31,200 indexed
CVECVE vulnerabilities
31,200 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
32 in Medium · 31,200 total
| ID | Title | Summary |
|---|---|---|
| CVE-2026-42897 | CVE-2026-42897 KEVCVSS 8.1microsoft | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform sp… |
| CVE-2026-34926 | Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability KEVCVSS 6.7Trend Micro | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the… |
| CVE-2026-32202 | Microsoft Windows Protection Mechanism Failure Vulnerability KEVCVSS 4.3Microsoft | Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2026-32201 | Microsoft SharePoint Server Improper Input Validation Vulnerability KEVCVSS 6.5Microsoft | Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2026-21525 | Microsoft Windows NULL Pointer Dereference Vulnerability KEVCVSS 6.2Microsoft | Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. |
| CVE-2026-20805 | Microsoft Windows Information Disclosure Vulnerability KEVCVSS 5.5Microsoft | Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally. |
| CVE-2026-20122 | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability KEVCVSS 5.4Cisco | Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected syst… |
| CVE-2025-68461 | RoundCube Webmail Cross-site Scripting Vulnerability KEVCVSS 6.1Roundcube | RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document. |
| CVE-2025-66376 | Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability KEVCVSS 6.1Synacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CS… |
| CVE-2025-59689 | Libraesva Email Security Gateway Command Injection Vulnerability KEVCVSS 6.1Libraesva | Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment. |
| CVE-2025-55177 | Meta Platforms WhatsApp Incorrect Authorization Vulnerability KEVCVSS 5.4Meta Platforms | Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vu… |
| CVE-2025-49706 | Microsoft SharePoint Improper Authentication Vulnerability KEVCVSS 6.5Microsoft | Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully expl… |
| CVE-2025-48928 | TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability KEVCVSS 4.0TeleMessage | TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in… |
| CVE-2025-48927 | TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability KEVCVSS 5.3TeleMessage | TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator … |
| CVE-2025-48700 | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability KEVCVSS 6.1Synacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the us… |
| CVE-2025-48633 | Android Framework Information Disclosure Vulnerability KEVCVSS 5.5Android | Android Framework contains an unspecified vulnerability that allows for information disclosure. |
| CVE-2025-47827 | IGEL OS Use of a Key Past its Expiration Date Vulnerability KEVCVSS 4.6IGEL | IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a c… |
| CVE-2025-47813 | Wing FTP Server Information Disclosure Vulnerability KEVCVSS 4.3Wing FTP Server | Wing FTP Server contains a generation of error message containing sensitive information vulnerability when using a long value in the UID cookie. |
| CVE-2025-47729 | TeleMessage TM SGNL Hidden Functionality Vulnerability KEVCVSS 4.9TeleMessage | TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application us… |
| CVE-2025-43520 | Apple Multiple Products Classic Buffer Overflow Vulnerability KEVCVSS 5.5Apple | Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpe… |
| CVE-2025-43200 | Apple Multiple Products Unspecified Vulnerability KEVCVSS 4.2Apple | Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud… |
| CVE-2025-40602 | SonicWall SMA1000 Missing Authorization Vulnerability KEVCVSS 6.6SonicWall | SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devic… |
| CVE-2025-35939 | Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability KEVCVSS 5.3Craft CMS | Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce … |
| CVE-2025-27915 | Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability KEVCVSS 5.4Synacor | Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization o… |
| CVE-2025-24991 | Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability KEVCVSS 5.5Microsoft | Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information loc… |
| CVE-2025-24984 | Microsoft Windows NTFS Information Disclosure Vulnerability KEVCVSS 4.6Microsoft | Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized atta… |
| CVE-2025-24200 | Apple iOS and iPadOS Incorrect Authorization Vulnerability KEVCVSS 6.1Apple | Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device. |
| CVE-2025-24054 | Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability KEVCVSS 5.4Microsoft | Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network. |
| CVE-2025-22226 | VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability KEVCVSS 6.0VMware | VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an at… |
| CVE-2025-21590 | Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability KEVCVSS 4.4Juniper | Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to… |
| CVE-2025-1976 | Broadcom Brocade Fabric OS Code Injection Vulnerability KEVCVSS 6.7Broadcom | Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full … |
| CVE-2025-0111 | Palo Alto Networks PAN-OS File Read Vulnerability KEVCVSS 6.5Palo Alto Networks | Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with netwo… |