Skip to main content
CVE-2025-54209 HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54208 HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54207 HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54206 HIGH This Month

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-54187 HIGH This Month

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49573 HIGH This Month

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49572 HIGH This Month

Substance3D - Modeler versions 1.22.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49571 HIGH This Month

Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49570 HIGH This Month

Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49561 HIGH This Month

Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Animate
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49569 HIGH This Month

Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Viewer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49560 HIGH This Month

Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Substance 3d Viewer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49813 HIGH This Month

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiadc
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-53793 HIGH This Month

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Path Traversal Azure Stack Hub
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53789 HIGH This Month

Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53781 HIGH This Month

Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Ecesv6 Series Azure Vm Firmware Dcesv6 Series Azure Vm Firmware Nccadsh100V5 Series Azure Vm Firmware +8
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-53779 HIGH This Month

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows Server 2025 Windows
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-53778 HIGH CERT-EU This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-53773 HIGH POC This Month

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-53772 HIGH This Month

Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Web Deploy 4 0
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2025-53761 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53760 HIGH This Month

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-53759 HIGH This Month

Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53741 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53740 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-53739 HIGH This Month

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Authentication Bypass Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53738 HIGH This Month

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53737 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53735 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53734 HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53733 HIGH CERT-EU This Month

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-53732 HIGH This Month

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Office
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53731 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-53730 HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53137 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53135 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53134 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53133 HIGH This Month

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 11 24h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49762 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-49761 HIGH This Month

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49757 HIGH This Month

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012 +6
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-49712 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2025-49707 HIGH This Month

Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Ecesv6 Series Azure Vm Firmware Dcesv6 Series Azure Vm Firmware Nccadsh100V5 Series Azure Vm Firmware +8
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2025-49557 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Commerce B2b Magento
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-49556 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-49555 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Adobe Authentication Bypass Privilege Escalation Information Disclosure +3
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-49554 HIGH PATCH This Month

Adobe Commerce versions 2.4.9-alpha1, 2.4.8-p1, 2.4.7-p6, 2.4.6-p11, 2.4.5-p13, 2.4.4-p14 and earlier are affected by an Improper Input Validation vulnerability that could lead to application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Commerce Commerce B2b Magento
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-24999 HIGH This Month

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-20625 HIGH This Month

Improper conditions check for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.110.0.5 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Intel Windows
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-20109 HIGH PATCH This Month

Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Intel Suse
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy