Search
Search Results (323568 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53949 | 1 Fortinet | 1 Fortisandbox | 2025-12-10 | 7 High |
| An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests. | ||||
| CVE-2025-53679 | 1 Fortinet | 3 Fortisandbox Paas, Fortisandbox, Fortisandboxcloud | 2025-12-10 | 6.9 Medium |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSandbox version 5.0.0 through 5.0.2 and before 4.4.7 GUI allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | ||||
| CVE-2025-59719 | 1 Fortinet | 1 Fortiweb | 2025-12-10 | 9.1 Critical |
| An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | ||||
| CVE-2025-12946 | 1 Netgear | 17 Mr90, Ms90, Rax35v2 and 14 more | 2025-12-10 | N/A |
| A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. | ||||
| CVE-2025-42880 | 1 Sap | 1 Solution Manager | 2025-12-10 | 9.9 Critical |
| Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system. | ||||
| CVE-2025-42928 | 1 Sap | 1 Jconnect | 2025-12-10 | 9.1 Critical |
| Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. The system may be vulnerable when specially crafted input is used to exploit the vulnerability resulting in high impact on confidentiality, integrity and availability of the system. | ||||
| CVE-2025-67613 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67612 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67611 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67610 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67609 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67608 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67607 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67606 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67605 | 2025-12-10 | N/A | ||
| Not used | ||||
| CVE-2025-67503 | 2025-12-10 | N/A | ||
| This CVE is a duplicate of another CVE. | ||||
| CVE-2024-30098 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-12-09 | 7.5 High |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
| CVE-2024-30105 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2025-12-09 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-38095 | 2 Microsoft, Redhat | 5 .net, Powershell, Visual Studio and 2 more | 2025-12-09 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-38156 | 1 Microsoft | 2 Edge, Edge Chromium | 2025-12-09 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||