Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-59292 External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | 8.2 | HIGH | — | 0 |
| CVE-2025-59295 Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-60535 A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request. | 7.3 | HIGH | — | 0 |
| CVE-2025-60536 An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file. | 7.5 | HIGH | — | 0 |
| CVE-2025-60537 Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-33182 NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerab... | 7.6 | HIGH | — | 0 |
| CVE-2025-54273 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | — | 0 |
| CVE-2025-54274 Substance3D - Viewer versions 0.25.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat... | 7.8 | HIGH | — | 0 |
| CVE-2025-54275 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-54280 Substance3D - Viewer versions 0.25.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | — | 0 |
| CVE-2025-33177 NVIDIA Jetson Linux and IGX OS contain a vulnerability in NvMap, where improper tracking of memory allocations could allow a local attacker to cause memory overallocation. A successful exploitation of... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-54276 Substance3D - Modeler versions 1.22.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory stru... | 7.8 | HIGH | — | 0 |
| CVE-2025-54281 Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th... | 7.8 | HIGH | — | 0 |
| CVE-2025-54282 Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploi... | 7.8 | HIGH | — | 0 |
| CVE-2025-54283 Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi... | 7.8 | HIGH | — | 0 |
| CVE-2025-54284 Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi... | 7.8 | HIGH | — | 0 |
| CVE-2025-59051 The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 ... | N/A | NONE | — | 0 |
| CVE-2025-60374 Stored Cross-Site Scripting (XSS) in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-60540 karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54266 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-61675 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager ... | N/A | NONE | — | 0 |
| CVE-2025-61678 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager ... | N/A | NONE | — | 0 |
| CVE-2025-61798 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An att... | 7.8 | HIGH | — | 0 |
| CVE-2025-61799 Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An att... | 7.8 | HIGH | — | 0 |
| CVE-2025-61800 Dimension versions 4.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | — | 0 |
| CVE-2025-61801 Dimension versions 4.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require... | 7.8 | HIGH | — | 0 |
| CVE-2025-61802 Substance3D - Stager versions 3.1.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is... | 7.8 | HIGH | — | 0 |
| CVE-2025-61803 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploi... | 7.8 | HIGH | — | 0 |
| CVE-2025-61805 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory struct... | 7.8 | HIGH | — | 0 |
| CVE-2025-61806 Substance3D - Stager versions 3.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory struct... | 7.8 | HIGH | — | 0 |
| CVE-2025-61807 Substance3D - Stager versions 3.1.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploi... | 7.8 | HIGH | — | 0 |
| CVE-2025-62374 Parse Javascript SDK provides access to the powerful Parse Server backend from your JavaScript app. Prior to 7.0.0, injection of malicious payload allows attacker to remotely execute arbitrary code. ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-54263 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage... | 8.1 | HIGH | — | 0 |
| CVE-2025-54264 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that ... | 8.1 | HIGH | — | 0 |
| CVE-2025-54267 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54277 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2014-6525 Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users... | N/A | NONE | — | 0 |
| CVE-2025-49553 Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. ... | 9.3 | CRITICAL | — | 0 |
| CVE-2025-54269 Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitiv... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-54270 Animate versions 23.0.13, 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sen... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-62446 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-62447 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2009-1901 The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. | N/A | NONE | — | 0 |
| CVE-2009-1902 The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a... | N/A | NONE | — | 0 |
| CVE-2009-1903 The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method. | N/A | NONE | — | 0 |
| CVE-2008-2154 IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via u... | N/A | NONE | — | 0 |
| CVE-2008-6820 The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-200... | N/A | NONE | — | 0 |
| CVE-2008-6821 Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unsp... | N/A | NONE | — | 0 |
| CVE-2009-1905 The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attacker... | N/A | NONE | — | 0 |
| CVE-2009-1906 The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the corre... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.