CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2024-36349 A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. | 3.8 | LOW | β | 0 |
| CVE-2019-25182 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2019. Notes: none. | N/A | NONE | β | 0 |
| CVE-2025-5451 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to trigger a de... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-5463 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a local authenticated attacker to obtain tha... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-6770 OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution | 7.2 | HIGH | β | 0 |
| CVE-2025-6995 Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other usersβ passwords. | 8.4 | HIGH | β | 0 |
| CVE-2025-6996 Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other usersβ passwords. | 8.4 | HIGH | β | 0 |
| CVE-2025-7037 SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database | 7.2 | HIGH | β | 0 |
| CVE-2025-7182 A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/mod... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-7183 A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/customer_account.php. The mani... | 7.3 | HIGH | β | 0 |
| CVE-2025-7326 Weak authentication in EOLΒ ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL)Β software components. The vendor, Microsoft,... | 7.0 | HIGH | β | 0 |
| CVE-2025-0292 SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21164 Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2025-62638 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-0293 CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected config... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-3648 A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnera... | N/A | NONE | β | 0 |
| CVE-2025-5464 Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-6771 OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code executio... | 7.2 | HIGH | β | 0 |
| CVE-2025-7184 A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. This affects an unknown part of the file /user/teacher/books.php. The manipulation of the argument Se... | 7.3 | HIGH | β | 0 |
| CVE-2025-47988 Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | 7.5 | HIGH | β | 0 |
| CVE-2025-21165 Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2025-21166 Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2025-21167 Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21168 Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-21195 Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally. | 6.0 | MEDIUM | β | 0 |
| CVE-2025-26636 Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2025-33054 Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network. | 8.1 | HIGH | β | 0 |
| CVE-2025-46390 CWE-204: Observable Response Discrepancy | 7.5 | HIGH | β | 0 |
| CVE-2025-43580 Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could leverage... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-43587 After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-47109 After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-47159 Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-47178 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network. | 8.0 | HIGH | β | 0 |
| CVE-2025-49540 ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious script... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-62639 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-47971 Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-47972 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network. | 8.0 | HIGH | β | 0 |
| CVE-2025-47973 Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-47975 Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-62640 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-47976 Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-47978 Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-47980 Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally. | 6.2 | MEDIUM | β | 0 |
| CVE-2025-47982 Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2023-43039 IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-47984 Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2025-47985 Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-47986 Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | 8.8 | HIGH | β | 0 |
| CVE-2025-47987 Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-47991 Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.