Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,609 matching · page 290/1633Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-26641(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in Windows Cryptographic Services allows an unauthorized attacker to deny service over a network. | Apr 8, 2025 |
| CVE-2025-26640(opens NVD record) | High | 7.0 | Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-26639(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-26637(opens NVD record) | Medium | 6.8 | Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | Apr 8, 2025 |
| CVE-2025-26635(opens NVD record) | Medium | 6.5 | Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. | Apr 8, 2025 |
| CVE-2025-26628(opens NVD record) | High | 7.3 | Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally. | Apr 8, 2025 |
| CVE-2025-25002(opens NVD record) | Medium | 6.8 | Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network. | Apr 8, 2025 |
| CVE-2025-24074(opens NVD record) | High | 7.8 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-24073(opens NVD record) | High | 7.8 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-24062(opens NVD record) | High | 7.8 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-24060(opens NVD record) | High | 7.8 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-24058(opens NVD record) | High | 7.8 | Improper input validation in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-21222(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | Apr 8, 2025 |
| CVE-2025-21221(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | Apr 8, 2025 |
| CVE-2025-21205(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network. | Apr 8, 2025 |
| CVE-2025-21204(opens NVD record) | High | 7.8 | Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-21203(opens NVD record) | Medium | 6.5 | Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. | Apr 8, 2025 |
| CVE-2025-21197(opens NVD record) | Medium | 6.5 | Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | Apr 8, 2025 |
| CVE-2025-21191(opens NVD record) | High | 7.0 | Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | Apr 8, 2025 |
| CVE-2025-21174(opens NVD record) | High | 7.5 | Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network. | Apr 8, 2025 |
| CVE-2025-27085(opens NVD record) | Medium | 4.9 | Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. | Apr 8, 2025 |
| CVE-2025-27084(opens NVD record) | Medium | 5.4 | A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface. | Apr 8, 2025 |
| CVE-2025-27083(opens NVD record) | High | 7.2 | Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system. | Apr 8, 2025 |
| CVE-2025-27082(opens NVD record) | High | 7.2 | Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system. | Apr 8, 2025 |
| CVE-2024-48887(opens NVD record) | Critical | 9.8 | A unverified password change vulnerability in Fortinet FortiSwitch GUI may allow a remote unauthenticated attacker to change admin passwords via a specially crafted request | Apr 8, 2025 |
| CVE-2025-1095(opens NVD record) | High | 8.8 | IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). The vulnerability allows any interactively logged in users on the target computer to run commands with full privileges in the context of NT AUTHORITY\SYSTEM. This allows for a low privileged attacker to escalate their privileges. This vulnerability is due to an incomplete fix for CVE-2024-25029. | Apr 8, 2025 |
| CVE-2025-22466(opens NVD record) | High | 8.2 | Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | Apr 8, 2025 |
| CVE-2025-22465(opens NVD record) | Medium | 6.1 | Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser. Unlikely user interaction is required. | Apr 8, 2025 |
| CVE-2025-22464(opens NVD record) | Medium | 6.1 | An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data into memory causing a denial-of-service condition. | Apr 8, 2025 |
| CVE-2025-22461(opens NVD record) | High | 7.2 | SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution. | Apr 8, 2025 |
| CVE-2025-22459(opens NVD record) | Medium | 4.8 | Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers. | Apr 8, 2025 |
| CVE-2025-22458(opens NVD record) | High | 7.8 | DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System. | Apr 8, 2025 |
| CVE-2025-25254(opens NVD record) | High | 7.2 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to access and modify the filesystem via crafted requests. | Apr 8, 2025 |
| CVE-2025-22855(opens NVD record) | Low | 2.7 | An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code. | Apr 8, 2025 |
| CVE-2024-54025(opens NVD record) | Medium | 6.7 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator CLI before version 2.4.6 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. | Apr 8, 2025 |
| CVE-2024-54024(opens NVD record) | High | 7.2 | An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests. | Apr 8, 2025 |
| CVE-2024-52962(opens NVD record) | Medium | 5.3 | An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.12 and below may allow an unauthenticated remote attacker to pollute the logs via crafted login requests. | Apr 8, 2025 |
| CVE-2024-50565(opens NVD record) | Low | 3.1 | A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15 and 2.0.0 through 2.0.14, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and 6.2.0 through 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2, 6.4.0 through 6.4.8 and 6.0.0 through 6.0.12 and Fortinet FortiWeb version 7.4.0 through 7.4.2, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10 allows an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device | Apr 8, 2025 |
| CVE-2024-46671(opens NVD record) | Medium | 6.2 | An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests. | Apr 8, 2025 |
| CVE-2024-32122(opens NVD record) | Low | 2.3 | A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server. | Apr 8, 2025 |
| CVE-2024-26013(opens NVD record) | High | 7.5 | A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9 and before 7.0.15, Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14 and before 6.2.13, Fortinet FortiVoice version 7.0.0 through 7.0.2 before 6.4.8 and Fortinet FortiWeb before 7.4.2 may allow an unauthenticated attacker in a man-in-the-middle position to impersonate the management device (FortiCloud server or/and in certain conditions, FortiManager), via intercepting the FGFM authentication request between the management device and the managed device | Apr 8, 2025 |
| CVE-2023-37930(opens NVD record) | High | 7.5 | Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially leading to code or commands execution via specifically crafted requests. | Apr 8, 2025 |
| CVE-2025-29986(opens NVD record) | High | 8.3 | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | Apr 8, 2025 |
| CVE-2025-29985(opens NVD record) | Medium | 6.5 | Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access. | Apr 8, 2025 |
| CVE-2025-22015(opens NVD record) | Medium | 5.5 | In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, folio->mapping should be NULL, and the folio is no longer in a shmem mapping. In __folio_migrate_mapping(), to determine the number of xarray entries to update, folio_test_swapbacked() is used, but that conflates shmem in page cache case and shmem in swap cache case. It leads to xarray multi-index entry corruption, since it turns a sibling entry to a normal entry during xas_store() (see [1] for a userspace reproduction). Fix it by only using folio_test_swapcache() to determine whether xarray is storing swap cache entries or not to choose the right number of xarray entries to update. [1] https://lore.kernel.org/linux-mm/Z8idPCkaJW1IChjT@casper.infradead.org/ Note: In __split_huge_page(), folio_test_anon() && folio_test_swapcache() is used to get swap_cache address space, but that ignores the shmem folio in swap cache case. It could lead to NULL pointer dereferencing when a in-swap-cache shmem folio is split at __xa_store(), since !folio_test_anon() is true and folio->mapping is NULL. But fortunately, its caller split_huge_page_to_list_to_order() bails out early with EBUSY when folio->mapping is NULL. So no need to take care of it here. | Apr 8, 2025 |
| CVE-2025-3248(opens NVD record) | Critical | 9.8 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | Apr 7, 2025 |
| CVE-2025-27686(opens NVD record) | Low | 2.7 | Dell Unisphere for PowerMax, version(s) prior to 10.2.0.9 and PowerMax version(s) prior to PowerMax 9.2.4.15, contain an Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | Apr 7, 2025 |
| CVE-2025-31175(opens NVD record) | High | 8.4 | Deserialization mismatch vulnerability in the DSoftBus module Impact: Successful exploitation of this vulnerability may affect service integrity. | Apr 7, 2025 |
| CVE-2025-31174(opens NVD record) | Medium | 6.8 | Path traversal vulnerability in the DFS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Apr 7, 2025 |
| CVE-2025-31173(opens NVD record) | High | 8.8 | Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Apr 7, 2025 |