Total
32075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21387 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2025-21390 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2025-21363 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Word Remote Code Execution Vulnerability | |||||
| CVE-2025-21362 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-01 | N/A | 8.4 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2025-21357 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-01 | N/A | 6.7 MEDIUM |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2025-21356 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2025-21346 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.1 HIGH |
| Microsoft Office Security Feature Bypass Vulnerability | |||||
| CVE-2025-21345 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||
| CVE-2025-21186 | 1 Microsoft | 4 365 Apps, Access, Office and 1 more | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Access Remote Code Execution Vulnerability | |||||
| CVE-2025-21394 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2025-21392 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2025-21397 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-07-01 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2025-27607 | 1 Nhairs | 1 Python Json Logger | 2025-07-01 | N/A | 8.8 HIGH |
| Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0. | |||||
| CVE-2023-32559 | 1 Nodejs | 1 Node.js | 2025-07-01 | N/A | 7.5 HIGH |
| A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | |||||
| CVE-2025-3891 | 3 Apache, Debian, Redhat | 3 Http Server, Debian Linux, Enterprise Linux | 2025-07-01 | N/A | 7.5 HIGH |
| A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability. | |||||
| CVE-2023-46218 | 2 Fedoraproject, Haxx | 2 Fedora, Curl | 2025-06-30 | N/A | 6.5 MEDIUM |
| This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. | |||||
| CVE-2024-33775 | 1 Nagios | 1 Nagios Xi | 2025-06-30 | N/A | 9.8 CRITICAL |
| An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet. | |||||
| CVE-2024-23335 | 1 Mybb | 1 Mybb | 2025-06-30 | N/A | 4.7 MEDIUM |
| MyBB is a free and open source forum software. The backup management module of the Admin CP may accept `.htaccess` as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability | |||||
| CVE-2024-29316 | 1 Nodebb | 1 Nodebb | 2025-06-30 | N/A | 6.3 MEDIUM |
| NodeBB 3.6.7 is vulnerable to Incorrect Access Control, e.g., a low-privileged attacker can access the restricted tabs for the Admin group via "isadmin":true. | |||||
| CVE-2025-30720 | 1 Oracle | 1 Configurator | 2025-06-27 | N/A | 6.1 MEDIUM |
| Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Configurator accessible data as well as unauthorized read access to a subset of Oracle Configurator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||