Skip to main content
CVE-2025-4428 HIGH POC KEV EUVD KEV THREAT CERT-EU Act Now

Ivanti Endpoint Manager Mobile (EPMM) contains an authenticated code injection in the API component, allowing authenticated attackers to execute arbitrary code through crafted API requests.

RCE Code Injection Ivanti Endpoint Manager Mobile
NVD
CVSS 3.1
7.2
EPSS
45.3%
Threat
5.8
CVE-2024-48766 HIGH POC THREAT Act Now

NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 75.0%.

PHP Path Traversal Netalertx
NVD
CVSS 3.1
8.6
EPSS
75.0%
Threat
5.5
CVE-2025-30397 HIGH POC KEV THREAT Act Now

Microsoft Scripting Engine contains a type confusion vulnerability allowing unauthorized remote code execution over the network through crafted content processed by the scripting engine.

Microsoft Memory Corruption Authentication Bypass Windows 10 1507 Windows 10 1607 +13
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
21.3%
CVE-2025-32706 HIGH POC KEV THREAT Act Now

Windows CLFS Driver contains an input validation flaw enabling local privilege escalation, yet another CLFS kernel vulnerability in the May 2025 Patch Tuesday.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2025-32701 HIGH KEV THREAT Act Now

Windows Common Log File System Driver contains another use-after-free for local privilege escalation, the latest in a series of CLFS kernel vulnerabilities exploited throughout 2023-2025.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2025-32709 HIGH KEV THREAT Act Now

Windows Ancillary Function Driver for WinSock contains a use-after-free enabling local privilege escalation through a null pointer dereference, exploited in May 2025.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1507 +15
NVD VulDB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-30400 HIGH KEV THREAT Act Now

Windows Desktop Window Manager (DWM) contains a use-after-free enabling local privilege escalation, exploited in the wild in May 2025 as another DWM zero-day.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 10 1809 +10
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-4396 HIGH POC THREAT Act Now

The Relevanssi - A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 (Free) and <=. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.2% and no vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
25.2%
CVE-2025-26677 HIGH Act Now

Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 37.9% and no vendor patch available.

Denial Of Service Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2 +2
NVD
CVSS 3.1
7.5
EPSS
37.9%
CVE-2025-29962 HIGH This Week

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-4317 HIGH This Week

The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2025-29840 HIGH This Week

Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Stack Overflow Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2025-29971 HIGH This Week

Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Windows 11 22h2 Windows 11 23h2 Windows 11 24h2 +1
NVD
CVSS 3.1
7.5
EPSS
6.7%
CVE-2025-22843 HIGH This Week

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.8). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-24308 HIGH This Week

Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-21094 HIGH This Week

Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-20100 HIGH This Week

Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-20082 HIGH This Week

Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-32704 HIGH This Week

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow 365 Apps Excel Office +1
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2025-30377 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2025-20004 HIGH This Week

Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 8.5). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-20618 HIGH This Week

Stack-based buffer overflow for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Intel Buffer Overflow Denial Of Service Microsoft +2
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-20032 HIGH This Week

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Denial Of Service Proset Wireless Wifi Windows
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-20006 HIGH This Week

Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Rated high severity (CVSS 8.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Intel Denial Of Service Microsoft +2
NVD
CVSS 4.0
8.3
EPSS
0.1%
CVE-2025-22249 HIGH PATCH This Week

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS VMware Aria Automation Cloud Foundation Telco Cloud Platform
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-36292 HIGH This Week

Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Buffer Overflow Denial Of Service Windows
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2025-30382 HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2025-26646 HIGH PATCH This Week

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Build Tools Visual Studio 2022 Net Red Hat +1
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-29975 HIGH This Week

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pc Manager
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2025-30383 HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-30375 HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-32702 HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-30393 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30381 HIGH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30379 HIGH This Week

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30376 HIGH This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-32705 HIGH This Week

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow 365 Apps Office Long Term Servicing Channel
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29970 HIGH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service Windows 11 24h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-24063 HIGH This Week

Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-32707 HIGH This Week

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-22460 HIGH This Week

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Cloud Services Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43571 HIGH This Week

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43549 HIGH This Week

Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption RCE Denial Of Service Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-43572 HIGH This Week

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dimension
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43554 HIGH This Week

Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43553 HIGH This Week

Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43548 HIGH This Week

Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dimension
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43557 HIGH This Week

Animate versions 24.0.8, 23.0.11 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43556 HIGH This Week

Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-43555 HIGH This Week

Animate versions 24.0.8, 23.0.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy