Search

Search Results (314872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-54889 1 Centreon 2 Centreon, Centreon Web 2025-10-21 6.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
CVE-2025-54891 1 Centreon 2 Centreon, Centreon Web 2025-10-21 6.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13, from 24.04.0 before 24.04.18, from 23.10.0 before 23.10.28.
CVE-2025-59483 1 F5 22 Big-ip, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 19 more 2025-10-21 6.5 Medium
A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-22225 1 Vmware 4 Cloud Foundation, Esxi, Telco Cloud Infrastructure and 1 more 2025-10-21 8.2 High
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
CVE-2025-22226 1 Vmware 6 Cloud Foundation, Esxi, Fusion and 3 more 2025-10-21 7.1 High
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
CVE-2025-1316 1 Edimax 2 Ic-7100, Ic-7100 Firmware 2025-10-21 9.8 Critical
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
CVE-2025-24813 4 Apache, Debian, Netapp and 1 more 7 Tomcat, Debian Linux, Bootstrap Os and 4 more 2025-10-21 9.8 Critical
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.
CVE-2025-27363 3 Debian, Freetype, Redhat 9 Debian Linux, Freetype, Enterprise Linux and 6 more 2025-10-21 8.1 High
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
CVE-2024-54085 2 Ami, Netapp 19 Megarac Sp-x, H300s, H300s Firmware and 16 more 2025-10-21 9.8 Critical
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
CVE-2025-24054 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-10-21 6.5 Medium
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-24983 1 Microsoft 5 Windows 10 1507, Windows 10 1607, Windows Server 2008 and 2 more 2025-10-21 7 High
Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2025-24984 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-10-21 4.6 Medium
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
CVE-2025-24985 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-10-21 7.8 High
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
CVE-2025-24991 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-10-21 5.5 Medium
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
CVE-2025-24993 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-10-21 7.8 High
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2025-26633 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-10-21 7 High
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-24201 2 Apple, Redhat 12 Ipados, Iphone Os, Macos and 9 more 2025-10-21 7.1 High
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
CVE-2025-27915 1 Zimbra 1 Collaboration 2025-10-21 5.4 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.
CVE-2025-21590 1 Juniper 1 Junos 2025-10-21 4.4 Medium
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS:  * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10,  * 22.2 versions before 22.2R3-S6,  * 22.4 versions before 22.4R3-S6,  * 23.2 versions before 23.2R2-S3,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2.
CVE-2025-30066 1 Tj-actions 1 Changed-files 2025-10-21 8.6 High
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.)