Skip to main content
CVE-2025-49571 HIGH This Month

Substance3D - Modeler versions 1.22.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Substance 3d Modeler
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49570 HIGH This Month

Photoshop Desktop versions 25.12.3, 26.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49561 HIGH This Month

Animate versions 23.0.12, 24.0.9 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service RCE Use After Free Animate
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49569 HIGH This Month

Substance3D - Viewer versions 0.25 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Substance 3d Viewer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-49560 HIGH This Month

Substance3D - Viewer versions 0.25 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow RCE Substance 3d Viewer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36000 MEDIUM Monitor

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Websphere Application Server
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-55168 CRITICAL POC Act Now

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Wegia
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2025-49813 HIGH This Month

An improper neutralization of special elements used in an OS Command ("OS Command Injection") vulnerability [CWE-78] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a remote and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiadc
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-47857 MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') vulnerability [CWE-78] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet RCE Fortiweb
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-43734 MEDIUM PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-36124 MEDIUM This Month

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Websphere Application Server
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-32932 MEDIUM This Month

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Fortisoar
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-32766 MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Fortinet Stack Overflow RCE Fortiweb
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-27759 MEDIUM This Month

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-52964 MEDIUM This Month

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortimanager Fortimanager Cloud
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-48892 MEDIUM This Month

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortisoar
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-40588 MEDIUM Monitor

Multiple relative path traversal vulnerabilities [CWE-23] vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Path Traversal Forticamera Firmware Fortimail Fortindr +2
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-53793 HIGH This Month

Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Path Traversal Azure Stack Hub
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-53789 HIGH This Month

Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53781 HIGH This Month

Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Ecesv6 Series Azure Vm Firmware Dcesv6 Series Azure Vm Firmware Nccadsh100V5 Series Azure Vm Firmware +8
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2025-53779 HIGH This Month

Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Windows Server 2025 Windows
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-53778 HIGH CERT-EU This Month

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-53773 HIGH POC This Month

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-53772 HIGH This Month

Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Web Deploy 4 0
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2025-53769 MEDIUM This Month

External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Security App Windows
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53766 CRITICAL CERT-EU This Week

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Office Windows 10 1507 +15
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-53765 MEDIUM Monitor

Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Azure App Service On Azure Stack
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-53761 HIGH This Month

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53760 HIGH This Month

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-53759 HIGH This Month

Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53741 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53740 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-53739 HIGH This Month

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Authentication Bypass Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53738 HIGH This Month

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53737 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53736 MEDIUM This Month

Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-53735 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53734 HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53733 HIGH CERT-EU This Month

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-53732 HIGH This Month

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Office
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53731 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-53730 HIGH This Month

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53148 MEDIUM This Month

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +5
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2025-53137 HIGH This Month

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 10 1507 +15
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53136 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-53135 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-53134 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2025-53133 HIGH This Month

Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8). No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft Windows 11 24h2 +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-50171 CRITICAL This Week

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Windows Server 2022 Windows Server 2022 23h2 Windows Server 2025 Microsoft
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-49762 HIGH This Month

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Microsoft Race Condition Windows 10 1507 Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.0%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy