Skip to main content
CVE-2025-21190 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21369 HIGH PATCH This Week

Microsoft Digest Authentication Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21368 HIGH PATCH This Week

Microsoft Digest Authentication Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0911 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0909 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0908 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0907 HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0906 HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0905 HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0904 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0902 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-35279 HIGH This Week

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow Fortinet Fortios
NVD
CVSS 3.1
8.1
EPSS
3.6%
CVE-2025-1174 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bookstore Management System
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2024-13643 HIGH This Week

The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation Denial Of Service
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-40591 HIGH This Week

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortios
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-45386 HIGH This Week

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-24470 HIGH This Week

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortiportal
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-54015 HIGH This Week

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 <. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-0064 HIGH PATCH This Week

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-24811 HIGH This Week

A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-54089 HIGH This Week

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-25243 HIGH This Week

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-24900 HIGH This Week

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-27781 HIGH This Week

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortisandbox
NVD
CVSS 3.1
7.1
EPSS
7.5%
CVE-2025-1143 HIGH This Week

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-21400 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2024-21925 HIGH This Week

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-0179 HIGH This Week

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-21924 HIGH This Week

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-24897 HIGH PATCH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Misskey
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-24896 HIGH PATCH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misskey
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-24876 HIGH PATCH This Week

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Node.js
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-24411 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-25203 HIGH This Week

CtrlPanel is open-source billing software for hosting providers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-24418 HIGH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce B2b
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-33469 HIGH This Week

An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
7.9
EPSS
0.2%
CVE-2025-22399 HIGH PATCH This Week

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Dell SSRF Utility Configuration Collector Edge
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2024-12755 HIGH This Week

A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE XSS Spaces
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-21387 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21381 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21392 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21383 HIGH PATCH This Week

Microsoft Excel Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21397 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21394 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21390 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21386 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12551 HIGH This Week

Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12549 HIGH This Week

Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21375 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21322 HIGH PATCH This Week

Microsoft PC Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Pc Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
Prev Page 2 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy