Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-63892 |
|
Cross-Site Scripting (XSS) in remyandrade (CVE-2025-63892)
cross-site scripting in remyandrade (CVE-2025-63892). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58034 KEV |
|
[KEV] OS Command Injection in Fortinet fortiweb (CVE-2025-58034)
OS command injection in Fortinet fortiweb (CVE-2025-58034). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-63748 |
|
Unrestricted File Upload in testmanagement (CVE-2025-63748)
vulnerability in testmanagement (CVE-2025-63748). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64046 |
|
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.
|
| CVE-2025-64446 KEV |
|
[KEV] Vulnerability in Fortinet fortiweb (CVE-2025-64446)
vulnerability in Fortinet fortiweb (CVE-2025-64446). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-62215 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-62215)
vulnerability in Microsoft windows (CVE-2025-62215). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-12480 KEV |
|
[KEV] Vulnerability in Gladinet triofox (CVE-2025-12480)
vulnerability in Gladinet triofox (CVE-2025-12480). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-9242 KEV |
|
[KEV] Out-of-Bounds Write in Watchguard firebox (CVE-2025-9242)
out-of-bounds write in Watchguard firebox (CVE-2025-9242). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-62199 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-60724 |
|
Vulnerability in microsoft (CVE-2025-60724)
vulnerability in microsoft (CVE-2025-60724). Successful exploitation can lead to full system takeover.
|
| CVE-2025-21042 KEV |
|
[KEV] Out-of-Bounds Write in Samsung mobile-devices (CVE-2025-21042)
out-of-bounds write in Samsung mobile-devices (CVE-2025-21042). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-43438 |
|
Use-After-Free in apple (CVE-2025-43438)
vulnerability in apple (CVE-2025-43438). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-43433 |
|
Out-of-Bounds Write in apple (CVE-2025-43433)
out-of-bounds write in apple (CVE-2025-43433). Successful exploitation can lead to full system takeover.
|
| CVE-2025-43441 |
|
Buffer Overflow in apple (CVE-2025-43441)
vulnerability in apple (CVE-2025-43441). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-43407 |
|
This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS...
This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS...
|
| CVE-2025-48703 KEV |
|
[KEV] OS Command Injection in Cwp control-web-panel (CVE-2025-48703)
OS command injection in Cwp control-web-panel (CVE-2025-48703). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-11371 KEV |
|
[KEV] Vulnerability in Gladinet centrestack-and-triofox (CVE-2025-11371)
vulnerability in Gladinet centrestack-and-triofox (CVE-2025-11371). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24893 KEV |
|
[KEV] Vulnerability in Xwiki platform (CVE-2025-24893)
vulnerability in Xwiki platform (CVE-2025-24893). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-41244 KEV |
|
[KEV] Vulnerability in Broadcom vmware-aria-operations-and-vmware-tools (CVE-2025-41244)
vulnerability in Broadcom vmware-aria-operations-and-vmware-tools (CVE-2025-41244). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-56399 |
|
Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6205 KEV |
|
[KEV] Vulnerability in Dassault systèmes dassault-systemes (CVE-2025-6205)
vulnerability in Dassault systèmes dassault-systemes (CVE-2025-6205). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-6204 KEV |
|
[KEV] Code Injection in Dassault systèmes dassault-systemes (CVE-2025-6204)
code injection in Dassault systèmes dassault-systemes (CVE-2025-6204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61795 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.110, 10.1.47, 11.0.12` or later.
|
| CVE-2025-55754 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55754). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|
| CVE-2025-55752 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|
| CVE-2025-54236 KEV |
|
[KEV] Vulnerability in Adobe commerce (CVE-2025-54236)
vulnerability in Adobe commerce (CVE-2025-54236). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
|
| CVE-2025-59287 KEV |
|
[KEV] Unsafe Deserialization in Microsoft windows (CVE-2025-59287)
vulnerability in Microsoft windows (CVE-2025-59287). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-11023 |
|
Vulnerability in CVE-2025-11023 (CVE-2025-11023)
vulnerability in CVE-2025-11023 (CVE-2025-11023). Successful exploitation can lead to full system takeover.
|
| CVE-2025-61932 KEV |
|
[KEV] Vulnerability in Motex lanscope-endpoint-manager (CVE-2025-61932)
vulnerability in Motex lanscope-endpoint-manager (CVE-2025-61932). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-60511 |
|
Vulnerability in CVE-2025-60511 (CVE-2025-60511)
vulnerability in CVE-2025-60511 (CVE-2025-60511). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-33073 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-33073)
vulnerability in Microsoft windows (CVE-2025-33073). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2022-48503 KEV |
|
[KEV] Vulnerability in Apple multiple-products (CVE-2022-48503)
vulnerability in Apple multiple-products (CVE-2022-48503). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61884 KEV |
|
[KEV] SSRF (Server-Side Request Forgery) in Oracle e-business-suite (CVE-2025-61884)
SSRF in Oracle e-business-suite (CVE-2025-61884). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2747 KEV |
|
[KEV] Vulnerability in Kentico xperience-cms (CVE-2025-2747)
vulnerability in Kentico xperience-cms (CVE-2025-2747). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-2746 KEV |
|
[KEV] Vulnerability in Kentico xperience-cms (CVE-2025-2746)
vulnerability in Kentico xperience-cms (CVE-2025-2746). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-57567 |
|
Code Injection in CVE-2025-57567 (CVE-2025-57567)
code injection in CVE-2025-57567 (CVE-2025-57567). Successful exploitation can lead to full system takeover.
|
| CVE-2025-60641 |
|
SQL Injection in sqli (CVE-2025-60641)
SQL injection in sqli (CVE-2025-60641). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-34512 |
|
Cross-Site Scripting (XSS) in ilevia (CVE-2025-34512)
cross-site scripting in ilevia (CVE-2025-34512). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-54253 KEV |
|
[KEV] Vulnerability in Adobe experience-manager-aem-forms (CVE-2025-54253)
vulnerability in Adobe experience-manager-aem-forms (CVE-2025-54253). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-59249 |
|
Vulnerability in microsoft (CVE-2025-59249)
vulnerability in microsoft (CVE-2025-59249). Successful exploitation can lead to full system takeover.
|
| CVE-2025-59248 |
|
Vulnerability in microsoft (CVE-2025-59248)
vulnerability in microsoft (CVE-2025-59248). Confidential information can be exposed externally.
|
| CVE-2025-59234 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-59227 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-53782 |
|
Vulnerability in microsoft (CVE-2025-53782)
vulnerability in microsoft (CVE-2025-53782). Successful exploitation can lead to full system takeover.
|
| CVE-2025-57740 |
|
Vulnerability in fortinet (CVE-2025-57740)
vulnerability in fortinet (CVE-2025-57740). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58903 |
|
Vulnerability in fortinet (CVE-2025-58903)
vulnerability in fortinet (CVE-2025-58903). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-47890 |
|
Open Redirect in fortinet (CVE-2025-47890)
vulnerability in fortinet (CVE-2025-47890). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-31514 |
|
Vulnerability in fortinet (CVE-2025-31514)
vulnerability in fortinet (CVE-2025-31514). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-31366 |
|
Cross-Site Scripting (XSS) in fortinet (CVE-2025-31366)
cross-site scripting in fortinet (CVE-2025-31366). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-25253 |
|
Vulnerability in fortinet (CVE-2025-25253)
vulnerability in fortinet (CVE-2025-25253). Successful exploitation can lead to full system takeover.
|