Search
Search Results (72449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2161 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 7.1 High |
| Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-2160 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 8.1 High |
| Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-32808 | 1 Wwnorton | 1 Inquizitive | 2025-10-30 | 7.7 High |
| W. W. Norton InQuizitive through 2025-04-08 allows students to insert arbitrary records of their quiz performance into the backend, because only client-side access control exists. | ||||
| CVE-2025-56161 | 2 Yiovo, Yoshop | 2 Firefly Mall, Yoshop | 2025-10-30 | 7.5 High |
| YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php defines no $hidden or $visible attributes, sensitive fields (bcrypt password hash, mobile number, pay_money, expend_money.) are exposed in JSON responses. Route names vary per deployment (e.g. /api/goods.pinglun/list), but all call the same vulnerable model logic. | ||||
| CVE-2024-30128 | 1 Hcltech | 1 Nomad Server On Domino | 2025-10-30 | 8.6 High |
| HCL Nomad server on Domino is affected by an open proxy vulnerability in which an unauthenticated attacker can mask their original source IP address. This may enable an attacker to trick the user into exposing sensitive information. | ||||
| CVE-2023-38163 | 1 Microsoft | 1 Windows Defender Security Intelligence Updates | 2025-10-30 | 7.8 High |
| Windows Defender Attack Surface Reduction Security Feature Bypass | ||||
| CVE-2023-36739 | 1 Microsoft | 1 3d Viewer | 2025-10-30 | 7.8 High |
| 3D Viewer Remote Code Execution Vulnerability | ||||
| CVE-2023-36740 | 1 Microsoft | 1 3d Viewer | 2025-10-30 | 7.8 High |
| 3D Viewer Remote Code Execution Vulnerability | ||||
| CVE-2023-36760 | 1 Microsoft | 1 3d Viewer | 2025-10-30 | 7.8 High |
| 3D Viewer Remote Code Execution Vulnerability | ||||
| CVE-2023-36762 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-10-30 | 7.3 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2023-36763 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-10-30 | 7.5 High |
| Microsoft Outlook Information Disclosure Vulnerability | ||||
| CVE-2023-36764 | 1 Microsoft | 1 Sharepoint Server | 2025-10-30 | 8.8 High |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||||
| CVE-2023-36770 | 1 Microsoft | 1 3d Builder | 2025-10-30 | 7.8 High |
| 3D Builder Remote Code Execution Vulnerability | ||||
| CVE-2023-36771 | 1 Microsoft | 1 3d Builder | 2025-10-30 | 7.8 High |
| 3D Builder Remote Code Execution Vulnerability | ||||
| CVE-2023-36772 | 1 Microsoft | 1 3d Builder | 2025-10-30 | 7.8 High |
| 3D Builder Remote Code Execution Vulnerability | ||||
| CVE-2023-36773 | 1 Microsoft | 1 3d Builder | 2025-10-30 | 7.8 High |
| 3D Builder Remote Code Execution Vulnerability | ||||
| CVE-2023-36788 | 1 Microsoft | 10 .net Framework, Windows 10 1809, Windows 10 21h2 and 7 more | 2025-10-30 | 7.8 High |
| .NET Framework Remote Code Execution Vulnerability | ||||
| CVE-2023-36792 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2025-10-30 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2023-36793 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2025-10-30 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2023-36794 | 1 Microsoft | 16 .net, .net Framework, Visual Studio 2017 and 13 more | 2025-10-30 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||