Skip to main content
CVE-2025-49704 HIGH POC KEV PATCH THREAT Act Now

Microsoft Office SharePoint contains a code injection vulnerability (CVE-2025-49704, CVSS 8.8) enabling authenticated attackers to execute arbitrary code over the network. KEV-listed with EPSS 63.8%, this vulnerability requires only basic SharePoint authentication and enables server-level code execution, threatening the documents, workflows, and data stored across the organization's SharePoint infrastructure.

Microsoft RCE Code Injection Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
63.8%
Threat
8.7
CVE-2025-48384 HIGH KEV PATCH THREAT Act Now

Git contains a CRLF injection vulnerability (CVE-2025-48384, CVSS 8.0) in its config handling that allows attackers to escape header lines and modify config values. KEV-listed, this vulnerability in the world's most widely used version control system enables config injection attacks that could lead to arbitrary code execution through Git hooks, credential theft, or repository manipulation.

Information Disclosure Ubuntu Debian Git Debian Linux +3
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2025-0928 HIGH POC PATCH This Week

In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.

RCE Authentication Bypass Ubuntu Debian Juju +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2025-7194 HIGH POC This Week

A vulnerability was found in D-Link DI-500WF 17.04.10A1T. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file ip_position.asp of the component jhttpd. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Buffer Overflow Di 500wf Firmware D-Link
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-53513 HIGH POC PATCH This Week

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.

Information Disclosure Ubuntu Debian Juju Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49730 HIGH POC PATCH This Week

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows 10 22h2 +14
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-49683 HIGH POC PATCH This Week

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to execute code locally.

Heap Overflow Buffer Overflow Windows 10 22h2 Windows 10 21h2 Windows 11 24h2 +13
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-48799 HIGH POC PATCH This Week

Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Windows 10 1607 Windows 11 24h2 Windows 11 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-6771 HIGH Act Now

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution

RCE Command Injection Ivanti Endpoint Manager Mobile
NVD
CVSS 3.1
7.2
EPSS
20.8%
CVE-2025-49677 HIGH POC PATCH This Week

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 22h2
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
1.2%
CVE-2025-49744 HIGH POC PATCH This Week

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Microsoft Heap Overflow Buffer Overflow Windows 10 22h2 Windows Server 2016 +11
NVD Exploit-DB
CVSS 3.1
7.0
EPSS
0.9%
CVE-2025-6770 HIGH Act Now

OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution

RCE Command Injection Ivanti Endpoint Manager Mobile
NVD
CVSS 3.1
7.2
EPSS
12.0%
CVE-2025-49716 HIGH PATCH This Week

Uncontrolled resource consumption in Windows Netlogon allows an unauthorized attacker to deny service over a network.

Microsoft Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2022 +4
NVD
CVSS 3.1
7.5
EPSS
8.7%
CVE-2025-49701 HIGH PATCH This Week

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-7327 HIGH PATCH This Week

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.

PHP Google RCE Path Traversal WordPress +3
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-41668 HIGH PATCH This Week

CVE-2025-41668 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-41667 HIGH PATCH This Week

CVE-2025-41667 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-41666 HIGH PATCH This Week

CVE-2025-41666 is a security vulnerability (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-40738 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26572).

Path Traversal Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-40737 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected application does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary files to restricted locations and potentially execute code with elevated privileges (ZDI-CAN-26571).

Path Traversal Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-49724 HIGH PATCH This Week

Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 22h2 +10
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-6746 HIGH This Week

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php files can be uploaded and included.

PHP RCE Information Disclosure WordPress LFI +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-40735 HIGH This Week

A vulnerability has been identified in SINEC NMS (All versions < V4.0). The affected devices are vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.

SQLi Sinec Nms
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47998 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2016 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49740 HIGH PATCH This Week

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2019 Windows 10 22h2 Windows Server 2025 +11
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49753 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2025 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49729 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49688 HIGH PATCH This Week

CVE-2025-49688 is a security vulnerability (CVSS 8.8) that allows an unauthorized attacker. High severity vulnerability requiring prompt remediation.

Microsoft Authentication Bypass Windows Server 2022 Windows Server 2022 23h2 Windows Server 2012 +4
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49676 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49674 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2022 23h2 Windows Server 2022 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49673 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2016 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49672 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49669 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2019 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49668 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49663 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2019 Windows Server 2025 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49657 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2016 Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48824 HIGH PATCH This Week

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Microsoft Heap Overflow Buffer Overflow Windows Server 2012 Windows Server 2008 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49687 HIGH PATCH This Week

Out-of-bounds read in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Microsoft Information Disclosure Buffer Overflow Windows 10 22h2 Windows 11 23h2 +12
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-47986 HIGH PATCH This Week

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Use After Free Memory Corruption Denial Of Service Windows Server 2022 Windows 10 1809 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49723 HIGH PATCH This Week

Missing authorization in Windows StateRepository API allows an authorized attacker to perform tampering locally.

Microsoft Authentication Bypass Windows Server 2019 Windows 10 21h2 Windows Server 2025 +8
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49739 HIGH PATCH This Week

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Authentication Bypass Visual Studio 2017 Visual Studio Visual Studio 2022 Visual Studio 2019
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48817 HIGH PATCH This Week

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Path Traversal Windows 10 21h2 Windows 10 1809 Windows Server 2025 Windows Server 2008 +14
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20686 HIGH This Week

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404.

Heap Overflow RCE Buffer Overflow Software Development Kit Openwrt
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20685 HIGH This Week

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416226; Issue ID: MSV-3409.

Heap Overflow RCE Buffer Overflow Openwrt Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49551 HIGH This Week

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized access to sensitive systems or data. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.

Privilege Escalation Authentication Bypass Coldfusion
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-41224 HIGH This Week

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-25271 HIGH PATCH This Week

A security vulnerability in An unauthenticated adjacent attacker (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Information Disclosure Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-25268 HIGH PATCH This Week

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

Authentication Bypass Charx Sec 3100 Firmware Charx Sec 3150 Firmware Charx Sec 3050 Firmware Charx Sec 3000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-7346 HIGH PATCH GHSA This Week

CVE-2025-7346 is a security vulnerability (CVSS 8.7). High severity vulnerability requiring prompt remediation.

Authentication Bypass Debian
NVD GitHub
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-48822 HIGH PATCH This Week

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Microsoft Information Disclosure Buffer Overflow Windows 11 23h2 Windows Server 2016 +11
NVD
CVSS 3.1
8.6
EPSS
0.1%
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy