CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-2287 A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat ... | 7.8 | HIGH | — | 0 |
| CVE-2025-2288 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validat... | 7.8 | HIGH | — | 0 |
| CVE-2025-2293 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validat... | 7.8 | HIGH | — | 0 |
| CVE-2025-2829 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to write outside of the allocated memory buffer. The flaw is a result of improper validat... | 7.8 | HIGH | — | 0 |
| CVE-2025-3285 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validati... | 7.8 | HIGH | — | 0 |
| CVE-2025-3286 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validati... | 7.8 | HIGH | — | 0 |
| CVE-2025-3287 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited... | 7.8 | HIGH | — | 0 |
| CVE-2025-3288 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a threat actor being able to read outside of the allocated memory buffer. The flaw is a result of improper validati... | 7.8 | HIGH | — | 0 |
| CVE-2025-3289 A local code execution vulnerability exists in the Rockwell Automation Arena® due to a stack-based memory buffer overflow. The flaw is result of improper validation of user-supplied data. If exploited... | 7.8 | HIGH | — | 0 |
| CVE-2024-48887 A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request | 9.8 | CRITICAL | — | 0 |
| CVE-2025-21174 Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-21191 Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-21197 Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-21203 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-21204 Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-21205 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-21221 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-26640 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-21222 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-24058 Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-24060 Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-24062 Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-26480 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.0.0, contains an uncontrolled resource consumption vulnerability. An unauthenticated attacker with remote access could potentially exploit this vul... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-24073 Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-24074 Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-26635 Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-26639 Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-26664 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-49808 IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 could allow an authenticated user to spoof the identity of another user due to improper authorization which could allow the user to byp... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-28229 Incorrect access control in Orban OPTIMOD 5950 Firmware v1.0.0.2 and System v2.2.15 allows attackers to bypass authentication and gain Administrator privileges. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-28230 Incorrect access control in JMBroadcast JMB0150 Firmware v1.0 allows attackers to access hardcoded administrator credentials. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-28232 Incorrect access control in the HOME.php endpoint of JMBroadcast JMB0150 Firmware v1.0 allows attackers to access the Admin panel without authentication. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-29625 A buffer overflow vulnerability in Astrolog v7.70 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via an overly long environment variable passed to FileOpen function. | 7.8 | HIGH | — | 0 |
| CVE-2025-2950 IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the h... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-3792 A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the ar... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-29953 Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted se... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-28059 An access control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows deleted users to retain access to system resources due to improper session invalidation and stale token handling. When an a... | 7.5 | HIGH | — | 0 |
| CVE-2024-57493 An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of service via the setsockopt function. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-25983 An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharin... | 3.4 | LOW | — | 0 |
| CVE-2025-25984 An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via UART component. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-25985 An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt... | 2.6 | LOW | — | 0 |
| CVE-2025-3797 A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads t... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-3798 A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Hand... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-3799 A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/use... | 7.3 | HIGH | — | 0 |
| CVE-2025-3800 A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2025-27907 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially le... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-32788 OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and ... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-10306 A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-39478 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smartiolabs Smart Notification allows Reflected XSS. This issue affects Smart Notification: from n... | 7.1 | HIGH | — | 0 |
| CVE-2025-2762 CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCP... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.