Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
12,825 matching · page 212/257Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-62571(opens NVD record) | High | 7.8 | Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62570(opens NVD record) | High | 7.1 | Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally. | Dec 9, 2025 |
| CVE-2025-62569(opens NVD record) | High | 7.0 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62567(opens NVD record) | Medium | 5.3 | Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network. | Dec 9, 2025 |
| CVE-2025-62565(opens NVD record) | High | 7.3 | Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62564(opens NVD record) | High | 7.8 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62563(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62562(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62561(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62560(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62559(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62558(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62557(opens NVD record) | High | 8.4 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62556(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62555(opens NVD record) | High | 7.0 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62554(opens NVD record) | High | 8.4 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62553(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62552(opens NVD record) | High | 7.8 | Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally. | Dec 9, 2025 |
| CVE-2025-62550(opens NVD record) | High | 8.8 | Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network. | Dec 9, 2025 |
| CVE-2025-62549(opens NVD record) | High | 8.8 | Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | Dec 9, 2025 |
| CVE-2025-62474(opens NVD record) | High | 7.8 | Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62473(opens NVD record) | Medium | 6.5 | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | Dec 9, 2025 |
| CVE-2025-62472(opens NVD record) | High | 7.8 | Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62470(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62469(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62468(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally. | Dec 9, 2025 |
| CVE-2025-62467(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62466(opens NVD record) | High | 7.8 | Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62465(opens NVD record) | Medium | 6.5 | Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally. | Dec 9, 2025 |
| CVE-2025-62464(opens NVD record) | High | 7.8 | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62463(opens NVD record) | Medium | 6.5 | Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally. | Dec 9, 2025 |
| CVE-2025-62462(opens NVD record) | High | 7.8 | Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62461(opens NVD record) | High | 7.8 | Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62458(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62457(opens NVD record) | High | 7.8 | Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62456(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network. | Dec 9, 2025 |
| CVE-2025-62455(opens NVD record) | High | 7.8 | Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62454(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-62221(opens NVD record) | High | 7.8 | Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-61078(opens NVD record) | Medium | 6.1 | Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint. | Dec 9, 2025 |
| CVE-2025-60024(opens NVD record) | High | 8.8 | Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or HTTPS commands | Dec 9, 2025 |
| CVE-2025-59923(opens NVD record) | Low | 2.7 | An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests. | Dec 9, 2025 |
| CVE-2025-59810(opens NVD record) | Medium | 6.5 | An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow information disclosure to an authenticated attacker via crafted requests | Dec 9, 2025 |
| CVE-2025-59808(opens NVD record) | Medium | 6.8 | An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an attacker who has already gained access to a victim's user account to reset the account credentials without being prompted for the account's password | Dec 9, 2025 |
| CVE-2025-59719(opens NVD record) | Critical | 9.8 | An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | Dec 9, 2025 |
| CVE-2025-59718(opens NVD record) | Critical | 9.8 | A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0.0 through 7.0.21, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. | Dec 9, 2025 |
| CVE-2025-59517(opens NVD record) | High | 7.8 | Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-59516(opens NVD record) | High | 7.8 | Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |
| CVE-2025-57823(opens NVD record) | Low | 2.7 | A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints | Dec 9, 2025 |
| CVE-2025-55233(opens NVD record) | High | 7.8 | Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | Dec 9, 2025 |