Search
Search Results (311381 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3656 | 1 Redhat | 3 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On | 2025-09-23 | 8.1 High |
| A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. | ||||
| CVE-2025-8892 | 1 Autodesk | 1 Shared Components | 2025-09-23 | 7.8 High |
| A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2025-54236 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-09-23 | 9.1 Critical |
| Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. | ||||
| CVE-2025-55241 | 1 Microsoft | 1 Entra Id | 2025-09-23 | 10 Critical |
| Azure Entra Elevation of Privilege Vulnerability | ||||
| CVE-2025-59885 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59884 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59883 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59882 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59881 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59880 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59879 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59878 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59877 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59876 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59813 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59812 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2025-59811 | 2025-09-23 | N/A | ||
| Not used | ||||
| CVE-2024-37404 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-09-23 | 8.8 High |
| Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2020-26308 | 2 Ansman, Validatejs | 2 Validate.js, Validate.js | 2025-09-23 | 7.5 High |
| Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. | ||||
| CVE-2024-48910 | 2 Cure53, Redhat | 4 Dompurify, Advanced Cluster Security, Openshift and 1 more | 2025-09-23 | 9.1 Critical |
| DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2. | ||||