Export limit exceeded: 337763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (337763 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36024 | 1 Microsoft | 1 Edge Chromium | 2025-10-08 | 7.1 High |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2023-36034 | 1 Microsoft | 1 Edge Chromium | 2025-10-08 | 7.3 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2023-36043 | 1 Microsoft | 1 System Center Operations Manager | 2025-10-08 | 6.5 Medium |
| Open Management Infrastructure Information Disclosure Vulnerability | ||||
| CVE-2023-36052 | 1 Microsoft | 1 Azure Command-line Interface | 2025-10-08 | 8.6 High |
| Azure CLI REST Command Information Disclosure Vulnerability | ||||
| CVE-2023-36410 | 1 Microsoft | 1 Dynamics 365 | 2025-10-08 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-36437 | 1 Microsoft | 1 Azure Pipelines Agent | 2025-10-08 | 8.8 High |
| Azure DevOps Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38151 | 1 Microsoft | 2 Host Integration Server, Ole Db Provider | 2025-10-08 | 8.8 High |
| Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability | ||||
| CVE-2023-36423 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-08 | 8.8 High |
| Microsoft Remote Registry Service Remote Code Execution Vulnerability | ||||
| CVE-2023-36424 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-08 | 7.8 High |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-36425 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-08 | 8 High |
| Windows Distributed File System (DFS) Remote Code Execution Vulnerability | ||||
| CVE-2023-36427 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-08 | 7 High |
| Windows Hyper-V Elevation of Privilege Vulnerability | ||||
| CVE-2023-36428 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-08 | 5.5 Medium |
| Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | ||||
| CVE-2023-36439 | 1 Microsoft | 1 Exchange Server | 2025-10-08 | 8 High |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2023-38177 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-10-08 | 6.1 Medium |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2023-36413 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-10-08 | 6.5 Medium |
| Microsoft Office Security Feature Bypass Vulnerability | ||||
| CVE-2025-58758 | 1 Datahihi1 | 1 Tinyenv | 2025-10-08 | 5.1 Medium |
| TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment variables. This could lead to unexpected behavior where the application silently ignores missing configuration, potentially causing insecure defaults or deployment misconfigurations. The issue has been fixed in version 1.0.11. All users should upgrade to 1.0.11 or later. As a workaround, users can manually verify the existence of the `.env` file before initializing TinyEnv. | ||||
| CVE-2025-58759 | 1 Datahihi1 | 1 Tinyenv | 2025-10-08 | 5.1 Medium |
| TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters (including # or comment text). Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication. The issue is fixed in v1.0.11. Users should upgrade to the latest patched version. As a temporary workaround, avoid using inline comments in .env files, or sanitize loaded values manually. | ||||
| CVE-2025-40991 | 1 Creativeitem | 2 Ekushey Crm, Ekushey Project Manager Crm | 2025-10-08 | 5.4 Medium |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | ||||
| CVE-2025-40990 | 1 Creativeitem | 2 Ekushey Crm, Ekushey Project Manager Crm | 2025-10-08 | 5.4 Medium |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | ||||
| CVE-2025-40989 | 1 Creativeitem | 2 Ekushey Crm, Ekushey Project Manager Crm | 2025-10-08 | 5.4 Medium |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | ||||