Skip to main content
CVE-2025-21400 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2024-21925 HIGH This Week

Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to arbitrary code execution. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2024-0179 HIGH This Week

SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Red Hat
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2024-21924 HIGH This Week

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-24897 HIGH PATCH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Misskey
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-24896 HIGH PATCH This Week

Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Misskey
NVD GitHub
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-24876 HIGH PATCH This Week

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Node.js
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-24411 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-25203 HIGH This Week

CtrlPanel is open-source billing software for hosting providers. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-24418 HIGH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Privilege Escalation Commerce B2b
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-33469 HIGH This Week

An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
CVSS 3.1
7.9
EPSS
0.2%
CVE-2025-22399 HIGH PATCH This Week

Dell UCC Edge, version 2.3.0, contains a Blind SSRF on Add Customer SFTP Server vulnerability. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Dell SSRF Utility Configuration Collector Edge
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2024-12755 HIGH This Week

A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable. No vendor patch available.

RCE XSS Spaces
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2025-21387 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21381 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21392 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21383 HIGH PATCH This Week

Microsoft Excel Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21397 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21394 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21390 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21386 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12551 HIGH This Week

Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12549 HIGH This Week

Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Power Pdf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21375 HIGH PATCH This Week

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21322 HIGH PATCH This Week

Microsoft PC Manager Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Pc Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-21161 HIGH This Week

Substance3D - Designer versions 14.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21367 HIGH PATCH This Week

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft Information Disclosure Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21359 HIGH PATCH This Week

Windows Kernel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21159 HIGH This Week

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21163 HIGH This Week

Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21123 HIGH This Week

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21160 HIGH This Week

Illustrator versions 29.1, 28.7.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21158 HIGH This Week

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21157 HIGH This Week

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21121 HIGH This Week

InDesign Desktop versions ID20.0, ID19.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21358 HIGH PATCH This Week

Windows Core Messaging Elevation of Privileges Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-21156 HIGH This Week

InCopy versions 20.0, 19.5.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Incopy
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-26492 HIGH This Week

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Teamcity
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-24499 HIGH This Week

A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens
NVD
CVSS 4.0
7.5
EPSS
0.2%
CVE-2025-24406 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Path Traversal Commerce Commerce B2b Magento
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-26495 HIGH This Week

Cleartext Storage of Sensitive Information vulnerability in Salesforce Tableau Server can record the Personal Access Token (PAT) into logging repositories.1.3, before 2021.4.8, before 2021.3.13,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tableau Server
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-31343 HIGH This Week

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-31342 HIGH This Week

Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. Rated high severity (CVSS 7.5). No vendor patch available.

RCE
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-21183 HIGH PATCH This Week

Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-21206 HIGH PATCH This Week

Visual Studio Installer Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-24039 HIGH This Week

Visual Studio Code Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2025-25522 HIGH This Week

Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linksys Buffer Overflow Wap610N Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-24042 HIGH This Week

Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Visual Studio Code
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-31361 HIGH This Week

A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2023-31360 HIGH This Week

Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy