Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
31,416 matching · page 165/629Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-59511(opens NVD record) | High | 7.8 | External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-59510(opens NVD record) | Medium | 5.5 | Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally. | Nov 11, 2025 |
| CVE-2025-59509(opens NVD record) | Medium | 5.5 | Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. | Nov 11, 2025 |
| CVE-2025-59508(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-59507(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-59506(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-59505(opens NVD record) | High | 7.8 | Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-59504(opens NVD record) | High | 7.3 | Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally. | Nov 11, 2025 |
| CVE-2025-59499(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | Nov 11, 2025 |
| CVE-2025-59240(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | Nov 11, 2025 |
| CVE-2025-47179(opens NVD record) | Medium | 6.7 | Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally. | Nov 11, 2025 |
| CVE-2025-30398(opens NVD record) | High | 8.1 | Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network. | Nov 11, 2025 |
| CVE-2025-61832(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61824(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61818(opens NVD record) | High | 7.8 | InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61817(opens NVD record) | High | 7.8 | InCopy versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61816(opens NVD record) | High | 7.8 | InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61815(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-61814(opens NVD record) | High | 7.8 | InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 11, 2025 |
| CVE-2025-33202(opens NVD record) | Medium | 6.5 | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack overflow by sending extra-large payloads. A successful exploit of this vulnerability might lead to denial of service. | Nov 11, 2025 |
| CVE-2025-33178(opens NVD record) | High | 7.8 | NVIDIA NeMo Framework for all platforms contains a vulnerability in the bert services component where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to Code execution, Escalation of privileges, Information disclosure, and Data tampering. | Nov 11, 2025 |
| CVE-2025-23361(opens NVD record) | High | 7.8 | NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | Nov 11, 2025 |
| CVE-2025-13032(opens NVD record) | Critical | 9.9 | Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3 on windows allows local attacker to escalate privelages via pool overflow. | Nov 11, 2025 |
| CVE-2025-10918(opens NVD record) | High | 7.1 | Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk | Nov 11, 2025 |
| CVE-2025-7633(opens NVD record) | High | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. | Nov 11, 2025 |
| CVE-2025-7632(opens NVD record) | High | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. | Nov 11, 2025 |
| CVE-2025-7430(opens NVD record) | High | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. | Nov 11, 2025 |
| CVE-2025-7429(opens NVD record) | High | 7.3 | Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report. | Nov 11, 2025 |
| CVE-2025-63397(opens NVD record) | Medium | 6.5 | Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion. | Nov 10, 2025 |
| CVE-2025-33150(opens NVD record) | Medium | 5.3 | IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages. | Nov 10, 2025 |
| CVE-2025-12728(opens NVD record) | Medium | 4.2 | Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Nov 10, 2025 |
| CVE-2025-12727(opens NVD record) | High | 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12726(opens NVD record) | High | 7.5 | Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12725(opens NVD record) | High | 8.8 | Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12446(opens NVD record) | Medium | 4.2 | Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low) | Nov 10, 2025 |
| CVE-2025-12445(opens NVD record) | Medium | 6.5 | Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) | Nov 10, 2025 |
| CVE-2025-12444(opens NVD record) | Medium | 4.2 | Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Nov 10, 2025 |
| CVE-2025-12443(opens NVD record) | Medium | 4.3 | Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | Nov 10, 2025 |
| CVE-2025-12441(opens NVD record) | Medium | 4.3 | Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | Nov 10, 2025 |
| CVE-2025-12440(opens NVD record) | Medium | 5.3 | Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Nov 10, 2025 |
| CVE-2025-12439(opens NVD record) | Medium | 5.5 | Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium) | Nov 10, 2025 |
| CVE-2025-12437(opens NVD record) | High | 7.5 | Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Nov 10, 2025 |
| CVE-2025-12436(opens NVD record) | Medium | 5.9 | Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium) | Nov 10, 2025 |
| CVE-2025-12434(opens NVD record) | Medium | 4.2 | Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Nov 10, 2025 |
| CVE-2025-12433(opens NVD record) | Medium | 4.3 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12432(opens NVD record) | High | 8.8 | Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12431(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12430(opens NVD record) | High | 7.5 | Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12429(opens NVD record) | High | 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |
| CVE-2025-12428(opens NVD record) | High | 8.8 | Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | Nov 10, 2025 |