Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 253/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-32932(opens NVD record) | Medium | 6.5 | An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests | Aug 12, 2025 |
| CVE-2025-32766(opens NVD record) | Medium | 6.4 | A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via crafted CLI commands | Aug 12, 2025 |
| CVE-2025-27759(opens NVD record) | Medium | 6.7 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10 and before 7.0.10 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI commands | Aug 12, 2025 |
| CVE-2025-25256(opens NVD record) | Critical | 9.8 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests. | Aug 12, 2025 |
| CVE-2025-25248(opens NVD record) | Medium | 5.3 | An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests. | Aug 12, 2025 |
| CVE-2024-52964(opens NVD record) | Medium | 5.5 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and below 7.0.13 & FortiManager Cloud version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5 and before 7.2.9 allows an authenticated remote attacker to overwrite arbitrary files via FGFM crafted requests. | Aug 12, 2025 |
| CVE-2024-48892(opens NVD record) | Medium | 6.8 | A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack. | Aug 12, 2025 |
| CVE-2024-40588(opens NVD record) | Medium | 4.4 | Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 all versions, FortiMail 6.4 all versions, FortiNDR 7.6.0 through 7.6.1, FortiNDR 7.4.0 through 7.4.6, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiRecorder 7.2.0 through 7.2.1, FortiRecorder 7.0.0 through 7.0.4, FortiRecorder 6.4 all versions, FortiVoice 7.0.0 through 7.0.3, FortiVoice 6.4.0 through 6.4.9, FortiVoice 6.0 all versions may allow a privileged attacker to read files from the underlying filesystem via crafted CLI requests. | Aug 12, 2025 |
| CVE-2024-26009(opens NVD record) | High | 8.1 | An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProxy 7.2.0 through 7.2.8, FortiProxy 7.0.0 through 7.0.15, FortiSwitchManager 7.2.0 through 7.2.3, FortiSwitchManager 7.0.0 through 7.0.3 allows an unauthenticated attacker to seize control of a managed device via crafted FGFM requests, if the device is managed by a FortiManager, and if the attacker knows that FortiManager's serial number. | Aug 12, 2025 |
| CVE-2023-45584(opens NVD record) | Medium | 6.6 | A double free vulnerability [CWE-415] vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiPAM 1.1 all versions, FortiPAM 1.0 all versions, FortiProxy 7.4.0 through 7.4.1, FortiProxy 7.2.0 through 7.2.7, FortiProxy 7.0.0 through 7.0.13 allows a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. | Aug 12, 2025 |
| CVE-2025-53793(opens NVD record) | High | 7.5 | Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. | Aug 12, 2025 |
| CVE-2025-53789(opens NVD record) | High | 7.8 | Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53788(opens NVD record) | High | 7.0 | Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53784(opens NVD record) | High | 8.4 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53783(opens NVD record) | High | 7.5 | Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network. | Aug 12, 2025 |
| CVE-2025-53781(opens NVD record) | High | 7.7 | Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. | Aug 12, 2025 |
| CVE-2025-53779(opens NVD record) | High | 7.2 | Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | Aug 12, 2025 |
| CVE-2025-53778(opens NVD record) | High | 8.8 | Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. | Aug 12, 2025 |
| CVE-2025-53773(opens NVD record) | High | 7.8 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53772(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. | Aug 12, 2025 |
| CVE-2025-53769(opens NVD record) | Medium | 5.5 | External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. | Aug 12, 2025 |
| CVE-2025-53766(opens NVD record) | Critical | 9.8 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. | Aug 12, 2025 |
| CVE-2025-53765(opens NVD record) | Medium | 4.4 | Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. | Aug 12, 2025 |
| CVE-2025-53761(opens NVD record) | High | 7.8 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53760(opens NVD record) | High | 7.1 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | Aug 12, 2025 |
| CVE-2025-53759(opens NVD record) | High | 7.8 | Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53741(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53740(opens NVD record) | High | 8.4 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53739(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53738(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53737(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53736(opens NVD record) | Medium | 6.8 | Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | Aug 12, 2025 |
| CVE-2025-53735(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53734(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53733(opens NVD record) | High | 8.4 | Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53732(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53731(opens NVD record) | High | 8.4 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53730(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. | Aug 12, 2025 |
| CVE-2025-53729(opens NVD record) | High | 7.8 | Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53728(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. | Aug 12, 2025 |
| CVE-2025-53727(opens NVD record) | High | 8.8 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | Aug 12, 2025 |
| CVE-2025-53726(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53725(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53724(opens NVD record) | High | 7.8 | Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53723(opens NVD record) | High | 7.8 | Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53722(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network. | Aug 12, 2025 |
| CVE-2025-53721(opens NVD record) | High | 7.0 | Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |
| CVE-2025-53720(opens NVD record) | High | 8.0 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network. | Aug 12, 2025 |
| CVE-2025-53719(opens NVD record) | Medium | 5.7 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. | Aug 12, 2025 |
| CVE-2025-53718(opens NVD record) | High | 7.0 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | Aug 12, 2025 |