Search
Search Results (314806 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48044 | 1 Ash-project | 1 Ash | 2025-10-21 | N/A |
| Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d. | ||||
| CVE-2025-9133 | 2025-10-21 | 8.1 High | ||
| A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow a semi-authenticated attacker—who has completed only the first stage of the two-factor authentication (2FA) process—to view and download the system configuration from an affected device. | ||||
| CVE-2025-8078 | 2025-10-21 | 7.2 High | ||
| A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware versions from V4.16 through V5.40, and USG20(W)-VPN series firmware versions from V4.16 through V5.40 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on the affected device by passing a crafted string as an argument to a CLI command. | ||||
| CVE-2025-62677 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62678 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62679 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62680 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62681 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62682 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62683 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-62684 | 2025-10-21 | N/A | ||
| Not used | ||||
| CVE-2025-6542 | 2025-10-21 | N/A | ||
| An arbitrary OS command may be executed on the product by a remote unauthenticated attacker. | ||||
| CVE-2025-7851 | 2025-10-21 | N/A | ||
| An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways. | ||||
| CVE-2025-7850 | 2025-10-21 | N/A | ||
| A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways. | ||||
| CVE-2025-6541 | 2025-10-21 | N/A | ||
| An arbitrary OS command may be executed on the product by the user who can log in to the web management interface. | ||||
| CVE-2025-33073 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-21 | 8.8 High |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-61884 | 1 Oracle | 1 Configurator | 2025-10-21 | 7.5 High |
| Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configurator accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2025-2747 | 1 Kentico | 1 Xperience | 2025-10-21 | 9.8 Critical |
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178. | ||||
| CVE-2025-2746 | 1 Kentico | 1 Xperience | 2025-10-21 | 9.8 Critical |
| An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172. | ||||
| CVE-2022-48503 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-10-21 | 8.8 High |
| The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution. | ||||