Total
12701 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11698 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-11-25 | N/A |
| If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | ||||
| CVE-2017-5451 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-11-25 | N/A |
| A mechanism to spoof the addressbar through the user interaction on the addressbar and the "onblur" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. | ||||
| CVE-2025-55058 | 2 Maxum, Maxum Development Corporation | 2 Rumpus, Rumpus Ftp Server | 2025-11-24 | 4.5 Medium |
| CWE-20 Improper Input Validation | ||||
| CVE-2025-63213 | 1 Qvidium | 1 Opera11 | 2025-11-24 | 9.8 Critical |
| The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vulnerable to Remote Code Execution (RCE) due to improper input validation on the /cgi-bin/net_ping.cgi endpoint. An attacker can exploit this vulnerability by sending a specially crafted GET request with a malicious parameter to inject arbitrary commands. These commands are executed with root privileges, allowing attackers to gain full control over the device. This poses a significant security risk to any device running this software. | ||||
| CVE-2025-1088 | 1 Grafana | 1 Grafana | 2025-11-23 | 2.7 Low |
| In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher. | ||||
| CVE-2025-59248 | 1 Microsoft | 6 Exchange, Exchange Server, Exchange Server 2016 and 3 more | 2025-11-22 | 7.5 High |
| Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59198 | 1 Microsoft | 31 Windows, Windows 10, Windows 10 1507 and 28 more | 2025-11-22 | 5 Medium |
| Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-59190 | 1 Microsoft | 31 Windows, Windows 10, Windows 10 1507 and 28 more | 2025-11-22 | 5.5 Medium |
| Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally. | ||||
| CVE-2025-59187 | 1 Microsoft | 30 Windows, Windows 10, Windows 10 1507 and 27 more | 2025-11-22 | 7.8 High |
| Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55692 | 1 Microsoft | 27 Windows, Windows 10, Windows 10 1507 and 24 more | 2025-11-22 | 7.8 High |
| Improper input validation in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55679 | 1 Microsoft | 22 Windows, Windows 10, Windows 10 1809 and 19 more | 2025-11-22 | 5.1 Medium |
| Improper input validation in Windows Kernel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59250 | 1 Microsoft | 10 Jdbc Driver For Sql Server, Jdbc Driver For Sql Server 10.2, Jdbc Driver For Sql Server 11.2 and 7 more | 2025-11-22 | 8.1 High |
| Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-59228 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2025-11-22 | 8.8 High |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||||
| CVE-2025-59207 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2025-11-22 | 7.8 High |
| Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58716 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-11-22 | 8.8 High |
| Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-12907 | 1 Google | 1 Chrome | 2025-11-21 | 8.8 High |
| Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low) | ||||
| CVE-2025-12908 | 1 Google | 2 Android, Chrome | 2025-11-21 | 5.4 Medium |
| Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2025-34105 | 1 Flexense | 1 Diskboss | 2025-11-21 | N/A |
| A stack-based buffer overflow vulnerability exists in the built-in web interface of DiskBoss Enterprise versions 7.4.28, 7.5.12, and 8.2.14. The vulnerability arises from improper bounds checking on the path component of HTTP GET requests. By sending a specially crafted long URI, a remote unauthenticated attacker can trigger a buffer overflow, potentially leading to arbitrary code execution with SYSTEM privileges on vulnerable Windows hosts. | ||||
| CVE-2025-64176 | 2 Matiasdesuu, Thinkdashboard Project | 2 Thinkdashboard, Thinkdashboard | 2025-11-21 | 5.3 Medium |
| ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8. | ||||
| CVE-2025-64759 | 1 Homarr-labs | 1 Homarr | 2025-11-21 | 8.1 High |
| Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the "credentials-admin" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3. | ||||