Skip to main content
CVE-2025-21418 HIGH KEV PATCH THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow enabling local privilege escalation to SYSTEM, exploited in the wild in February 2025.

Microsoft Buffer Overflow Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
13.6%
CVE-2025-24472 HIGH KEV THREAT Act Now

FortiOS and FortiProxy contain an authentication bypass allowing unauthenticated attackers with knowledge of upstream/downstream device serial numbers to gain super-admin privileges on downstream devices.

Authentication Bypass Fortinet Fortiproxy Fortios
NVD VulDB
CVSS 3.1
8.1
EPSS
10.1%
CVE-2025-21391 HIGH KEV PATCH THREAT Act Now

Windows Storage contains an elevation of privilege vulnerability through symlink following that allows authorized attackers to delete targeted files, enabling privilege escalation.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.1
EPSS
5.6%
CVE-2025-21420 HIGH PATCH Act Now

Windows Disk Cleanup Tool Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Epss exploitation probability 37.8%.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
37.8%
CVE-2025-21181 HIGH PATCH Act Now

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Microsoft Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
13.6%
CVE-2025-1240 HIGH This Week

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Winzip
NVD VulDB
CVSS 3.1
8.8
EPSS
6.1%
CVE-2025-1052 HIGH This Week

Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Mintty
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-24410 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
1.4%
CVE-2025-0903 HIGH This Week

PDF-XChange Editor RTF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-21351 HIGH PATCH This Week

Windows Active Directory Domain Services API Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2025-0910 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-0899 HIGH This Week

PDF-XChange Editor AcroForm Use-After-Free Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-24417 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24416 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24415 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24414 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24413 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-24412 HIGH PATCH This Week

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2025-0901 HIGH This Week

PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-21208 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows Server 2008 +7
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-21371 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-26411 HIGH This Week

An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Python File Upload
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21410 HIGH PATCH This Week

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows Server 2008 +7
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21406 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21201 HIGH PATCH This Week

Windows Telephony Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21200 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21190 HIGH PATCH This Week

Windows Telephony Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +15
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21369 HIGH PATCH This Week

Microsoft Digest Authentication Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-21368 HIGH PATCH This Week

Microsoft Digest Authentication Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE Windows 10 1507 +14
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0911 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0909 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0908 HIGH This Week

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0907 HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0906 HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0905 HIGH This Week

PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0904 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0902 HIGH This Week

PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow RCE Pdf Xchange Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-35279 HIGH This Week

A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow RCE Stack Overflow Fortinet Fortios
NVD
CVSS 3.1
8.1
EPSS
3.6%
CVE-2024-13643 HIGH This Week

The Zox News - Professional WordPress News & Magazine Theme plugin for WordPress is vulnerable to unauthorized data modification. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation Denial Of Service
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-40591 HIGH This Week

An incorrect privilege assignment vulnerability [CWE-266] in Fortinet FortiOS version 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.9 and before 7.0.15 allows an authenticated admin whose access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Fortios
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-45386 HIGH This Week

A vulnerability has been identified in SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SIMOCODE ES V19. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-24470 HIGH This Week

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortiportal
NVD
CVSS 3.1
8.6
EPSS
0.7%
CVE-2024-54015 HIGH This Week

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 <. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-0064 HIGH PATCH This Week

Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase,. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

SAP Information Disclosure Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
8.7
EPSS
0.1%
CVE-2025-24811 HIGH This Week

A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2024-54089 HIGH This Week

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-25243 HIGH This Week

SAP Supplier Relationship Management (Master Data Management Catalog) allows an unauthenticated attacker to use a publicly available servlet to download an arbitrary file over the network without any. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Path Traversal
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2025-24900 HIGH This Week

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
8.6
EPSS
0.1%
CVE-2024-27781 HIGH This Week

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortinet Fortisandbox
NVD
CVSS 3.1
7.1
EPSS
7.5%
CVE-2025-1143 HIGH This Week

Certain models of routers from Billion Electric has hard-coded embedded linux credentials, allowing attackers to log in through the SSH service using these credentials and obtain root privilege of. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy