VYPR

CVEs

1,630 total · page 4 of 33

  • CVE-2025-54253KEVAug 5, 2025
    risk 0.14cvss epss 0.90

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not…

  • CVE-2025-54948KEVAug 5, 2025
    risk 0.13cvss epss 0.20

    A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

  • CVE-2025-6205KEVAug 4, 2025
    risk 0.19cvss epss 0.69

    A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

  • CVE-2025-6204KEVAug 4, 2025
    risk 0.13cvss epss 0.75

    An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

  • CVE-2025-31277HigKEVJul 30, 2025
    risk 0.69cvss 8.8epss 0.01

    The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

  • CVE-2025-38352KEVJul 22, 2025
    risk 0.12cvss epss 0.01

    In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can…

  • CVE-2025-53770KEVJul 20, 2025
    risk 0.28cvss epss 1.00

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update…

  • CVE-2025-54313KEVJul 19, 2025
    risk 0.05cvss epss 0.04

    eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

  • CVE-2025-54309KEVJul 18, 2025
    risk 0.18cvss epss 0.92

    CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.

  • CVE-2025-54068KEVJul 17, 2025
    risk 0.13cvss epss 0.95

    Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This…

  • CVE-2025-25257KEVJul 17, 2025
    risk 0.17cvss epss 0.97

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an…

  • CVE-2025-20337KEVJul 16, 2025
    risk 0.12cvss epss 0.65

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This…

  • CVE-2025-6558KEVJul 15, 2025
    risk 0.12cvss epss 0.09

    Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-47813KEVJul 10, 2025
    risk 0.14cvss epss 0.56

    loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.

  • CVE-2025-47812KEVJul 10, 2025
    risk 0.22cvss epss 0.95

    In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by…

  • CVE-2025-48384KEVJul 8, 2025
    risk 0.12cvss epss 0.03

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config…

  • CVE-2025-49706KEVJul 8, 2025
    risk 0.27cvss epss 1.00

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-49704KEVJul 8, 2025
    risk 0.26cvss epss 1.00

    Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2025-6554KEVJun 30, 2025
    risk 0.12cvss epss 0.07

    Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-32463KEVJun 30, 2025
    risk 0.20cvss epss 0.47

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

  • CVE-2025-20281KEVJun 25, 2025
    risk 0.15cvss epss 0.97

    A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This…

  • CVE-2025-6543KEVJun 25, 2025
    risk 0.12cvss epss 0.10

    Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

  • CVE-2025-32975CriKEVJun 24, 2025
    risk 0.80cvss 10.0epss 0.02

    Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate…

  • CVE-2025-48700MedKEVJun 23, 2025
    risk 0.46cvss 6.1epss 0.02

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to…

  • CVE-2025-6218KEVJun 21, 2025
    risk 0.12cvss epss 0.86

    RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2025-5777KEVJun 17, 2025
    risk 0.26cvss epss 1.00

    Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

  • CVE-2025-43200MedKEVJun 16, 2025
    risk 0.39cvss 4.2epss 0.01

    This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A…

  • CVE-2025-33073KEVJun 10, 2025
    risk 0.19cvss epss 0.64

    Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

  • CVE-2025-33053KEVJun 10, 2025
    risk 0.19cvss epss 0.82

    External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

  • CVE-2025-47827KEVJun 5, 2025
    risk 0.12cvss epss 0.04

    In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image.

  • CVE-2025-21479KEVJun 3, 2025
    risk 0.12cvss epss 0.01

    Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

  • CVE-2025-27038KEVJun 3, 2025
    risk 0.12cvss epss 0.01

    Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

  • CVE-2025-21480KEVJun 3, 2025
    risk 0.12cvss epss 0.00

    Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

  • CVE-2025-5419KEVJun 2, 2025
    risk 0.12cvss epss 0.06

    Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-5086KEVJun 2, 2025
    risk 0.15cvss epss 0.89

    A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.

  • CVE-2025-49113KEVJun 2, 2025
    risk 0.15cvss epss 0.89

    Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

  • CVE-2025-48927KEVMay 28, 2025
    risk 0.13cvss epss 0.08

    The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

  • CVE-2025-48928KEVMay 28, 2025
    risk 0.13cvss epss 0.00

    The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

  • CVE-2025-34026KEVMay 21, 2025
    risk 0.18cvss epss 0.83

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace…

  • CVE-2025-4008KEVMay 21, 2025
    risk 0.16cvss epss 0.95

    The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C. This web interface exposes an endpoint that is vulnerable to command…

  • CVE-2025-30397KEVMay 13, 2025
    risk 0.17cvss epss 0.22

    Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

  • CVE-2025-32709KEVMay 13, 2025
    risk 0.12cvss epss 0.02

    Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2025-32706KEVMay 13, 2025
    risk 0.12cvss epss 0.02

    Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-32701KEVMay 13, 2025
    risk 0.12cvss epss 0.01

    Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2025-30400KEVMay 13, 2025
    risk 0.12cvss epss 0.02

    Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.

  • CVE-2025-4428KEVMay 13, 2025
    risk 0.18cvss epss 0.88

    Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests.

  • CVE-2025-4427KEVMay 13, 2025
    risk 0.22cvss epss 1.00

    An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.

  • CVE-2025-32756KEVMay 13, 2025
    risk 0.14cvss epss 0.31

    A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail…

  • CVE-2025-4632KEVMay 13, 2025
    risk 0.15cvss epss 0.24

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

  • CVE-2025-42999KEVMay 13, 2025
    risk 0.15cvss epss 0.11

    SAP NetWeaver Visual Composer Metadata Uploader is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.