Search
Search Results (318433 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36096 | 1 Ibm | 2 Aix, Vios | 2025-11-15 | 9 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques. | ||||
| CVE-2025-36251 | 1 Ibm | 2 Aix, Vios | 2025-11-15 | 9.6 Critical |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347. | ||||
| CVE-2024-7017 | 1 Google | 1 Chrome | 2025-11-15 | 7.5 High |
| Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9126 | 2 Apple, Google | 2 Ios, Chrome | 2025-11-15 | 7.5 High |
| Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2025-3416 | 1 Redhat | 5 Directory Server, Enterprise Linux, Openshift and 2 more | 2025-11-15 | 3.7 Low |
| A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | ||||
| CVE-2025-65072 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65071 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65070 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65069 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65068 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65067 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65066 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65065 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65064 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2023-6596 | 1 Redhat | 1 Openshift | 2025-11-15 | 7.5 High |
| An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers. | ||||
| CVE-2025-11188 | 1 Synchroweb | 1 Kiwire | 2025-11-14 | 7.3 High |
| The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database. | ||||
| CVE-2025-10988 | 2 Iocoder, Ruoyi | 3 Ruoyi-vue-pro, Ruoyi, Ruoyi-vue | 2025-11-14 | 6.3 Medium |
| A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10987 | 2 Iocoder, Yunaiv | 2 Yudao-cloud, Yudao-cloud | 2025-11-14 | 6.3 Medium |
| A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-20338 | 1 Cisco | 2 Ios Xe, Ios Xe Software | 2025-11-14 | 6 Medium |
| A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. | ||||
| CVE-2025-26399 | 1 Solarwinds | 1 Web Help Desk | 2025-11-14 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | ||||