Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 296/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-24992(opens NVD record) | Medium | 5.5 | Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. | Mar 11, 2025 |
| CVE-2025-24991(opens NVD record) | Medium | 5.5 | Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. | Mar 11, 2025 |
| CVE-2025-24988(opens NVD record) | Medium | 6.6 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | Mar 11, 2025 |
| CVE-2025-24987(opens NVD record) | Medium | 6.6 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack. | Mar 11, 2025 |
| CVE-2025-24986(opens NVD record) | Medium | 6.5 | Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network. | Mar 11, 2025 |
| CVE-2025-24985(opens NVD record) | High | 7.8 | Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24984(opens NVD record) | Medium | 4.6 | Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack. | Mar 11, 2025 |
| CVE-2025-24983(opens NVD record) | High | 7.0 | Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24084(opens NVD record) | High | 8.4 | Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24083(opens NVD record) | High | 7.8 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24082(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24081(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24080(opens NVD record) | High | 7.8 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24079(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24078(opens NVD record) | High | 7.0 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24077(opens NVD record) | High | 7.8 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24076(opens NVD record) | High | 7.3 | Improper access control in Windows Cross Device Service allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24075(opens NVD record) | High | 7.8 | Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24072(opens NVD record) | High | 7.8 | Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24071(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. | Mar 11, 2025 |
| CVE-2025-24070(opens NVD record) | High | 7.0 | Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | Mar 11, 2025 |
| CVE-2025-24067(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24066(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24064(opens NVD record) | High | 8.1 | Use after free in DNS Server allows an unauthorized attacker to execute code over a network. | Mar 11, 2025 |
| CVE-2025-24061(opens NVD record) | High | 7.8 | Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. | Mar 11, 2025 |
| CVE-2025-24059(opens NVD record) | High | 7.8 | Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24057(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2025-24056(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network. | Mar 11, 2025 |
| CVE-2025-24055(opens NVD record) | Medium | 4.3 | Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack. | Mar 11, 2025 |
| CVE-2025-24054(opens NVD record) | Medium | 6.5 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | Mar 11, 2025 |
| CVE-2025-24051(opens NVD record) | High | 8.8 | Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | Mar 11, 2025 |
| CVE-2025-24050(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24049(opens NVD record) | High | 8.4 | Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24048(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24046(opens NVD record) | High | 7.8 | Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24045(opens NVD record) | High | 8.1 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | Mar 11, 2025 |
| CVE-2025-24044(opens NVD record) | High | 7.8 | Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-24043(opens NVD record) | High | 7.5 | Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network. | Mar 11, 2025 |
| CVE-2025-24035(opens NVD record) | High | 8.1 | Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. | Mar 11, 2025 |
| CVE-2025-21247(opens NVD record) | Medium | 4.3 | Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | Mar 11, 2025 |
| CVE-2025-21199(opens NVD record) | Medium | 6.7 | Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | Mar 11, 2025 |
| CVE-2025-21180(opens NVD record) | High | 7.8 | Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. | Mar 11, 2025 |
| CVE-2024-56338(opens NVD record) | Medium | 4.8 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Mar 11, 2025 |
| CVE-2025-22454(opens NVD record) | High | 7.8 | Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | Mar 11, 2025 |
| CVE-2024-55597(opens NVD record) | Medium | 5.5 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiWeb versions 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via crafted requests. | Mar 11, 2025 |
| CVE-2024-55592(opens NVD record) | Low | 3.8 | An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests. | Mar 11, 2025 |
| CVE-2024-55590(opens NVD record) | High | 8.8 | Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiIsolator version 2.4.0 through 2.4.5 allows an authenticated attacker with at least read-only admin permission and CLI access to execute unauthorized code via specifically crafted CLI commands. | Mar 11, 2025 |
| CVE-2024-54026(opens NVD record) | Medium | 4.3 | An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | Mar 11, 2025 |
| CVE-2024-54018(opens NVD record) | High | 7.2 | Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. | Mar 11, 2025 |
| CVE-2024-52961(opens NVD record) | High | 8.8 | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | Mar 11, 2025 |