Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,278 matching · page 233/686Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-55328(opens NVD record) | High | 7.8 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-55326(opens NVD record) | High | 7.5 | Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network. | Oct 14, 2025 |
| CVE-2025-55325(opens NVD record) | Medium | 5.5 | Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | Oct 14, 2025 |
| CVE-2025-55320(opens NVD record) | Medium | 6.8 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | Oct 14, 2025 |
| CVE-2025-55315(opens NVD record) | Critical | 9.9 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. | Oct 14, 2025 |
| CVE-2025-55248(opens NVD record) | Medium | 4.8 | Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. | Oct 14, 2025 |
| CVE-2025-55247(opens NVD record) | High | 7.3 | Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-55240(opens NVD record) | High | 7.3 | Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-53782(opens NVD record) | High | 8.4 | Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-53768(opens NVD record) | High | 7.8 | Use after free in Xbox allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-53717(opens NVD record) | High | 7.0 | Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-53150(opens NVD record) | High | 7.8 | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-53139(opens NVD record) | High | 7.7 | Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally. | Oct 14, 2025 |
| CVE-2025-50175(opens NVD record) | High | 7.8 | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-50174(opens NVD record) | High | 7.0 | Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-50152(opens NVD record) | High | 7.8 | Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-49708(opens NVD record) | Critical | 9.9 | Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network. | Oct 14, 2025 |
| CVE-2025-48813(opens NVD record) | Medium | 6.3 | Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally. | Oct 14, 2025 |
| CVE-2025-48004(opens NVD record) | High | 7.4 | Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-47989(opens NVD record) | High | 7.0 | Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-47979(opens NVD record) | Medium | 5.5 | Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally. | Oct 14, 2025 |
| CVE-2025-37145(opens NVD record) | Medium | 4.9 | Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | Oct 14, 2025 |
| CVE-2025-37144(opens NVD record) | Medium | 4.9 | Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | Oct 14, 2025 |
| CVE-2025-37143(opens NVD record) | Medium | 4.9 | An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits. | Oct 14, 2025 |
| CVE-2025-37142(opens NVD record) | Medium | 4.9 | Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | Oct 14, 2025 |
| CVE-2025-37141(opens NVD record) | Medium | 4.9 | Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | Oct 14, 2025 |
| CVE-2025-37140(opens NVD record) | Medium | 4.9 | Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits. | Oct 14, 2025 |
| CVE-2025-37138(opens NVD record) | Medium | 6.2 | An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system. | Oct 14, 2025 |
| CVE-2025-37137(opens NVD record) | Medium | 6.5 | Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | Oct 14, 2025 |
| CVE-2025-37136(opens NVD record) | Medium | 6.5 | Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | Oct 14, 2025 |
| CVE-2025-37135(opens NVD record) | Medium | 6.5 | Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. | Oct 14, 2025 |
| CVE-2025-37134(opens NVD record) | High | 7.2 | An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | Oct 14, 2025 |
| CVE-2025-37133(opens NVD record) | High | 7.2 | An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. | Oct 14, 2025 |
| CVE-2025-37132(opens NVD record) | High | 7.2 | An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system. | Oct 14, 2025 |
| CVE-2025-25004(opens NVD record) | High | 7.3 | Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | Oct 14, 2025 |
| CVE-2025-24990(opens NVD record) | High | 7.8 | Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | Oct 14, 2025 |
| CVE-2025-24052(opens NVD record) | High | 7.8 | Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware. | Oct 14, 2025 |
| CVE-2025-59921(opens NVD record) | Medium | 6.5 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests. | Oct 14, 2025 |
| CVE-2025-58903(opens NVD record) | Low | 2.7 | An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request. | Oct 14, 2025 |
| CVE-2025-58325(opens NVD record) | High | 8.2 | An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenticated attacker to execute system commands via crafted CLI commands. | Oct 14, 2025 |
| CVE-2025-58324(opens NVD record) | Medium | 6.4 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests. | Oct 14, 2025 |
| CVE-2025-57741(opens NVD record) | High | 7.8 | An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking. | Oct 14, 2025 |
| CVE-2025-57740(opens NVD record) | High | 7.5 | An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests. | Oct 14, 2025 |
| CVE-2025-57716(opens NVD record) | Medium | 6.7 | An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder. | Oct 14, 2025 |
| CVE-2025-54973(opens NVD record) | Medium | 5.3 | A concurrent execution using shared resource with improper synchronization ('Race Condition') vulnerability [CWE-362] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10 and before 7.0.13 allows an attacker to attempt to win a race condition to bypass the FortiCloud SSO authorization via crafted FortiCloud SSO requests. | Oct 14, 2025 |
| CVE-2025-54822(opens NVD record) | Medium | 4.3 | An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests. | Oct 14, 2025 |
| CVE-2025-53845(opens NVD record) | Medium | 6.5 | An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests. | Oct 14, 2025 |
| CVE-2025-49201(opens NVD record) | High | 8.1 | A weak authentication vulnerability in Fortinet FortiPAM 1.5.0, FortiPAM 1.4.0 through 1.4.2, FortiPAM 1.3 all versions, FortiPAM 1.2 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiSwitchManager 7.2.0 through 7.2.4 allows attacker to execute unauthorized code or commands via specially crafted http requests | Oct 14, 2025 |
| CVE-2025-47890(opens NVD record) | Low | 2.6 | An URL Redirection to Untrusted Site vulnerabilities [CWE-601] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4 all versions, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiSASE 25.2.a may allow an unauthenticated attacker to perform an open redirect attack via crafted HTTP requests. | Oct 14, 2025 |
| CVE-2025-46774(opens NVD record) | High | 7.5 | An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables. | Oct 14, 2025 |