Skip to main content
CVE-2025-43547 HIGH This Week

Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43546 HIGH This Week

Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43545 HIGH This Week

Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30330 HIGH This Week

Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow RCE Illustrator
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30328 HIGH This Week

Animate versions 24.0.8, 23.0.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30326 HIGH This Week

Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30325 HIGH This Week

Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30324 HIGH This Week

Photoshop Desktop versions 26.5, 25.12.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30322 HIGH This Week

Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-27197 HIGH This Week

Lightroom Desktop versions 8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Lightroom
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30318 HIGH This Week

InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-30310 HIGH This Week

Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Dreamweaver
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-29833 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2025-30384 HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
1.7%
CVE-2025-29831 HIGH This Week

Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2025-29969 HIGH This Week

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-29838 HIGH This Week

Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Windows 11 24h2 Windows Server 2025 +1
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2025-21264 HIGH This Week

Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Visual Studio Code
NVD
CVSS 3.1
7.1
EPSS
1.2%
CVE-2025-20003 HIGH This Week

Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2023-31358 HIGH This Week

A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation Aim T Manageability Api
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-31359 HIGH This Week

Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation Aim T Manageability Api
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-20046 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.2
EPSS
0.1%
CVE-2025-30378 HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2025-22892 HIGH This Week

Uncontrolled resource consumption for some OpenVINO™ model server software maintained by Intel(R) before version 2024.4 may allow an unauthenticated user to potentially enable denial of service via. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service
NVD
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-20083 HIGH This Week

Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1). No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-20062 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-20026 HIGH This Week

Out-of-bounds read for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Intel Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 4.0
7.0
EPSS
0.1%
CVE-2025-43570 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43569 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43568 HIGH This Month

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43565 HIGH This Month

ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Coldfusion
NVD
CVSS 3.1
8.4
EPSS
3.9%
CVE-2025-3744 HIGH This Month

Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nomad
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2025-4660 HIGH This Month

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Secureconnector Windows
NVD
CVSS 4.0
8.7
EPSS
1.5%
CVE-2025-30388 HIGH This Month

Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Office Office Long Term Servicing Channel +16
NVD VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30386 HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +2
NVD VulDB
CVSS 3.1
8.4
EPSS
0.6%
CVE-2025-30385 HIGH This Month

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-29979 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29978 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29977 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29976 HIGH This Month

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29973 HIGH This Month

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Authentication Bypass Azure File Sync
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-29967 HIGH This Month

Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2025-29966 HIGH This Month

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Remote Desktop Windows App +16
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2025-29964 HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-29963 HIGH This Month

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2025-29842 HIGH This Month

Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +10
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-29841 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Race Condition Windows 10 21h2 Windows 10 22h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-29826 HIGH This Month

Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Dataverse
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2025-27468 HIGH This Month

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2025-0035 HIGH This Month

Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE
NVD
CVSS 3.1
7.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy