Searching...
Please wait while we search the database
| CVE ID | Severity | Description | Published | Actions |
|---|---|---|---|---|
|
CVE-2025-55338
|
MEDIUM |
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
14 Oct 2025
|
|
|
CVE-2025-55336
|
MEDIUM |
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
|
14 Oct 2025
|
|
|
CVE-2025-55335
|
HIGH |
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
|
14 Oct 2025
|
|
|
CVE-2025-55333
|
MEDIUM |
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
14 Oct 2025
|
|
|
CVE-2025-55325
|
MEDIUM |
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
|
14 Oct 2025
|
|
|
CVE-2025-55320
|
MEDIUM |
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
|
14 Oct 2025
|
|
|
CVE-2025-24052
|
HIGH |
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
|
14 Oct 2025
|
|
|
CVE-2025-24990
|
HIGH |
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
|
14 Oct 2025
|
|
|
CVE-2025-55315
|
CRITICAL |
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
|
14 Oct 2025
|
|
|
CVE-2025-55247
|
HIGH |
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
|
14 Oct 2025
|
|
|
CVE-2025-53782
|
HIGH |
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
|
14 Oct 2025
|
|
|
CVE-2025-50174
|
HIGH |
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
|
14 Oct 2025
|
|
|
CVE-2025-48004
|
HIGH |
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
|
14 Oct 2025
|
|
|
CVE-2025-47989
|
HIGH |
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
|
14 Oct 2025
|
|
|
CVE-2025-31514
|
LOW |
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command.
|
14 Oct 2025
|
|
|
CVE-2025-46774
|
MEDIUM |
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.
|
14 Oct 2025
|
|
|
CVE-2025-54822
|
MEDIUM |
An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
|
14 Oct 2025
|
|
|
CVE-2025-31365
|
MEDIUM |
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
|
14 Oct 2025
|
|
|
CVE-2025-53845
|
MEDIUM |
An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests.
|
14 Oct 2025
|
|
|
CVE-2025-59921
|
MEDIUM |
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.
|
14 Oct 2025
|
|
|
CVE-2024-33507
|
HIGH |
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
|
14 Oct 2025
|
|
|
CVE-2025-57716
|
MEDIUM |
An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.
|
14 Oct 2025
|
|
|
CVE-2025-25255
|
MEDIUM |
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
|
14 Oct 2025
|
|
|
CVE-2025-25252
|
MEDIUM |
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record.
|
14 Oct 2025
|
|
|
CVE-2024-26008
|
MEDIUM |
An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.
|
14 Oct 2025
|
CVE-2025-55338
MEDIUM
14 Oct 2025
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55336
MEDIUM
14 Oct 2025
Exposure of sensitive information to an unauthorized actor in Windows Cloud Files Mini Filter Driver allows an authorized attacker to disclose information locally.
CVE-2025-55335
HIGH
14 Oct 2025
Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-55333
MEDIUM
14 Oct 2025
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55325
MEDIUM
14 Oct 2025
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-55320
MEDIUM
14 Oct 2025
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2025-24052
HIGH
14 Oct 2025
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
CVE-2025-24990
HIGH
14 Oct 2025
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
CVE-2025-55315
CRITICAL
14 Oct 2025
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-55247
HIGH
14 Oct 2025
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2025-53782
HIGH
14 Oct 2025
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-50174
HIGH
14 Oct 2025
Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-48004
HIGH
14 Oct 2025
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47989
HIGH
14 Oct 2025
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-31514
LOW
14 Oct 2025
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command.
CVE-2025-46774
MEDIUM
14 Oct 2025
An Improper Verification of Cryptographic Signature vulnerability [CWE-347] in FortiClient MacOS installer version 7.4.2 and below, version 7.2.9 and below, 7.0 all versions may allow a local user to escalate their privileges via FortiClient related executables.
CVE-2025-54822
MEDIUM
14 Oct 2025
An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
CVE-2025-31365
MEDIUM
14 Oct 2025
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac 7.4.0 through 7.4.3, 7.2.1 through 7.2.8 may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website.
CVE-2025-53845
MEDIUM
14 Oct 2025
An improper authentication vulnerability [CWE-287] in Fortinet FortiAnalyzer version 7.6.0 through 7.6.3 and before 7.4.6 allows an unauthenticated attacker to obtain information pertaining to the device's health and status, or cause a denial of service via crafted OFTP requests.
CVE-2025-59921
MEDIUM
14 Oct 2025
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiADC version 7.4.0, version 7.2.3 and below, version 7.1.4 and below, 7.0 all versions, 6.2 all versions may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPs requests.
CVE-2024-33507
HIGH
14 Oct 2025
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in FortiIsolator 2.4.0 through 2.4.4, 2.3 all versions, 2.2.0, 2.1 all versions, 2.0 all versions authentication mechanism may allow remote unauthenticated attacker to deauthenticate logged in admins via crafted cookie and remote authenticated read-only attacker to gain write privilege via crafted cookie.
CVE-2025-57716
MEDIUM
14 Oct 2025
An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder.
CVE-2025-25255
MEDIUM
14 Oct 2025
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.11, FortiProxy 7.2 all versions, FortiProxy 7.0.1 through 7.0.22 may allow an unauthenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests.
CVE-2025-25252
MEDIUM
14 Oct 2025
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4 all versions may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record.
CVE-2024-26008
MEDIUM
14 Oct 2025
An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.
Page 181 of 687
Page 181 of 687