Skip to main content
CVE-2023-37933 HIGH This Week

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests. [CVSS 8.8 HIGH]

XSS
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-2233 HIGH This Week

Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. [CVSS 8.8 HIGH]

Authentication Bypass Samsung
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2025-27912 HIGH This Week

An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perf...

CSRF
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-27773 HIGH PATCH This Week

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. versions up to 4.17.0 is affected by improper verification of cryptographic signature (CVSS 8.6).

PHP
NVD GitHub
CVSS 3.1
8.6
EPSS
0.2%
CVE-2025-27440 HIGH This Week

Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. [CVSS 8.5 HIGH]

Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-27439 HIGH This Week

Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. [CVSS 8.5 HIGH]

Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-0151 HIGH This Week

Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access. [CVSS 8.5 HIGH]

Use After Free Privilege Escalation Denial Of Service
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-24084 HIGH This Week

Untrusted pointer dereference in Windows Subsystem for Linux allows an unauthorized attacker to execute code locally. [CVSS 8.4 HIGH]

Linux Windows
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-24049 HIGH PATCH This Week

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. [CVSS 8.4 HIGH]

Command Injection Microsoft Suse
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-56182 HIGH This Week

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). [CVSS 8.2 HIGH]

Information Disclosure
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2024-56181 HIGH This Week

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions < V35.01.12), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions < V35.02.10), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions < V28.01.14), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions < V28.01.14), SIMATIC IPC277G PRO (All versions < V28.01.14), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions < V28.01.14), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions < V28.01.14), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). [CVSS 8.2 HIGH]

Information Disclosure
NVD VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2024-13580 MEDIUM POC This Month

XV Random Quotes WordPre versions up to 1.40 is affected by cross-site request forgery (csrf) (CVSS 4.3).

WordPress
NVD WPScan
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27493 HIGH This Week

A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface. [CVSS 8.2 HIGH]

Code Injection
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-24064 HIGH This Week

Use after free in DNS Server allows an unauthorized attacker to execute code over a network. [CVSS 8.1 HIGH]

Use After Free Denial Of Service
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-24035 HIGH CERT-EU This Week

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. [CVSS 8.1 HIGH]

Windows
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2025-24045 HIGH CERT-EU This Week

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. [CVSS 8.1 HIGH]

Windows
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-40723 HIGH CERT-EU This Week

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 versions up to 6.7.4 is affected by information exposure (CVSS 8.1).

Fortinet
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-2190 HIGH This Week

The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. [CVSS 8.1 HIGH]

Code Injection
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-24061 HIGH This Week

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally. [CVSS 7.8 HIGH]

Windows
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-24057 HIGH This Week

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21180 HIGH This Week

Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Windows Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24083 HIGH This Week

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Authentication Bypass Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24082 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24081 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24080 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24079 HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-26630 HIGH This Week

Use after free in Microsoft Office Access allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-26629 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24077 HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24075 HIGH This Week

Stack-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24059 HIGH This Week

Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Windows
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-24995 HIGH This Week

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Linux Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24067 HIGH This Week

Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24066 HIGH This Week

Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Linux Windows Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24044 HIGH This Week

Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Linux Windows
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-22454 HIGH This Week

Insufficiently restrictive permissions in Ivanti Secure Access Client versions up to 22.7 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Ivanti
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-2012 HIGH This Week

Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2025-24072 HIGH This Week

Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24050 HIGH This Week

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Windows Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24048 HIGH This Week

Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Windows Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-24046 HIGH This Week

Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Use After Free Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-2023 HIGH This Week

Ashlar-Vellum Cobalt LI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2022 HIGH This Week

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2021 HIGH This Week

Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2020 HIGH This Week

Ashlar-Vellum Cobalt VC6 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2018 HIGH This Week

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2016 HIGH This Week

Ashlar-Vellum Cobalt VC6 File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2015 HIGH This Week

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. [CVSS 7.8 HIGH]

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2014 HIGH This Week

that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VS files. The issue results from the lack of proper initialization of memory contains a vulnerability that allows attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt (CVSS 7.8).

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-2013 HIGH This Week

Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of validating the existence of an object prior to performing opera...

RCE
NVD
CVSS 3.0
7.8
EPSS
0.1%
Prev Page 2 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy