Skip to main content
CVE-2025-29812 HIGH This Week

Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +4
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-27739 HIGH This Week

Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +8
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-27728 HIGH This Week

Out-of-bounds read in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-27490 HIGH This Week

Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-27744 HIGH This Week

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-26648 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Information Disclosure Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-29801 HIGH This Week

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Autoupdate
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-29800 HIGH This Week

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Autoupdate
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-27198 HIGH This Week

Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-27200 HIGH This Week

Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Animate
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-30304 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30299 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30298 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow RCE Stack Overflow Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30297 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30296 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Adobe RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30295 HIGH This Week

Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Adobe Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27199 HIGH This Week

Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27196 HIGH This Week

Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Premiere Pro
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27195 HIGH This Week

Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27194 HIGH This Week

Media Encoder versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Media Encoder
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27193 HIGH This Week

Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27183 HIGH This Week

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27182 HIGH This Week

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27428 HIGH This Week

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Path Traversal
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-41793 HIGH This Week

A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 7Kt Pac1260 Data Manager Firmware
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2023-37930 HIGH This Week

Multiple issues including the use of uninitialized ressources [CWE-908] and excessive iteration [CWE-834] vulnerabilities vulnerability in Fortinet allows a VPN user to corrupt memory potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Fortinet Fortios Fortiproxy
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-3431 HIGH This Week

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Zoomsounds PHP
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-30151 HIGH PATCH This Week

Shopware is an open commerce platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-26686 HIGH This Week

Sensitive data storage in improperly locked memory in Windows TCP/IP allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-26687 HIGH This Week

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Office +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26668 HIGH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-27484 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-26013 HIGH This Week

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer Fortimanager Fortios +3
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29816 HIGH This Week

Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-29810 HIGH This Week

Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +12
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-25227 HIGH PATCH This Week

Insufficient state checks lead to a vector that allows to bypass 2FA checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-29804 HIGH This Week

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-29802 HIGH This Week

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-26628 HIGH This Week

Insufficiently protected credentials in Azure Local Cluster allows an authorized attacker to disclose information locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure Local Cluster
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2025-29792 HIGH This Week

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2024-54024 HIGH This Week

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiisolator
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-29809 HIGH This Week

Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2025-25254 HIGH This Week

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortiweb
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-27083 HIGH This Week

Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2025-27082 HIGH This Week

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Arubaos
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-27491 HIGH This Week

Use after free in Windows Hyper-V allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +13
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-32117 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-27732 HIGH This Week

Sensitive data storage in improperly locked memory in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-26665 HIGH This Week

Sensitive data storage in improperly locked memory in Windows upnphost.dll allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-21191 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.2%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy