CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-49666 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to execute code over a network. | 7.2 | HIGH | β | 0 |
| CVE-2025-49667 Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-49538 ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting c... | 7.4 | HIGH | β | 0 |
| CVE-2025-49668 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-49669 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-49670 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-49671 Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-49672 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-4129 Authorization Bypass Through User-Controlled Key vulnerability in PAVO Inc. PAVO Pay allows Exploitation of Trusted Identifiers.This issue affects PAVO Pay: before 13.05.2025. | 7.5 | HIGH | β | 0 |
| CVE-2025-49673 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-49674 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-49675 Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-49676 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2025-49677 Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-49539 ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass. ... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-49678 Null pointer dereference in Windows NTFS allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-49679 Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-49680 Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally. | 7.3 | HIGH | β | 0 |
| CVE-2025-49681 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-48299 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra allows SQL Injection. This issue affects YayExtra: from n/a through 1.5.5. | 7.6 | HIGH | β | 0 |
| CVE-2025-3946 The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component ControlΒ Data Access (CDA). An attacker could potentially exploit this vuln... | 8.2 | HIGH | β | 0 |
| CVE-2025-3947 The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component ControlΒ Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data... | 8.2 | HIGH | β | 0 |
| CVE-2025-7414 A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7415 A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component http... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7416 A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manip... | 8.8 | HIGH | β | 0 |
| CVE-2025-46704 A vulnerability exists in Advantech iView in NetworkServlet.processImportRequest() that could allow for a directory traversal attack. This issue requires an authenticated attacker with at least use... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-7417 A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component h... | 8.8 | HIGH | β | 0 |
| CVE-2025-1727 The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible to create these EoT and HoT packet... | 8.1 | HIGH | β | 0 |
| CVE-2025-7418 A vulnerability was found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this issue is the function fromPingResultGet of the file /goform/setPing of the component httpd. The mani... | 8.8 | HIGH | β | 0 |
| CVE-2025-7419 A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manip... | 8.8 | HIGH | β | 0 |
| CVE-2025-41442 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating certain input parameters, an attacker ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-46358 Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | 7.7 | HIGH | β | 0 |
| CVE-2023-24852 Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 | HIGH | β | 0 |
| CVE-2025-48891 A vulnerability exists in Advantech iView that could allow for SQL injection through the CUtils.checkSQLInjection() function. This vulnerability can be exploited by an authenticated attacker with at... | 7.6 | HIGH | β | 0 |
| CVE-2025-50109 Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere. | 7.7 | HIGH | β | 0 |
| CVE-2025-52459 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Ce... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-52577 A vulnerability exists in Advantech iView that could allow SQL injection and remote code execution through NetworkServlet.archiveTrapRange(). This issue requires an authenticated attacker with at le... | 8.8 | HIGH | β | 0 |
| CVE-2025-52579 Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the product crashes, or if t... | 9.4 | CRITICAL | β | 0 |
| CVE-2025-53471 Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | 5.1 | MEDIUM | β | 0 |
| CVE-2025-53475 A vulnerability exists in Advantech iView that could allow for SQL injection and remote code execution through NetworkServlet.getNextTrapPage(). This issue requires an authenticated attacker with a... | 8.8 | HIGH | β | 0 |
| CVE-2025-53519 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By manipulating specific parameters, an attacker could... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-48301 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce SMTP for SendGrid β YaySMTP allows SQL Injection. This issue affects SMTP for SendGrid... | 7.6 | HIGH | β | 0 |
| CVE-2025-7420 A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component ... | 8.8 | HIGH | β | 0 |
| CVE-2025-5241 Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain peri... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-7421 A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. ... | 8.8 | HIGH | β | 0 |
| CVE-2025-7422 A vulnerability classified as critical has been found in Tenda O3V2 1.0.0.12(3880). Affected is the function setAutoReboot of the file /goform/setNetworkService of the component httpd. The manipulatio... | 8.8 | HIGH | β | 0 |
| CVE-2025-7423 A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). Affected by this vulnerability is the function formWifiMacFilterSet of the file /goform/setWrlFilterList of the component... | 8.8 | HIGH | β | 0 |
| CVE-2025-27717 Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access | 6.7 | MEDIUM | β | 0 |
| CVE-2025-7434 A vulnerability was found in Tenda FH451 up to 1.0.0.9 and classified as critical. Affected by this issue is the function fromAddressNat of the file /goform/addressNat of the component POST Request Ha... | 8.8 | HIGH | β | 0 |
| CVE-2025-7435 A vulnerability was found in LiveHelperChat lhc-php-resque Extension up to ee1270b35625f552425e32a6a3061cd54b5085c4. It has been classified as problematic. This affects an unknown part of the file /si... | 3.5 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.