Skip to main content
CVE-2025-21249 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21248 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21246 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21245 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21244 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21243 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Microsoft Integer Overflow RCE Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21242 MEDIUM PATCH This Month

Windows Kerberos Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-21241 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-21240 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2025-21239 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +13
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21238 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21237 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21236 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21235 HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21234 HIGH PATCH This Month

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21233 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21232 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21231 HIGH PATCH This Month

IP Helper Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-21230 HIGH PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-21229 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21228 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21227 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21226 MEDIUM PATCH This Month

Windows Digital Media Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2025-21225 MEDIUM PATCH This Month

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Microsoft Memory Corruption Denial Of Service Windows Server 2016 Windows Server 2019 +4
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2025-21224 HIGH PATCH This Month

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free RCE Windows 10 21h2 +8
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-21223 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-21220 HIGH PATCH This Month

Microsoft Message Queuing Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2025-21219 MEDIUM PATCH Monitor

MapUrlToZone Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-21218 HIGH PATCH This Month

Windows Kerberos Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +4
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2025-21217 MEDIUM PATCH This Month

Windows NTLM Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-21215 MEDIUM PATCH Monitor

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2025-21214 MEDIUM PATCH Monitor

Windows BitLocker Information Disclosure Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-21213 MEDIUM PATCH Monitor

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2025-21211 MEDIUM PATCH This Month

Secure Boot Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2025-21210 MEDIUM PATCH Monitor

Windows BitLocker Information Disclosure Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-21207 HIGH PATCH This Month

Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-21202 MEDIUM PATCH This Month

Windows Recovery Environment Agent Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-21193 MEDIUM PATCH This Month

Active Directory Federation Server Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2 +2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2025-21189 MEDIUM PATCH Monitor

MapUrlToZone Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2025-21187 HIGH This Month

Microsoft Power Automate Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Microsoft Power Automate For Desktop
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-21186 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-21178 HIGH PATCH This Month

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Visual Studio 2017 Visual Studio 2019 +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-21176 HIGH PATCH This Month

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Net Visual Studio 2017 Net Framework +2
NVD HeroDevs
CVSS 3.1
8.8
EPSS
1.4%
CVE-2025-21173 HIGH PATCH This Month

.NET Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2022 Net Red Hat Suse
NVD HeroDevs
CVSS 3.1
7.3
EPSS
2.0%
CVE-2025-21172 HIGH PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Net Visual Studio 2017 +4
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21171 HIGH PATCH This Month

.NET Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Net Powershell +3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-0465 MEDIUM This Month

A vulnerability was found in AquilaCMS 1.412.13. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.

Information Disclosure
NVD
CVE-2024-13172 HIGH This Month

Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Jwt Attack Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-13171 HIGH This Month

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE File Upload Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
30.3%
Prev Page 5 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy