Search
Search Results (311331 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54236 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-09-23 | 9.1 Critical |
| Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-55241 | 1 Microsoft | 1 Entra Id | 2025-09-23 | 10 Critical |
| Azure Entra Elevation of Privilege Vulnerability | ||||
| CVE-2025-59885 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59884 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59883 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59882 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59881 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59880 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59879 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59878 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59877 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59876 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59813 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59812 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59811 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-58915 | 2025-09-23 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Showcase: from n/a through 3.5.0. | ||||
| CVE-2025-10828 | 2025-09-23 | 6.3 Medium | ||
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2024-37404 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-09-23 | 8.8 High |
| Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2020-26308 | 2 Ansman, Validatejs | 2 Validate.js, Validate.js | 2025-09-23 | 7.5 High |
| Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | ||||
| CVE-2024-48910 | 2 Cure53, Redhat | 4 Dompurify, Advanced Cluster Security, Openshift and 1 more | 2025-09-23 | 9.1 Critical |
| DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. | ||||