Skip to main content
CVE-2025-21293 HIGH POC PATCH THREAT Act Now

Active Directory Domain Services contains an elevation of privilege vulnerability that allows authenticated domain users to escalate to domain administrator. The vulnerability enables lateral movement and complete domain compromise from any authenticated position within the Active Directory environment.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +11
NVD
CVSS 3.1
8.8
EPSS
75.3%
Threat
5.5
CVE-2024-12085 HIGH POC PATCH THREAT Act Now

A flaw was found in rsync which could be triggered when rsync compares file checksums. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.1%.

Information Disclosure Rsync Openshift Openshift Container Platform Enterprise Linux +17
NVD GitHub
CVSS 3.1
7.5
EPSS
19.1%
CVE-2024-12087 HIGH POC PATCH This Week

Server-to-client path traversal in rsync lets a malicious or compromised rsync server write files outside the client's intended destination directory by abusing the `--inc-recursive` incremental-recursion mode. Because the server can negotiate `--inc-recursive` even when the client does not request it, missing symlink validation combined with per-file-list deduplication allows arbitrary file placement on the connecting client. Publicly available exploit code exists, EPSS is 3.19% (87th percentile), and Red Hat has shipped fixes, but it is not currently listed in CISA KEV.

Path Traversal Rsync Almalinux Arch Linux Nixos +13
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-37931 HIGH This Week

An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Fortivoice
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-12088 HIGH PATCH This Week

Arbitrary file write outside the intended destination in rsync's client-side `--safe-links` handling allows a malicious or compromised rsync server to bypass the symlink safety check via a path-traversal flaw (CWE-22). The client fails to recursively verify whether a symbolic-link target supplied by the server itself contains a nested symlink, so a controlled server can place files anywhere the rsync process can write. A detailed advisory was published by Google's security-research team (GHSA-p5pg-x43v-mvqj) as part of the January 2025 rsync vulnerability cluster, but the issue is not in CISA KEV and no public exploit identified at time of analysis; EPSS is moderate at 2.89% (86th percentile).

Path Traversal Rsync Discovery Openshift Container Platform Enterprise Linux +15
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.9%
CVE-2025-21338 HIGH PATCH This Week

GDI+ Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

RCE Integer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-21361 HIGH PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-21402 HIGH PATCH This Week

Microsoft Office OneNote Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-37937 HIGH This Week

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiswitch
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-33503 HIGH This Week

Local privilege escalation in Fortinet FortiManager (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.3) and FortiAnalyzer (6.4.0-6.4.14, 7.0.0-7.0.12, 7.2.0-7.2.5, 7.4.0-7.4.2), including their Cloud variants, lets an attacker who already holds low-privilege CLI/shell access run specific shell commands to gain elevated privileges. Full confidentiality, integrity, and availability impact result, effectively giving an attacker administrative control of the management appliance. No public exploit identified at time of analysis; the low EPSS score (0.03%, 9th percentile) indicates minimal current exploitation activity.

Privilege Escalation Fortinet Fortianalyzer Fortianalyzer Cloud Fortimanager +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-42911 HIGH This Week

ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
7.4
EPSS
1.7%
CVE-2025-0474 HIGH This Week

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.8.56 through 5.11.23. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.2%
CVE-2024-54730 HIGH This Month

Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-50858 HIGH POC This Week

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gestioip
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-21139 HIGH This Month

Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21138 HIGH This Month

Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21137 HIGH This Month

Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21136 HIGH This Month

Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21135 HIGH This Month

Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Animate
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-55924 HIGH PATCH This Month

TYPO3 is a free and open source Content Management Framework. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Typo3
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2024-55921 HIGH PATCH This Month

TYPO3 is a free and open source Content Management Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE CSRF Typo3
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2024-53263 HIGH PATCH This Month

Git LFS is a Git extension for versioning large files. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Suse
NVD GitHub
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-48858 HIGH This Month

Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-23042 HIGH POC PATCH GHSA This Week

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Python Apple Gradio +3
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-21134 HIGH This Month

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21133 HIGH This Month

Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Illustrator On Ipad
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21132 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21131 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21130 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21129 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21128 HIGH This Month

Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stack Overflow Buffer Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21127 HIGH This Month

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21122 HIGH This Month

Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-50338 HIGH PATCH This Month

Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Windows macOS
NVD GitHub
CVSS 3.1
7.4
EPSS
0.2%
CVE-2024-48857 HIGH This Month

NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Qnx Software Development Platform
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-23052 HIGH This Month

Authenticated command injection vulnerability in the command line interface of a network management service. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-23051 HIGH This Month

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-21417 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21413 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21411 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21409 HIGH PATCH This Month

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-21405 HIGH PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Authentication Bypass Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-21395 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2025-21389 HIGH PATCH This Month

Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2025-21382 HIGH PATCH This Month

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2025-21378 HIGH PATCH This Month

Windows CSC Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-21372 HIGH PATCH This Month

Microsoft Brokering File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free Information Disclosure Windows 11 24h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21370 HIGH PATCH This Month

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-21366 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free RCE 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2025-21365 HIGH PATCH This Month

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.6%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy