Search
Search Results (313876 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62392 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-11623 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-59286 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-13 | 6.5 Medium |
| Copilot Spoofing Vulnerability | ||||
| CVE-2025-59272 | 1 Microsoft | 3 365, 365 Copilot, 365 Copilot Chat | 2025-10-13 | 6.5 Medium |
| Copilot Spoofing Vulnerability | ||||
| CVE-2025-59271 | 2025-10-13 | 8.7 High | ||
| Redis Enterprise Elevation of Privilege Vulnerability | ||||
| CVE-2025-59252 | 1 Microsoft | 2 365, 365 Copilot | 2025-10-13 | 6.5 Medium |
| M365 Copilot Spoofing Vulnerability | ||||
| CVE-2025-55321 | 1 Microsoft | 1 Azure Monitor | 2025-10-13 | 8.7 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2025-10-13 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||
| CVE-2025-59246 | 1 Microsoft | 1 Entra Id | 2025-10-13 | 9.8 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2025-59218 | 1 Microsoft | 1 Entra Id | 2025-10-13 | 9.6 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2025-11622 | 2025-10-13 | 7.8 High | ||
| Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2025-9713 | 2025-10-13 | 8.8 High | ||
| Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-62391 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62390 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62389 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62388 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62387 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62385 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62383 | 2025-10-13 | 6.5 Medium | ||
| SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database. | ||||
| CVE-2025-62365 | 2025-10-13 | N/A | ||
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0. | ||||