corruption Vulnerability KEVCVSS 9.8Apple | Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in … |
| CVE-2025-31161 | CrushFTP Authentication Bypass Vulnerability KEVCVSS 9.8CrushFTP | CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any … |
| CVE-2025-31125 | Vite Vitejs Improper Access Control Vulnerability KEVCVSS 7.5Vite | Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicit… |
| CVE-2025-30406 | Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability KEVCVSS 9.8Gladinet | Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState i… |
| CVE-2025-30400 | Microsoft Windows DWM Core Library Use-After-Free Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. |
| CVE-2025-30397 | Microsoft Windows Scripting Engine Type Confusion Vulnerability KEVCVSS 7.5Microsoft | Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially … |
| CVE-2025-30154 | reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability KEVCVSS 8.6reviewdog | reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs. |
| CVE-2025-30066 | tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability KEVCVSS 8.6tj-actions | tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Ac… |
| CVE-2025-29824 | Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. |
| CVE-2025-29635 | D-Link DIR-823X Command Injection Vulnerability KEVCVSS 7.2D-Link | D-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST… |
| CVE-2025-27920 | Srimax Output Messenger Directory Traversal Vulnerability KEVCVSS 8.8Srimax | Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentia… |
| CVE-2025-27915 | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability KEVCVSS 5.4Synacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization o… |
| CVE-2025-2783 | Google Chromium Mojo Sandbox Escape Vulnerability KEVCVSS 8.3Google | Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspe… |
| CVE-2025-2776 | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability KEVCVSS 9.8SysAid | SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for adminis… |
| CVE-2025-2775 | SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability KEVCVSS 7.5SysAid | SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administra… |
| CVE-2025-2749 | Kentico Xperience Path Traversal Vulnerability KEVCVSS 7.2Kentico | Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload arbitrary data to path relativ… |
| CVE-2025-2747 | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability KEVCVSS 9.8Kentico | Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative… |
| CVE-2025-2746 | Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability KEVCVSS 9.8Kentico | Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative… |
| CVE-2025-27363 | FreeType Out-of-Bounds Write Vulnerability KEVCVSS 8.1FreeType | FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that ma… |
| CVE-2025-27038 | Qualcomm Multiple Chipsets Use-After-Free Vulnerability KEVCVSS 7.5Qualcomm | Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU dr… |
| CVE-2025-26633 | Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability KEVCVSS 7.0Microsoft | Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature … |
| CVE-2025-26399 | SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability KEVCVSS 9.8SolarWinds | SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machin… |
| CVE-2025-25257 | Fortinet FortiWeb SQL Injection Vulnerability KEVCVSS 9.8Fortinet | Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HT… |
| CVE-2025-25181 | Advantive VeraCore SQL Injection Vulnerability KEVCVSS 7.5Advantive | Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1… |
| CVE-2025-24993 | Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code lo… |
| CVE-2025-24991 | Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability KEVCVSS 5.5Microsoft | Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information loc… |
| CVE-2025-24990 | Microsoft Windows Untrusted Pointer Dereference Vulnerability KEVCVSS 7.8Microsoft | Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully… |
| CVE-2025-24989 | Microsoft Power Pages Improper Access Control Vulnerability KEVCVSS 9.8Microsoft | Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially b… |