CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-58324 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-58325 An Incorrect Provision of Specified Functionality vulnerability [CWE-684] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2.5 through 7.2.10, 7.0.0 through 7.0.15, 6.4 all versions may allow a local authenti... | 8.2 | HIGH | — | 0 |
| CVE-2025-58903 An Unchecked Return Value vulnerability [CWE-252] in Fortinet FortiOS version 7.6.0 through 7.6.3 and before 7.4.8 API allows an authenticated user to cause a Null Pointer Dereference, crashing the h... | 2.7 | LOW | — | 0 |
| CVE-2025-59921 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all ve... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54603 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-62172 Home Assistant is open source home automation software that puts local control and privacy first. In versions 2025.1.0 through 2025.10.1, the energy dashboard is vulnerable to stored cross-site script... | N/A | NONE | — | 0 |
| CVE-2025-62366 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced... | N/A | NONE | — | 0 |
| CVE-2025-11548 A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution | N/A | NONE | — | 0 |
| CVE-2025-24052 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sy... | 7.8 | HIGH | — | 0 |
| CVE-2025-25004 Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | — | 0 |
| CVE-2025-36730 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to the user prompt causing Windsurf to ... | N/A | NONE | — | 0 |
| CVE-2025-37139 A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting ... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-37146 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploi... | 7.2 | HIGH | — | 0 |
| CVE-2025-37147 A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execut... | 7.1 | HIGH | — | 0 |
| CVE-2025-37148 A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-48004 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | 7.4 | HIGH | — | 0 |
| CVE-2025-50175 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-53150 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-53717 Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-53768 Use after free in Xbox allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-55240 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | — | 0 |
| CVE-2025-55320 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-58724 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-58730 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58731 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | 7.4 | HIGH | — | 0 |
| CVE-2025-58732 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58733 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58734 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58735 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58736 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58737 Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-58738 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59190 Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59191 Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59192 Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59200 Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally. | 7.7 | HIGH | — | 0 |
| CVE-2025-59201 Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59202 Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59203 Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59204 Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59205 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | 7.4 | HIGH | — | 0 |
| CVE-2025-59207 Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59208 Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network. | 7.1 | HIGH | — | 0 |
| CVE-2025-59209 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59211 Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-59221 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 7.0 | HIGH | — | 0 |
| CVE-2025-59222 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-59223 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.