Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 59,256 (capped at 500)
| CVE ID | Severity | Patch | CVSS | Published ↑ | Description |
|---|---|---|---|---|---|
| CVE-2024-43706 | HIGH | Patched | 7.6 | 2025-06-10 | Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint. |
| CVE-2024-45329 | MEDIUM | Patched | 4.3 | 2025-06-10 | A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authe… |
| CVE-2024-50562 | MEDIUM | Patched | 4.8 | 2025-06-10 | An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all ve… |
| CVE-2024-50568 | MEDIUM | Patched | 5.9 | 2025-06-10 | A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4… |
| CVE-2024-54019 | MEDIUM | Patched | 4.8 | 2025-06-10 | A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthoriz… |
| CVE-2024-57186 | MEDIUM | Patched | 5.4 | 2025-06-10 | In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path Traversal vulnerability in the /read-file endpoint handler. |
| CVE-2024-57189 | MEDIUM | Patched | 5.4 | 2025-06-10 | In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path Traversal vulnerability in the importHistoriesCreate GraphQL mutation handler. |
| CVE-2024-57190 | CRITICAL | Patched | 9.8 | 2025-06-10 | Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by providing a "User" HTTP header that contains any user, allowing them to tal… |
| CVE-2025-22251 | LOW | Patched | 3.1 | 2025-06-10 | An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.… |
| CVE-2025-22254 | MEDIUM | Patched | 6.6 | 2025-06-10 | An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, F… |
| CVE-2025-22256 | MEDIUM | Patched | 6.3 | 2025-06-10 | A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4… |
| CVE-2025-24065 | MEDIUM | Patched | 5.5 | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| CVE-2025-24068 | MEDIUM | Patched | 5.5 | 2025-06-10 | Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| CVE-2025-24069 | MEDIUM | Patched | 5.5 | 2025-06-10 | Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally. |
| CVE-2025-24471 | MEDIUM | Patched | 6.5 | 2025-06-10 | An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from… |
| CVE-2025-25250 | MEDIUM | Patched | 4.3 | 2025-06-10 | An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions,… |
| CVE-2025-29828 | HIGH | Patched | 8.1 | 2025-06-10 | Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. |
| CVE-2025-30317 | HIGH | Patched | 7.8 | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the conte… |
| CVE-2025-30321 | MEDIUM | Patched | 5.5 | 2025-06-10 | InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacke… |
| CVE-2025-31104 | HIGH | Patched | 7.2 | 2025-06-10 | An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7… |
| CVE-2025-32710 | HIGH | Patched | 8.1 | 2025-06-10 | Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. |
| CVE-2025-32712 | HIGH | Patched | 7.8 | 2025-06-10 | Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
| CVE-2025-32713 | HIGH | Patched | 7.8 | 2025-06-10 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| CVE-2025-32714 | HIGH | Patched | 7.8 | 2025-06-10 | Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. |
| CVE-2025-32715 | MEDIUM | Patched | 6.5 | 2025-06-10 | Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. |