Search
Search Results (318395 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7017 | 1 Google | 1 Chrome | 2025-11-15 | 7.5 High |
| Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9126 | 2 Apple, Google | 2 Ios, Chrome | 2025-11-15 | 7.5 High |
| Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium) | ||||
| CVE-2025-3416 | 1 Redhat | 5 Directory Server, Enterprise Linux, Openshift and 2 more | 2025-11-15 | 3.7 Low |
| A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | ||||
| CVE-2025-65072 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65071 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65070 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65069 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65068 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65067 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65066 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65065 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-65064 | 2025-11-15 | N/A | ||
| Not used | ||||
| CVE-2025-54236 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2025-11-15 | 9.1 Critical |
| Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-6596 | 1 Redhat | 1 Openshift | 2025-11-15 | 7.5 High |
| An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers. | ||||
| CVE-2025-11188 | 1 Synchroweb | 1 Kiwire | 2025-11-14 | 7.3 High |
| The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database. | ||||
| CVE-2025-10988 | 2 Iocoder, Ruoyi | 3 Ruoyi-vue-pro, Ruoyi, Ruoyi-vue | 2025-11-14 | 6.3 Medium |
| A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10987 | 2 Iocoder, Yunaiv | 2 Yudao-cloud, Yudao-cloud | 2025-11-14 | 6.3 Medium |
| A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-20338 | 1 Cisco | 2 Ios Xe, Ios Xe Software | 2025-11-14 | 6 Medium |
| A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root. | ||||
| CVE-2025-26399 | 1 Solarwinds | 1 Web Help Desk | 2025-11-14 | 9.8 Critical |
| SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patch bypass of CVE-2024-28986. | ||||
| CVE-2025-10387 | 1 Codesiddhant | 1 Jasmin Ransomware | 2025-11-14 | 6.3 Medium |
| A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||