Total CVEs

142,750

Critical Severity

4,026

High Severity

14,425

Last 7 Days

1,377
Quick preset (or use dates below)
Clear Filters
Showing 14,321 - 14,340 of 14,425 CVEs
CVE-2025-57403 HIGH - 7.5

Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the...

Vendor: abelche
Product: cola_dnslog
Published: Dec 26, 2025
Source: NVD
CVE-2025-64645 HIGH - 7.4

IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.

Vendor: ibm
Product: concert
Published: Dec 26, 2025
Source: NVD
CVE-2025-25341 HIGH - 7.5

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).

Vendor: libxmljs_project
Product: libxmljs
Published: Dec 26, 2025
Source: NVD
CVE-2025-36192 HIGH - 7.1

IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW update permissions to delete or corrupt backups due to missing authorization in IBM Safeguarded Copy /...

Vendor: ibm
Product: ds8a00_firmware
Published: Dec 26, 2025
Source: NVD
CVE-2025-1721 HIGH - 7.5

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

Vendor: ibm
Product: concert
Published: Dec 26, 2025
Source: NVD
CVE-2025-12771 HIGH - 7.8

IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

Vendor: ibm
Product: concert
Published: Dec 26, 2025
Source: NVD
CVE-2025-67450 HIGH - 7.8

Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Published: Dec 26, 2025
Source: NVD
CVE-2025-59887 HIGH - 8.6

Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center.

Published: Dec 26, 2025
Source: NVD
CVE-2025-62578 HIGH - 7.5

DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information

Vendor: deltaww
Product: dvp-12se_firmware
Published: Dec 26, 2025
Source: NVD
CVE-2025-52601 HIGH - 7.8

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. Th...

Vendor: hanwhavision
Product: xno-8082r_firmware
Published: Dec 26, 2025
Source: NVD
CVE-2025-52600 HIGH - 7.2

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the ...

Vendor: hanwhavision
Product: xno-8082r_firmware
Published: Dec 26, 2025
Source: NVD
CVE-2025-15097 HIGH - 7.3

A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgra...

Published: Dec 26, 2025
Source: NVD
CVE-2025-15085 HIGH - 8.1

A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in improper authorization...

Vendor: youlai
Product: youlai-mall
Published: Dec 25, 2025
Source: NVD
CVE-2025-15082 HIGH - 7.5

A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation of the argument goformId results in information disclosure. It is possible to initiate the attack remotely. The ex...

Vendor: gztozed
Product: zlt_m30s_firmware
Published: Dec 25, 2025
Source: NVD
CVE-2025-2406 HIGH - 7.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows Cross-Site Scripting (XSS).This issue affects Trizbi: before 2.144.4.

Published: Dec 25, 2025
Source: NVD
CVE-2025-2405 HIGH - 7.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus allows Cross-Site Scripting (XSS).This issue affects Titarus: before 2.144.4.

Published: Dec 25, 2025
Source: NVD
CVE-2025-2307 HIGH - 7.6

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting (XSS).This issue affects Aidango: before 2.144.4.

Published: Dec 25, 2025
Source: NVD
CVE-2025-66379 HIGH - 7.5

Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.

Vendor: pexip
Product: pexip_infinity
Published: Dec 25, 2025
Source: NVD
CVE-2025-66378 HIGH - 7.5

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.

Vendor: pexip
Product: pexip_infinity
Published: Dec 25, 2025
Source: NVD
CVE-2025-66377 HIGH - 7.5

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.

Vendor: pexip
Product: pexip_infinity
Published: Dec 25, 2025
Source: NVD