Skip to main content
CVE-2025-21418 HIGH KEV PATCH THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation to SYSTEM, exploited in the wild in February 2025.

Microsoft Buffer Overflow Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
13.6%
CVE-2025-24472 HIGH KEV THREAT Act Now

FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD VulDB
CVSS 3.1
8.1
EPSS
10.1%
CVE-2025-22467 CRITICAL Emergency

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 42.0% and no vendor patch available.

Ivanti Buffer Overflow RCE Stack Overflow Connect Secure
NVD
CVSS 3.1
9.9
EPSS
42.0%
CVE-2025-21391 HIGH KEV PATCH THREAT Act Now

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attackers to delete targeted files, enabling privilege escalation.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.1
EPSS
5.6%
CVE-2024-47908 CRITICAL Emergency

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.0% and no vendor patch available.

Command Injection RCE Ivanti Cloud Services Appliance
NVD
CVSS 3.1
9.1
EPSS
44.0%
CVE-2025-21420 HIGH PATCH Act Now

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 37.8%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
37.8%
CVE-2022-3180 CRITICAL Act Now

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.5% and no vendor patch available.

WordPress Authentication Bypass Privilege Escalation Wpgateway
NVD
CVSS 3.1
9.8
EPSS
23.5%
CVE-2024-57241 MEDIUM POC This Month

Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Dedecms
NVD GitHub
CVSS 3.1
6.5
EPSS
4.5%
CVE-2024-10644 CRITICAL Act Now

Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
9.1
EPSS
6.8%
CVE-2025-25202 MEDIUM POC PATCH This Month

Ash Authentication is an authentication framework for Elixir applications. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Privilege Escalation Ash Authentication Alembic
NVD GitHub
CVSS 4.0
6.3
EPSS
0.2%
CVE-2025-1178 MEDIUM POC PATCH This Month

A vulnerability was found in GNU Binutils 2.43. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils Active Iq Unified Manager Ontap Select Deploy Administration Utility Red Hat +1
NVD VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2024-13570 MEDIUM POC This Month

The Stray Random Quotes WordPress plugin through 1.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stray Random Quotes
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-13543 MEDIUM POC This Month

The Zarinpal Paid Download WordPress plugin through 2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Zarinpal Paid Download
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2025-21181 HIGH PATCH Act Now

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
13.6%
CVE-2025-1240 HIGH This Week

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Winzip
NVD VulDB
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-1044 CRITICAL Act Now

Logsign Unified SecOps Platform Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Unified Secops Platform
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-0181 CRITICAL Act Now

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-0180 CRITICAL Act Now

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-26410 CRITICAL Act Now

The firmware of all Wattsense Bridge devices contain the same hard-coded user and root credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-1144 CRITICAL Act Now

School Affairs System from Quanxun has an Exposure of Sensitive Information, allowing unauthenticated attackers to view specific pages and obtain database information as well as plaintext. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-25530 CRITICAL Act Now

Buffer overflow vulnerability in Digital China DCBI-Netlog-LAB Gateway 1.0 due to the lack of length verification, which is related to saving parental control configuration information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-25528 MEDIUM POC This Month

Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wl Wn575A3 Firmware
NVD GitHub
CVSS 3.1
5.1
EPSS
3.3%
CVE-2025-1177 MEDIUM POC This Month

A vulnerability was found in dayrui XunRuiCMS 4.6.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Xunruicms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1167 MEDIUM POC This Month

A vulnerability was found in Mayuri K Employee Management System up to 192.168.70.3 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Management System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-1168 MEDIUM POC This Month

A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Contact Manager With Export To Vcf
NVD VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-24973 CRITICAL Act Now

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-1126 CRITICAL Act Now

A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-1169 MEDIUM POC This Month

A vulnerability was found in SourceCodester Image Compressor Tool 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Image Compressor Tool
NVD VulDB
CVSS 4.0
5.1
EPSS
0.4%
CVE-2025-24434 CRITICAL PATCH Act Now

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce Commerce B2b +1
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-1052 HIGH This Week

Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Mintty
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-21198 CRITICAL PATCH Act Now

Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Microsoft RCE Authentication Bypass Hpc Pack 2016 Hpc Pack 2019
NVD
CVSS 3.1
9.0
EPSS
0.2%
CVE-2025-24410 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
1.4%
CVE-2025-0903 HIGH This Week

PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-21351 HIGH PATCH This Week

Windows Active Directory Domain Services API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2025-0910 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-0899 HIGH This Week

PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-24417 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24416 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24415 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24414 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24413 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24412 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-0901 HIGH This Week

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-21208 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows Server 2008 +7
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-21371 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-26411 HIGH This Week

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python File Upload
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21410 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows Server 2008 +7
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21406 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21201 HIGH PATCH This Week

Windows Telephony Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21200 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy