Skip to main content
CVE-2025-21248 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21246 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21245 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21244 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21243 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21241 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-21240 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-21239 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21238 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21237 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21236 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21235 HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21234 HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21233 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21231 HIGH PATCH This Month

IP Helper Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-21230 HIGH PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-21224 HIGH PATCH This Month

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free RCE Windows 10 21h2 +8
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-21223 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21220 HIGH PATCH This Month

Microsoft Message Queuing Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-21218 HIGH PATCH This Month

Windows Kerberos Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +4
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-21207 HIGH PATCH This Month

Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-21187 HIGH This Month

Microsoft Power Automate Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Microsoft Power Automate For Desktop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-21186 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-21178 HIGH PATCH This Month

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Visual Studio 2017 Visual Studio 2019 +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-21176 HIGH PATCH This Month

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Net Visual Studio 2017 Net Framework +2
NVD HeroDevs
CVSS 3.1
8.8
EPSS
1.4%
CVE-2025-21173 HIGH PATCH This Month

.NET Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2022 Net Red Hat Suse
NVD HeroDevs
CVSS 3.1
7.3
EPSS
2.0%
CVE-2025-21172 HIGH PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Net Visual Studio 2017 +4
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21171 HIGH PATCH This Month

.NET Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Net Powershell +3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-13172 HIGH This Month

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Jwt Attack Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-13171 HIGH This Month

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE File Upload Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
30.3%
CVE-2024-13170 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13169 HIGH This Month

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13168 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13167 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13166 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-13165 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13164 HIGH This Month

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13163 HIGH This Month

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 26.5% and no vendor patch available.

RCE Deserialization Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
26.5%
CVE-2024-13162 HIGH This Month

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 43.8% and no vendor patch available.

RCE Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
43.8%
CVE-2024-13158 HIGH PATCH This Month

An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.5%.

RCE Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
21.5%
CVE-2024-53561 HIGH This Month

A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD GitHub
CVSS 3.1
8.7
EPSS
1.3%
CVE-2024-13181 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-13180 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2024-13179 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-10630 HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-22984 HIGH POC This Month

An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-22983 HIGH POC This Month

An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42444 HIGH This Month

APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Rated high severity (CVSS 7.5). No vendor patch available.

RCE Aptio V
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-7344 HIGH POC PATCH This Week

Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Jwt Attack Neo Impact Greenguard Sysreturn +5
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-50566 HIGH This Month

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiManager Cloud 7.6.0 through 7.6.1, FortiManager Cloud 7.4.0 through 7.4.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
7.2
EPSS
0.3%
Prev Page 3 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy