Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
18,372 matching · page 320/368Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-21234(opens NVD record) | High | 7.8 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21233(opens NVD record) | High | 8.8 | Windows Telephony Service Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21232(opens NVD record) | Medium | 6.6 | Windows Digital Media Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21231(opens NVD record) | High | 7.5 | IP Helper Denial of Service Vulnerability | Jan 14, 2025 |
| CVE-2025-21230(opens NVD record) | High | 7.5 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | Jan 14, 2025 |
| CVE-2025-21229(opens NVD record) | Medium | 6.6 | Windows Digital Media Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21228(opens NVD record) | Medium | 6.6 | Windows Digital Media Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21227(opens NVD record) | Medium | 6.6 | Windows Digital Media Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21226(opens NVD record) | Medium | 6.6 | Windows Digital Media Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21225(opens NVD record) | Medium | 5.9 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | Jan 14, 2025 |
| CVE-2025-21224(opens NVD record) | High | 8.1 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21223(opens NVD record) | High | 8.8 | Windows Telephony Service Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21220(opens NVD record) | High | 7.5 | Microsoft Message Queuing Information Disclosure Vulnerability | Jan 14, 2025 |
| CVE-2025-21219(opens NVD record) | Medium | 4.3 | MapUrlToZone Security Feature Bypass Vulnerability | Jan 14, 2025 |
| CVE-2025-21218(opens NVD record) | High | 7.5 | Windows Kerberos Denial of Service Vulnerability | Jan 14, 2025 |
| CVE-2025-21217(opens NVD record) | Medium | 6.5 | Windows NTLM Spoofing Vulnerability | Jan 14, 2025 |
| CVE-2025-21215(opens NVD record) | Medium | 4.6 | Secure Boot Security Feature Bypass Vulnerability | Jan 14, 2025 |
| CVE-2025-21214(opens NVD record) | Medium | 4.2 | Windows BitLocker Information Disclosure Vulnerability | Jan 14, 2025 |
| CVE-2025-21213(opens NVD record) | Medium | 4.6 | Secure Boot Security Feature Bypass Vulnerability | Jan 14, 2025 |
| CVE-2025-21211(opens NVD record) | Medium | 6.8 | Secure Boot Security Feature Bypass Vulnerability | Jan 14, 2025 |
| CVE-2025-21210(opens NVD record) | Medium | 4.2 | Windows BitLocker Information Disclosure Vulnerability | Jan 14, 2025 |
| CVE-2025-21207(opens NVD record) | High | 7.5 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | Jan 14, 2025 |
| CVE-2025-21202(opens NVD record) | Medium | 6.1 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21193(opens NVD record) | Medium | 6.5 | Active Directory Federation Server Spoofing Vulnerability | Jan 14, 2025 |
| CVE-2025-21189(opens NVD record) | Medium | 4.3 | MapUrlToZone Security Feature Bypass Vulnerability | Jan 14, 2025 |
| CVE-2025-21187(opens NVD record) | High | 7.8 | Microsoft Power Automate Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21186(opens NVD record) | High | 7.8 | Microsoft Access Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21178(opens NVD record) | High | 8.8 | Visual Studio Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21176(opens NVD record) | High | 8.8 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21173(opens NVD record) | High | 7.3 | .NET Elevation of Privilege Vulnerability | Jan 14, 2025 |
| CVE-2025-21172(opens NVD record) | High | 7.5 | .NET and Visual Studio Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2025-21171(opens NVD record) | High | 7.5 | .NET Remote Code Execution Vulnerability | Jan 14, 2025 |
| CVE-2024-13172(opens NVD record) | High | 7.8 | Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | Jan 14, 2025 |
| CVE-2024-13171(opens NVD record) | High | 7.8 | Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | Jan 14, 2025 |
| CVE-2024-13170(opens NVD record) | High | 7.5 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Jan 14, 2025 |
| CVE-2024-13169(opens NVD record) | High | 7.8 | An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | Jan 14, 2025 |
| CVE-2024-13168(opens NVD record) | High | 7.5 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Jan 14, 2025 |
| CVE-2024-13167(opens NVD record) | High | 7.5 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Jan 14, 2025 |
| CVE-2024-13166(opens NVD record) | High | 7.5 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Jan 14, 2025 |
| CVE-2024-13165(opens NVD record) | High | 7.5 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | Jan 14, 2025 |
| CVE-2024-13164(opens NVD record) | High | 7.8 | An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | Jan 14, 2025 |
| CVE-2024-13163(opens NVD record) | High | 7.8 | Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | Jan 14, 2025 |
| CVE-2024-13162(opens NVD record) | High | 7.2 | SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | Jan 14, 2025 |
| CVE-2024-13161(opens NVD record) | Critical | 9.8 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | Jan 14, 2025 |
| CVE-2024-13160(opens NVD record) | Critical | 9.8 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | Jan 14, 2025 |
| CVE-2024-13159(opens NVD record) | Critical | 9.8 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | Jan 14, 2025 |
| CVE-2024-13158(opens NVD record) | High | 7.2 | An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Jan 14, 2025 |
| CVE-2024-12088(opens NVD record) | Medium | 6.5 | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | Jan 14, 2025 |
| CVE-2024-12087(opens NVD record) | Medium | 6.5 | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | Jan 14, 2025 |
| CVE-2024-12086(opens NVD record) | Medium | 6.1 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. | Jan 14, 2025 |