CVE Database

111521+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2025-62473
6.5 MEDIUM

Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Dec 9, 2025
CVE-2025-62472
7.8 HIGH

Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62470
7.8 HIGH

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62469
7.0 HIGH

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62468
5.5 MEDIUM

Out-of-bounds read in Windows Defender Firewall Service allows an authorized attacker to disclose information locally.

Dec 9, 2025
CVE-2025-62467
7.8 HIGH

Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62466
7.8 HIGH

Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62465
6.5 MEDIUM

Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.

Dec 9, 2025
CVE-2025-62464
7.8 HIGH

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62463
6.5 MEDIUM

Null pointer dereference in Windows DirectX allows an authorized attacker to deny service locally.

Dec 9, 2025
CVE-2025-62462
7.8 HIGH

Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62461
7.8 HIGH

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62458
7.8 HIGH

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62457
7.8 HIGH

Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62456
8.8 HIGH

Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

Dec 9, 2025
CVE-2025-62455
7.8 HIGH

Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62454
7.8 HIGH

Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-62221
7.8 HIGH KEV

Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-61258
7.5 HIGH

Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates …

Dec 9, 2025
CVE-2025-61078
6.1 MEDIUM

Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter …

Dec 9, 2025
CVE-2025-60024
8.8 HIGH

Multiple Improper Limitations of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilities [CWE-22] vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 …

Dec 9, 2025
CVE-2025-59923
2.7 LOW

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow …

Dec 9, 2025
CVE-2025-59810
6.5 MEDIUM

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 …

Dec 9, 2025
CVE-2025-59808
6.8 MEDIUM

An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, FortiSOAR PaaS 7.4 all versions, FortiSOAR …

Dec 9, 2025
CVE-2025-59719
9.8 CRITICAL

An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to …

Dec 9, 2025
CVE-2025-59718
9.8 CRITICAL KEV

A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, …

Dec 9, 2025
CVE-2025-59517
7.8 HIGH

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-59516
7.8 HIGH

Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-57823
2.7 LOW

A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may …

Dec 9, 2025
CVE-2025-55233
7.8 HIGH

Out-of-bounds read in Windows Projected File System allows an authorized attacker to elevate privileges locally.

Dec 9, 2025
CVE-2025-54838
6.8 MEDIUM

An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.

Dec 9, 2025
CVE-2025-54353
5.4 MEDIUM

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox …

Dec 9, 2025
CVE-2025-54100
7.8 HIGH

Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.

Dec 9, 2025
CVE-2025-53949
7.2 HIGH

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 …

Dec 9, 2025
CVE-2025-53679
7.2 HIGH

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 …

Dec 9, 2025
CVE-2025-46637
7.3 HIGH

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A local malicious user could potentially exploit this …

Dec 9, 2025
CVE-2025-46636
6.6 MEDIUM

Dell Encryption, versions prior to 11.12.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could …

Dec 9, 2025
CVE-2025-34414

Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure …

Dec 9, 2025
CVE-2025-34413

Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, …

Dec 9, 2025
CVE-2025-34409
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized …

Dec 9, 2025
CVE-2025-34408
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized …

Dec 9, 2025
CVE-2025-34407
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when …

Dec 9, 2025
CVE-2025-34406
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized …

Dec 9, 2025
CVE-2025-34404
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the InstanceScope parameter of /Mondo/lang/sys/Forms/CAL/compose.aspx. The InstanceScope value is not properly sanitized …

Dec 9, 2025
CVE-2025-34403
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value is not properly sanitized …

Dec 9, 2025
CVE-2025-34402
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized …

Dec 9, 2025
CVE-2025-34401
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the FieldBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldBcc value is not properly sanitized …

Dec 9, 2025
CVE-2025-34400
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized …

Dec 9, 2025
CVE-2025-34399
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesCc value is not properly sanitized …

Dec 9, 2025
CVE-2025-34398
6.1 MEDIUM

MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the AddressesBcc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesBcc value is not properly sanitized …

Dec 9, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.