Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,609 matching · page 275/1633Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-32713(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | Jun 10, 2025 |
| CVE-2025-32712(opens NVD record) | High | 7.8 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | Jun 10, 2025 |
| CVE-2025-32710(opens NVD record) | High | 8.1 | Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | Jun 10, 2025 |
| CVE-2025-31104(opens NVD record) | High | 7.2 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0 through 7.1.4, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated attacker to execute unauthorized code via crafted HTTP requests. | Jun 10, 2025 |
| CVE-2025-30321(opens NVD record) | Medium | 5.5 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-30317(opens NVD record) | High | 7.8 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 10, 2025 |
| CVE-2025-29828(opens NVD record) | High | 8.1 | Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | Jun 10, 2025 |
| CVE-2025-25250(opens NVD record) | Medium | 4.3 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions, FortiSASE 25.1.c may allow an authenticated user to access full SSL-VPN settings via crafted URL. | Jun 10, 2025 |
| CVE-2025-24471(opens NVD record) | Medium | 6.5 | An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. | Jun 10, 2025 |
| CVE-2025-24069(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | Jun 10, 2025 |
| CVE-2025-24068(opens NVD record) | Medium | 5.5 | Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | Jun 10, 2025 |
| CVE-2025-24065(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. | Jun 10, 2025 |
| CVE-2025-22256(opens NVD record) | Medium | 6.3 | A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests | Jun 10, 2025 |
| CVE-2025-22254(opens NVD record) | Medium | 6.6 | An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module. | Jun 10, 2025 |
| CVE-2025-22251(opens NVD record) | Low | 3.1 | An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to inject unauthorized sessions via crafted FGSP session synchronization packets. | Jun 10, 2025 |
| CVE-2024-54019(opens NVD record) | Medium | 4.8 | A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection. | Jun 10, 2025 |
| CVE-2024-50568(opens NVD record) | Medium | 5.9 | A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through 7.2.9 and before 7.0.16 allows an unauthenticated attacker with the knowledge of device specific data to spoof the identity of a downstream device of the security fabric via crafted TCP requests. | Jun 10, 2025 |
| CVE-2024-50562(opens NVD record) | Medium | 4.8 | An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an attacker in possession of a cookie used to log in the SSL-VPN portal to log in again, although the session has expired or was logged out. | Jun 10, 2025 |
| CVE-2024-45329(opens NVD record) | Medium | 4.3 | A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification in API requests. | Jun 10, 2025 |
| CVE-2024-32119(opens NVD record) | Medium | 4.8 | An improper authentication vulnerability [CWE-287] in Fortinet FortiClientEMS version 7.4.0 and before 7.2.4 allows an unauthenticated attacker with the knowledge of the targeted user's FCTUID and VDOM to perform operations such as uploading or tagging on behalf of the targeted user via specially crafted TCP requests. | Jun 10, 2025 |
| CVE-2023-48786(opens NVD record) | Medium | 4.3 | A server-side request forgery vulnerability [CWE-918] in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests. | Jun 10, 2025 |
| CVE-2023-29184(opens NVD record) | Low | 3.2 | An incomplete cleanup vulnerability [CWE-459] in FortiOS 7.2 all versions and before & FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 allows a VDOM privileged attacker to add SSH key files on the system silently via crafted CLI requests. | Jun 10, 2025 |
| CVE-2025-5353(opens NVD record) | High | 8.8 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. | Jun 10, 2025 |
| CVE-2025-26395(opens NVD record) | High | 7.1 | SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-level account and user interaction is required. | Jun 10, 2025 |
| CVE-2025-26394(opens NVD record) | Medium | 4.8 | SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required. | Jun 10, 2025 |
| CVE-2025-22463(opens NVD record) | High | 7.3 | A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password. | Jun 10, 2025 |
| CVE-2025-22455(opens NVD record) | High | 8.8 | A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. | Jun 10, 2025 |
| CVE-2025-5918(opens NVD record) | Low | 3.9 | A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition. | Jun 9, 2025 |
| CVE-2025-5917(opens NVD record) | Low | 2.8 | A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0. | Jun 9, 2025 |
| CVE-2025-5916(opens NVD record) | Low | 3.9 | A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0. | Jun 9, 2025 |
| CVE-2025-5915(opens NVD record) | Medium | 6.6 | A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions. | Jun 9, 2025 |
| CVE-2025-5914(opens NVD record) | High | 7.8 | A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | Jun 9, 2025 |
| CVE-2025-46041(opens NVD record) | Medium | 5.4 | A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add). | Jun 9, 2025 |
| CVE-2025-41444(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. | Jun 9, 2025 |
| CVE-2025-3835(opens NVD record) | Critical | 9.6 | Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. | Jun 9, 2025 |
| CVE-2025-36528(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | Jun 9, 2025 |
| CVE-2025-27709(opens NVD record) | High | 8.3 | Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | Jun 9, 2025 |
| CVE-2025-47712(opens NVD record) | Medium | 6.5 | A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service. | Jun 9, 2025 |
| CVE-2025-47711(opens NVD record) | Medium | 6.5 | There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service. | Jun 9, 2025 |
| CVE-2025-5480(opens NVD record) | High | 7.8 | Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-26767. | Jun 6, 2025 |
| CVE-2025-48911(opens NVD record) | High | 8.2 | Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |
| CVE-2025-48910(opens NVD record) | Medium | 5.5 | Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |
| CVE-2025-48909(opens NVD record) | High | 7.1 | Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jun 6, 2025 |
| CVE-2025-48908(opens NVD record) | Medium | 6.7 | Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |
| CVE-2025-48907(opens NVD record) | Medium | 6.2 | Deserialization vulnerability in the IPC module Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |
| CVE-2025-48906(opens NVD record) | High | 8.8 | Authentication bypass vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |
| CVE-2025-48905(opens NVD record) | High | 8.1 | Wasm exception capture vulnerability in the arkweb v8 module Impact: Successful exploitation of this vulnerability may cause the failure to capture specific Wasm exception types. | Jun 6, 2025 |
| CVE-2025-48904(opens NVD record) | Medium | 4.4 | Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |
| CVE-2025-48903(opens NVD record) | High | 7.8 | Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |
| CVE-2025-48902(opens NVD record) | Medium | 6.6 | Vulnerability of uncontrolled system resource applications in the setting module Impact: Successful exploitation of this vulnerability may affect availability. | Jun 6, 2025 |