Filter and search through 196,793 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-4920 | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4 and Fire... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2025-49173 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2025-49153 | MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute arbitrary code. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-49152 | MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-49151 | MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-49130 | ### Impact The application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-49127 | Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthentica... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-49014 | jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-49008 | Atheos is a self-hosted browser-based cloud integrated development environment. Prior to version 6.0.4, improper use of `escapeshellcmd()` in `/compon... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-49006 | Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vuln... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-48997 | ### Impact A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-48995 | When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-48994 | When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-48990 | NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-48986 | Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and pot... | 0.0 | 0 | Neutral | Yes | No |
| CVE-2025-48980 | In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not r... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-48963 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, W... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-48962 | Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-48961 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-48960 | Weak server key used for TLS encryption. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938. | 0.0 | 0 | Neutral | No | No |