Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
12,825 matching · page 230/257Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-61798(opens NVD record) | High | 7.8 | Dimension versions 4.1.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Oct 14, 2025 |
| CVE-2025-54284(opens NVD record) | High | 7.8 | Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Oct 14, 2025 |
| CVE-2025-54283(opens NVD record) | High | 7.8 | Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Oct 14, 2025 |
| CVE-2025-54282(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Oct 14, 2025 |
| CVE-2025-54281(opens NVD record) | High | 7.8 | Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Oct 14, 2025 |
| CVE-2025-34267(opens NVD record) | Critical | 9.9 | Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An authenticated attacker able to create or run a tool that leverages Puppeteer/Playwright can specify attacker-controlled browser binary paths and parameters. When the tool executes, the attacker-controlled executable/parameters are run on the host and circumvent the intended nodevm sandbox restrictions, resulting in execution of arbitrary code in the context of the host. This vulnerability was incorrectly assigned as a duplicate CVE-2025-26319 by the developers and should be considered distinct from that identifier. | Oct 14, 2025 |
| CVE-2025-60535(opens NVD record) | High | 7.3 | A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request. | Oct 14, 2025 |
| CVE-2025-59502(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network. | Oct 14, 2025 |
| CVE-2025-59497(opens NVD record) | High | 7.0 | Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. | Oct 14, 2025 |
| CVE-2025-59494(opens NVD record) | High | 7.8 | Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59295(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. | Oct 14, 2025 |
| CVE-2025-59294(opens NVD record) | Low | 2.1 | Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack. | Oct 14, 2025 |
| CVE-2025-59292(opens NVD record) | High | 8.2 | External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59291(opens NVD record) | High | 8.2 | External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59290(opens NVD record) | High | 7.8 | Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59289(opens NVD record) | High | 7.0 | Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59288(opens NVD record) | Medium | 5.3 | Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network. | Oct 14, 2025 |
| CVE-2025-59287(opens NVD record) | Critical | 9.8 | Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. | Oct 14, 2025 |
| CVE-2025-59285(opens NVD record) | High | 7.0 | Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59284(opens NVD record) | Low | 3.3 | Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | Oct 14, 2025 |
| CVE-2025-59282(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally. | Oct 14, 2025 |
| CVE-2025-59281(opens NVD record) | High | 7.8 | Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59280(opens NVD record) | Low | 3.1 | Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network. | Oct 14, 2025 |
| CVE-2025-59278(opens NVD record) | High | 7.8 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59277(opens NVD record) | High | 7.8 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59275(opens NVD record) | High | 7.8 | Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59261(opens NVD record) | High | 7.0 | Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59260(opens NVD record) | Medium | 5.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally. | Oct 14, 2025 |
| CVE-2025-59259(opens NVD record) | Medium | 6.5 | Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | Oct 14, 2025 |
| CVE-2025-59258(opens NVD record) | Medium | 6.2 | Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally. | Oct 14, 2025 |
| CVE-2025-59257(opens NVD record) | Medium | 6.5 | Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network. | Oct 14, 2025 |
| CVE-2025-59255(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59254(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59253(opens NVD record) | Medium | 5.5 | Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | Oct 14, 2025 |
| CVE-2025-59250(opens NVD record) | High | 8.1 | Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network. | Oct 14, 2025 |
| CVE-2025-59249(opens NVD record) | High | 8.8 | Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network. | Oct 14, 2025 |
| CVE-2025-59248(opens NVD record) | High | 7.5 | Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | Oct 14, 2025 |
| CVE-2025-59244(opens NVD record) | Medium | 6.5 | External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network. | Oct 14, 2025 |
| CVE-2025-59243(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Oct 14, 2025 |
| CVE-2025-59242(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59241(opens NVD record) | High | 7.8 | Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-59238(opens NVD record) | High | 7.8 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | Oct 14, 2025 |
| CVE-2025-59237(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Oct 14, 2025 |
| CVE-2025-59236(opens NVD record) | High | 8.4 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Oct 14, 2025 |
| CVE-2025-59235(opens NVD record) | High | 7.1 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | Oct 14, 2025 |
| CVE-2025-59234(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Oct 14, 2025 |
| CVE-2025-59233(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Oct 14, 2025 |
| CVE-2025-59232(opens NVD record) | High | 7.1 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | Oct 14, 2025 |
| CVE-2025-59231(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Oct 14, 2025 |
| CVE-2025-59230(opens NVD record) | High | 7.8 | Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |