Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,609 matching · page 280/1633Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-29973(opens NVD record) | High | 7.0 | Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-29971(opens NVD record) | High | 7.5 | Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. | May 13, 2025 |
| CVE-2025-29970(opens NVD record) | High | 7.8 | Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-29969(opens NVD record) | High | 7.5 | Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29968(opens NVD record) | Medium | 6.5 | Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network. | May 13, 2025 |
| CVE-2025-29967(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29966(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29964(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29963(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29962(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29961(opens NVD record) | Medium | 6.5 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29960(opens NVD record) | Medium | 6.5 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29959(opens NVD record) | Medium | 6.5 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29958(opens NVD record) | Medium | 6.5 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29957(opens NVD record) | Medium | 6.2 | Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. | May 13, 2025 |
| CVE-2025-29956(opens NVD record) | Medium | 5.4 | Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29955(opens NVD record) | Medium | 6.2 | Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally. | May 13, 2025 |
| CVE-2025-29954(opens NVD record) | Medium | 5.9 | Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. | May 13, 2025 |
| CVE-2025-29842(opens NVD record) | High | 7.5 | Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. | May 13, 2025 |
| CVE-2025-29841(opens NVD record) | High | 7.0 | Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-29840(opens NVD record) | High | 8.8 | Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29839(opens NVD record) | Medium | 4.0 | Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. | May 13, 2025 |
| CVE-2025-29838(opens NVD record) | High | 7.4 | Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-29837(opens NVD record) | Medium | 5.5 | Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally. | May 13, 2025 |
| CVE-2025-29836(opens NVD record) | Medium | 6.5 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29835(opens NVD record) | Medium | 6.5 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29833(opens NVD record) | High | 7.7 | Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. | May 13, 2025 |
| CVE-2025-29832(opens NVD record) | Medium | 6.5 | Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29831(opens NVD record) | High | 7.5 | Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. | May 13, 2025 |
| CVE-2025-29830(opens NVD record) | Medium | 6.5 | Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | May 13, 2025 |
| CVE-2025-29829(opens NVD record) | Medium | 5.5 | Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally. | May 13, 2025 |
| CVE-2025-29826(opens NVD record) | High | 7.3 | Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | May 13, 2025 |
| CVE-2025-27488(opens NVD record) | Medium | 6.7 | Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-27468(opens NVD record) | High | 7.0 | Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-26685(opens NVD record) | Medium | 6.5 | Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. | May 13, 2025 |
| CVE-2025-26684(opens NVD record) | Medium | 6.7 | External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-26677(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. | May 13, 2025 |
| CVE-2025-24063(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | May 13, 2025 |
| CVE-2025-21264(opens NVD record) | High | 7.1 | Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | May 13, 2025 |
| CVE-2025-4428(opens NVD record) | High | 7.2 | Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. | May 13, 2025 |
| CVE-2025-4427(opens NVD record) | Medium | 5.3 | An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. | May 13, 2025 |
| CVE-2025-22462(opens NVD record) | Critical | 9.8 | An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. | May 13, 2025 |
| CVE-2025-32756(opens NVD record) | Critical | 9.8 | A stack-based buffer overflow vulnerability [CWE-121] vulnerability in Fortinet FortiCamera 2.1.0 through 2.1.3, FortiCamera 2.0 all versions, FortiCamera 1.1 all versions, FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.0.0 through 7.0.8, FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.7, FortiNDR 7.2.0 through 7.2.4, FortiNDR 7.0.0 through 7.0.6, FortiRecorder 7.2.0 through 7.2.3, FortiRecorder 7.0.0 through 7.0.5, FortiRecorder 6.4.0 through 6.4.5, FortiVoice 7.2.0, FortiVoice 7.0.0 through 7.0.6, FortiVoice 6.4.0 through 6.4.10 allows a remote unauthenticated attacker to execute arbitrary code or commands via sending HTTP requests with specially crafted hash cookie. | May 13, 2025 |
| CVE-2025-22859(opens NVD record) | Medium | 5.3 | A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file write on the system via upload requests. | May 13, 2025 |
| CVE-2025-22460(opens NVD record) | High | 7.8 | Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. | May 13, 2025 |
| CVE-2024-35281(opens NVD record) | Low | 2.5 | An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables. | May 13, 2025 |
| CVE-2025-22248(opens NVD record) | High | 7.5 | The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart. | May 13, 2025 |
| CVE-2025-22249(opens NVD record) | High | 8.2 | VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL. | May 13, 2025 |
| CVE-2025-35471(opens NVD record) | High | 7.3 | conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected. | May 13, 2025 |
| CVE-2025-31223(opens NVD record) | High | 8.0 | The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption. | May 12, 2025 |